82ddc5e238b9a784e964878735562b5d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

82ddc5e238b9a784e964878735562b5d_JaffaCakes118
Size

10.7MB
MD5

82ddc5e238b9a784e964878735562b5d
SHA1

e4401fdcbb3193213b7d0473c05c727d1947e260
SHA256

2d947d7f4b1d9127bc62ad4568d999df09f882a4a45331db6cb55eea63d08397
SHA512

3a877d23992378e382accbb5936d250fcf371f996ccb63c456e7b61351ca5e4795110f7b8cb13eed7380dcfbc7b5ae658e9b18ea7d9f191835ec49fb6f09ac8f
SSDEEP

196608:2M83hEKDUsSYyg1YOa3aAxX0np7xT23vHMfyHeynrb86NhZEiT8f5sMAfxf5JyoS:F83hEASYyIOxX0plIvyLyn06NkiT3d5E

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 3 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack002/$EXEDIR/RegOrganizerPortable/Data/RegKeysV3to5.dll	aspack_v212_v242
static1/unpack002/Data/RegKeysV3to5.dll	aspack_v212_v242
static1/unpack002/RegKeysV3to5.dll	aspack_v212_v242

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Reg.Organizer.7.52key/Reg.Organizer.v7.52.exe
unpack002/$EXEDIR/RegOrganizerPortable/Data/updaterdll.dll
unpack002/$PLUGINSDIR/nsProcess.dll
unpack002/Data/updaterdll.dll
unpack002/updaterdll.dll

Files

82ddc5e238b9a784e964878735562b5d_JaffaCakes118
.zip
Reg.Organizer.7.52key/Reg.Organizer.v7.52.exe
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 948KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 358KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$EXEDIR/RegOrganizerPortable/Data/AppUninstIgnore.bkp.xml
$EXEDIR/RegOrganizerPortable/Data/CloseApplication.dll
.dll windows:4 windows x86 arch:x86

752c0bf2e02537842b0a8b5a66c7851c

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

33:aa:1a:38:88:22:12:a7:3c:2d:de:09:04:4e:48:24:b3:b7:89:bb:a2:27:d2:ca:28:4f:29:ba:c0:54:d0:c7
Signer

Actual PE Digest

33:aa:1a:38:88:22:12:a7:3c:2d:de:09:04:4e:48:24:b3:b7:89:bb:a2:27:d2:ca:28:4f:29:ba:c0:54:d0:c7

Digest Algorithm

sha256

PE Digest Matches

true

73:ff:44:1d:67:f1:7d:8b:49:78:2c:e2:80:28:de:81:1b:b0:51:e8
Signer

Actual PE Digest

73:ff:44:1d:67:f1:7d:8b:49:78:2c:e2:80:28:de:81:1b:b0:51:e8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegFlushKey
RegOpenKeyExW
RegQueryValueExW

kernel32

CloseHandle
CompareStringW
CreateEventW
CreateFileA
CreateFileW
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
EnumCalendarInfoW
ExitProcess
ExitThread
FindClose
FindFirstFileW
FindResourceW
FormatMessageW
FreeEnvironmentStringsA
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceW
GetEnvironmentStrings
GetExitCodeThread
GetFileAttributesA
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemInfo
GetThreadLocale
GetTickCount
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVersionExW
GlobalAddAtomW
GlobalDeleteAtom
GlobalFindAtomW
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LockResource
MulDiv
MultiByteToWideChar
OpenEventW
OpenProcess
RaiseException
ReadFile
ResetEvent
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SignalObjectAndWait
SizeofResource
Sleep
SwitchToThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
VirtualQueryEx
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcpyW
lstrcpynW
lstrlenW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

comctl32

FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Read
ImageList_Remove
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_Write
InitializeFlatSB
_TrackMouseEvent

gdi32

BitBlt
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateDIBitmap
CreateFontIndirectW
CreateHalftonePalette
CreatePalette
CreatePenIndirect
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
ExcludeClipRect
FrameRgn
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDCOrgEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetObjectW
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32W
GetTextMetricsW
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
RealizePalette
RectVisible
RestoreDC
SaveDC
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetPixel
SetROP2
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWindowOrgEx
StretchBlt
UnrealizeObject

msimg32

AlphaBlend

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginPaint
CallNextHookEx
CallWindowProcW
CharLowerW
CharNextW
CharUpperBuffW
CheckMenuItem
ClientToScreen
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExW
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextExW
DrawTextW
EnableMenuItem
EnableScrollBar
EnableWindow
EndPaint
EnumChildWindows
EnumThreadWindows
EnumWindows
FillRect
FindWindowExW
FindWindowW
FrameRect
GetActiveWindow
GetCapture
GetClassInfoW
GetClassLongW
GetClientRect
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameW
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuState
GetMenuStringW
GetMessagePos
GetParent
GetPropW
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
InflateRect
InsertMenuItemW
InsertMenuW
IntersectRect
InvalidateRect
IsChild
IsDialogMessageA
IsDialogMessageW
IsIconic
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapW
LoadCursorW
LoadIconW
LoadKeyboardLayoutW
LoadStringW
MapVirtualKeyW
MapWindowPoints
MessageBoxA
MessageBoxW
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
OffsetRect
PeekMessageA
PeekMessageW
PostMessageW
PostQuitMessage
RedrawWindow
RegisterClassW
RegisterClipboardFormatW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropW
ScreenToClient
ScrollWindow
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetClassLongW
SetCursor
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoW
SetParent
SetPropW
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowsHookExW
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UpdateWindow
WaitMessage
WindowFromPoint
wsprintfA

ole32

CoInitialize
CoUninitialize
OleInitialize
OleUninitialize

oleaut32

GetErrorInfo
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameA

Exports

Exports

CloseApplication
IsApplicationExecuted
___CPPdebugHook

Sections

.text
Size: 508KB - Virtual size: 508KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$EXEDIR/RegOrganizerPortable/Data/Documentation/English/Documentation.chm
.chm
$EXEDIR/RegOrganizerPortable/Data/Documentation/Russian/Documentation.chm
.chm
$EXEDIR/RegOrganizerPortable/Data/HardwareConstant.dll
.dll windows:5 windows x86 arch:x86

abcf51cc9ff3a4143d084b02d70ceb69

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

32:8a:11:fc:58:09:6a:a6:32:ee:4d:a8:02:27:ed:b4:bd:34:94:16:5c:af:65:95:64:1b:0c:b3:a0:d7:f1:5e
Signer

Actual PE Digest

32:8a:11:fc:58:09:6a:a6:32:ee:4d:a8:02:27:ed:b4:bd:34:94:16:5c:af:65:95:64:1b:0c:b3:a0:d7:f1:5e

Digest Algorithm

sha256

PE Digest Matches

true

5d:90:5d:59:e8:93:6e:7b:b6:41:fc:d5:8c:11:06:8b:35:c1:38:fe
Signer

Actual PE Digest

5d:90:5d:59:e8:93:6e:7b:b6:41:fc:d5:8c:11:06:8b:35:c1:38:fe

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\work\HardwareID\Release\HardwareConstant.pdb

Imports

kernel32

DeviceIoControl
GetVolumePathNameW
MultiByteToWideChar
GetLastError
CloseHandle
CreateFileW
WriteConsoleW
FormatMessageW
LoadLibraryW
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
WideCharToMultiByte
GetStringTypeW
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
HeapAlloc
GetCPInfo
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetProcAddress
HeapCreate
HeapDestroy
WriteFile
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
ExitProcess
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapSize
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
HeapReAlloc
SetStdHandle

user32

wsprintfW

advapi32

CryptGetHashParam
CryptHashData
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptDestroyHash

shell32

SHGetSpecialFolderPathW

Exports

Exports

GetHardwareConstant
GetHardwareInfo
HardwareConstantUnitTest

Sections

.text
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$EXEDIR/RegOrganizerPortable/Data/HelperFor64Bits.exe
.exe windows:5 windows x64 arch:x64

4201638a3137bdf5091beba1ceceec76

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

71:4f:fc:65:79:97:59:56:f0:a5:11:c2:b8:9a:ce:5c:82:79:93:6c:23:53:84:b9:3e:a5:b3:cf:76:a4:d6:02
Signer

Actual PE Digest

71:4f:fc:65:79:97:59:56:f0:a5:11:c2:b8:9a:ce:5c:82:79:93:6c:23:53:84:b9:3e:a5:b3:cf:76:a4:d6:02

Digest Algorithm

sha256

PE Digest Matches

true

c7:72:e9:0b:60:17:89:88:94:2d:96:be:1f:82:a0:45:77:10:24:fc
Signer

Actual PE Digest

c7:72:e9:0b:60:17:89:88:94:2d:96:be:1f:82:a0:45:77:10:24:fc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorSacl
GetTokenInformation
GetUserNameW
IsValidSecurityDescriptor
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegConnectRegistryW
RegCreateKeyExW
RegDeleteKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegLoadKeyW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryMultipleValuesW
RegQueryValueExW
RegReplaceKeyW
RegRestoreKeyW
RegSaveKeyW
RegSetValueExW
RegUnLoadKeyW
SetNamedSecurityInfoW

kernel32

AddVectoredExceptionHandler
CloseHandle
CompareStringA
CompareStringW
CreateDirectoryA
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateProcessW
CreateThread
DeleteCriticalSection
DeleteFileA
DeleteFileW
DuplicateHandle
EnterCriticalSection
EnumCalendarInfoW
EnumResourceNamesW
EnumSystemLocalesW
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceA
FindResourceW
FlushViewOfFile
FormatMessageW
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCPInfoExW
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDateFormatW
GetDiskFreeSpaceW
GetEnvironmentStrings
GetEnvironmentStringsW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileInformationByHandle
GetFileSize
GetFileSizeEx
GetFileTime
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetLogicalDriveStringsW
GetLongPathNameW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeExA
GetStringTypeExW
GetStringTypeW
GetSystemDefaultLangID
GetSystemDefaultUILanguage
GetSystemInfo
GetTempFileNameW
GetTempPathW
GetThreadLocale
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetUserDefaultUILanguage
GetVersion
GetVersionExA
GetVersionExW
GetWindowsDirectoryW
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomW
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LockResource
MapViewOfFile
MulDiv
MultiByteToWideChar
OpenFileMappingW
OpenProcess
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
RemoveDirectoryA
RemoveDirectoryW
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlCaptureContext
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
SetThreadLocale
SetThreadPriority
SizeofResource
Sleep
SuspendThread
SwitchToThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
VirtualQueryEx
WaitForMultipleObjects
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpW
lstrlenW
RtlRestoreContext
RtlUnwindEx

netapi32

NetApiBufferFree
NetUserGetInfo
NetWkstaGetInfo

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winspool.drv

ClosePrinter
DocumentPropertiesW
EnumPrintersW
GetDefaultPrinterW
OpenPrinterW

comctl32

FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
ImageList_Add
ImageList_BeginDrag
ImageList_Copy
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_LoadImageW
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_SetOverlayImage
ImageList_Write
InitCommonControls
InitializeFlatSB
_TrackMouseEvent

gdi32

AbortDoc
AddFontMemResourceEx
AngleArc
Arc
ArcTo
BitBlt
Chord
CombineRgn
CopyEnhMetaFileW
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateDIBitmap
CreateFontIndirectW
CreateHalftonePalette
CreateICW
CreatePalette
CreatePenIndirect
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
Ellipse
EndDoc
EndPage
EnumFontFamiliesExW
EnumFontsW
ExcludeClipRect
ExtFloodFill
ExtTextOutW
FrameRgn
GdiFlush
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileDescriptionW
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetNearestPaletteIndex
GetObjectW
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetStretchBltMode
GetSystemPaletteEntries
GetTextExtentPoint32W
GetTextExtentPointW
GetTextMetricsW
GetWinMetaFileBits
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
Pie
PlayEnhMetaFile
PolyBezier
PolyBezierTo
Polygon
Polyline
RealizePalette
RectVisible
Rectangle
ResizePalette
RestoreDC
RoundRect
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetAbortProc
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetDIBits
SetEnhMetaFileBits
SetMapMode
SetPixel
SetROP2
SetRectRgn
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWinMetaFileBits
SetWindowOrgEx
StartDocW
StartPage
StretchBlt
StretchDIBits
UnrealizeObject

shell32

CommandLineToArgvW
ExtractAssociatedIconW
ExtractIconW
SHFileOperationW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginPaint
CallNextHookEx
CallWindowProcW
CharLowerBuffA
CharLowerBuffW
CharLowerW
CharNextW
CharUpperBuffA
CharUpperBuffW
CharUpperW
CheckMenuItem
ChildWindowFromPoint
ClientToScreen
CloseClipboard
CopyIcon
CopyImage
CreateAcceleratorTableW
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExW
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextExW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndMenu
EndPaint
EnumChildWindows
EnumDisplayMonitors
EnumThreadWindows
EnumWindows
ExitWindowsEx
FillRect
FindWindowExW
FindWindowW
FrameRect
GetActiveWindow
GetCapture
GetClassInfoExW
GetClassInfoW
GetClassNameW
GetClientRect
GetClipboardData
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDlgCtrlID
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameW
GetKeyboardState
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuState
GetMenuStringW
GetMessageExtraInfo
GetMessagePos
GetMonitorInfoW
GetParent
GetPropW
GetScrollBarInfo
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetUpdateRect
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
HideCaret
InsertMenuItemW
InsertMenuW
InvalidateRect
IsChild
IsDialogMessageA
IsDialogMessageW
IsIconic
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapW
LoadCursorW
LoadIconW
LoadKeyboardLayoutW
LoadStringA
LoadStringW
LockWindowUpdate
MapVirtualKeyW
MapWindowPoints
MessageBeep
MessageBoxW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
OpenClipboard
PeekMessageA
PeekMessageW
PostMessageW
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassW
RegisterClipboardFormatW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropW
ScreenToClient
ScrollWindow
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoW
SetParent
SetPropW
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowCaret
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UpdateWindow
WaitMessage
WindowFromPoint
mouse_event
GetClassLongPtrW
GetWindowLongPtrW
SetClassLongPtrW
SetWindowLongPtrW
wsprintfA

winmm

timeBeginPeriod

ole32

CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoFreeUnusedLibraries
CoInitialize
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
IsEqualGUID
OleInitialize
OleUninitialize

oleaut32

GetActiveObject
GetErrorInfo
SafeArrayAccessData
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetVartype
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SafeArrayUnaccessData
SysAllocString
SysAllocStringLen
SysFreeString
SysReAllocStringLen
SysStringLen
VariantChangeType
VariantClear
VariantCopy
VariantCopyInd
VariantInit

wininet

FindCloseUrlCache
FindFirstUrlCacheEntryW
FindNextUrlCacheEntryW
InternetQueryOptionW

shlwapi

StrCmpLogicalW

Exports

Exports

_ZTR20TCloseProgramWaiting
_ZTRN11debug_stuff8internal12TIdleHandlerE
_ZTRN15RegistryTracing10TRegNotify5TImplE
_ZTRN15RegistryTracing17TRegSnapShotAsync5TImplE
_ZTRN15RegistryTracing20TProgressObservation5TImplE
_ZTRN15RegistryTracing22TSeparateThreadCapture5TImplE
__CPPdebugHook

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 298KB - Virtual size: 523KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 484KB - Virtual size: 484KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$EXEDIR/RegOrganizerPortable/Data/IgnoreDiskCleaner.bkp.xml
$EXEDIR/RegOrganizerPortable/Data/IgnoreRegCleaner.bkp.xml
$EXEDIR/RegOrganizerPortable/Data/InstallerTracingAgent.dll
.dll windows:4 windows x86 arch:x86

a0eb8587af0f242e7f235f5d2a73f1e5

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1d:c2:44:64:ff:c5:93:59:a5:1c:99:9b:84:34:fd:83:0b:6f:1e:86:43:85:ee:b7:4f:f7:1d:01:a6:b1:a6:c6
Signer

Actual PE Digest

1d:c2:44:64:ff:c5:93:59:a5:1c:99:9b:84:34:fd:83:0b:6f:1e:86:43:85:ee:b7:4f:f7:1d:01:a6:b1:a6:c6

Digest Algorithm

sha256

PE Digest Matches

true

aa:c0:f6:ab:a4:ee:2d:62:91:6c:32:df:9b:e3:20:c2:e0:25:80:6a
Signer

Actual PE Digest

aa:c0:f6:ab:a4:ee:2d:62:91:6c:32:df:9b:e3:20:c2:e0:25:80:6a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegFlushKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW

kernel32

CloseHandle
CompareStringW
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileW
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
EnumCalendarInfoW
ExitProcess
ExitThread
FindClose
FindFirstFileW
FindResourceW
FormatMessageW
FreeEnvironmentStringsA
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceW
GetEnvironmentStrings
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetLogicalDriveStringsW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemInfo
GetThreadLocale
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVersionExW
GlobalAddAtomW
GlobalDeleteAtom
GlobalFindAtomW
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LockResource
MulDiv
MultiByteToWideChar
OpenMutexW
OpenProcess
QueryDosDeviceW
RaiseException
ReadFile
ResetEvent
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SignalObjectAndWait
SizeofResource
Sleep
SwitchToThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
VirtualQueryEx
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcpyW
lstrcpynW
lstrlenW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

comctl32

FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Read
ImageList_Remove
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_Write
InitializeFlatSB
_TrackMouseEvent

gdi32

BitBlt
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateDIBitmap
CreateFontIndirectW
CreateHalftonePalette
CreatePalette
CreatePenIndirect
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
ExcludeClipRect
FrameRgn
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDCOrgEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetObjectW
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32W
GetTextMetricsW
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
RealizePalette
RectVisible
RestoreDC
SaveDC
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetPixel
SetROP2
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWindowOrgEx
StretchBlt
UnrealizeObject

msimg32

AlphaBlend

shell32

SHGetSpecialFolderPathW
ShellExecuteW

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginPaint
CallNextHookEx
CallWindowProcW
CharLowerW
CharNextW
CharUpperBuffW
CheckMenuItem
ClientToScreen
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExW
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextExW
DrawTextW
EnableMenuItem
EnableScrollBar
EnableWindow
EndPaint
EnumChildWindows
EnumThreadWindows
EnumWindows
FillRect
FindWindowExW
FindWindowW
FrameRect
GetActiveWindow
GetCapture
GetClassInfoW
GetClassLongW
GetClientRect
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameW
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuState
GetMenuStringW
GetMessagePos
GetParent
GetPropW
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
InflateRect
InsertMenuItemW
InsertMenuW
IntersectRect
InvalidateRect
IsChild
IsDialogMessageA
IsDialogMessageW
IsIconic
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapW
LoadCursorW
LoadIconW
LoadKeyboardLayoutW
LoadStringW
MapVirtualKeyW
MapWindowPoints
MessageBoxA
MessageBoxW
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
OffsetRect
PeekMessageA
PeekMessageW
PostMessageA
PostMessageW
PostQuitMessage
RedrawWindow
RegisterClassW
RegisterClipboardFormatW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropW
ScreenToClient
ScrollWindow
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetClassLongW
SetCursor
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoW
SetParent
SetPropW
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowsHookExW
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UpdateWindow
WaitMessage
WindowFromPoint
wsprintfA
wsprintfW

ole32

CoCreateInstance
CoInitialize
CoUninitialize
OleInitialize
OleUninitialize

oleaut32

CreateErrorInfo
GetErrorInfo
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SetErrorInfo
SysAllocString
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit

psapi

GetProcessImageFileNameW

Exports

Exports

@@Installertracingagentshared@Finalize
@@Installertracingagentshared@Initialize
@@Simplefunctions@Finalize
@@Simplefunctions@Initialize
DisableInstallerTracingAgent
EnableInstallerTracingAgentEx
FreeAgentSettingsStructure
GetInstallerTracingAgentSettings
IsInstallerTracingAgentEnabled
IsInstallerTracingAgentWorking
LoadInstallerTracingAgent
SetInstallerTracingAgentSettings
UnloadInstallerTracingAgent
___CPPdebugHook

Sections

.text
Size: 646KB - Virtual size: 648KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$EXEDIR/RegOrganizerPortable/Data/Languages/French-7.16.sib
$EXEDIR/RegOrganizerPortable/Data/Languages/Korean-7.16.sib.sib
$EXEDIR/RegOrganizerPortable/Data/Languages/Portuguese(pt-BR)-7.16.sib
$EXEDIR/RegOrganizerPortable/Data/Languages/Portuguese(pt-PT)-7.16.sib
$EXEDIR/RegOrganizerPortable/Data/Languages/Ukrainian.sib
$EXEDIR/RegOrganizerPortable/Data/Languages/russian.sib
$EXEDIR/RegOrganizerPortable/Data/OptimizationAnimation.avi
$EXEDIR/RegOrganizerPortable/Data/ProgramDataStorage.const
$EXEDIR/RegOrganizerPortable/Data/QuickRegEditorLaunch.dll
.dll windows:4 windows x86 arch:x86

7405a696a67b74e0c3f208639b333285

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a0:90:c3:6b:ae:46:3f:30:0f:04:6a:55:3e:cb:7b:76:12:20:06:0e:b0:25:94:c6:d8:05:3a:71:a5:75:cf:e0
Signer

Actual PE Digest

a0:90:c3:6b:ae:46:3f:30:0f:04:6a:55:3e:cb:7b:76:12:20:06:0e:b0:25:94:c6:d8:05:3a:71:a5:75:cf:e0

Digest Algorithm

sha256

PE Digest Matches

true

2d:38:d5:c1:db:1a:53:3d:eb:6f:4b:76:31:21:59:96:c3:aa:0f:78
Signer

Actual PE Digest

2d:38:d5:c1:db:1a:53:3d:eb:6f:4b:76:31:21:59:96:c3:aa:0f:78

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegFlushKey
RegOpenKeyExW
RegQueryValueExW

kernel32

CloseHandle
CompareStringW
CreateEventW
CreateFileA
CreateFileW
CreateThread
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
EnumCalendarInfoW
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindClose
FindFirstFileW
FindNextFileW
FindResourceW
FormatMessageW
FreeEnvironmentStringsA
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceW
GetEnvironmentStrings
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemInfo
GetThreadLocale
GetTickCount
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVersionExW
GlobalAddAtomW
GlobalDeleteAtom
GlobalFindAtomW
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LockResource
MulDiv
MultiByteToWideChar
RaiseException
ReadFile
ResetEvent
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SignalObjectAndWait
SizeofResource
Sleep
SwitchToThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
VirtualQueryEx
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcpyW
lstrcpynW
lstrlenW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

comctl32

FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Read
ImageList_Remove
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_Write
InitializeFlatSB
_TrackMouseEvent

gdi32

BitBlt
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateDIBitmap
CreateFontIndirectW
CreateHalftonePalette
CreatePalette
CreatePenIndirect
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
ExcludeClipRect
FrameRgn
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDCOrgEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetObjectW
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32W
GetTextMetricsW
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
RealizePalette
RectVisible
RestoreDC
SaveDC
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetPixel
SetROP2
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWindowOrgEx
StretchBlt
UnrealizeObject

msimg32

AlphaBlend

shell32

SHGetSpecialFolderPathW

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginPaint
CallNextHookEx
CallWindowProcW
CharLowerBuffW
CharLowerW
CharNextW
CharUpperBuffW
CheckMenuItem
ClientToScreen
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExW
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextExW
DrawTextW
EnableMenuItem
EnableScrollBar
EnableWindow
EndPaint
EnumChildWindows
EnumThreadWindows
EnumWindows
FillRect
FindWindowExW
FindWindowW
FrameRect
GetActiveWindow
GetCapture
GetClassInfoW
GetClassLongW
GetClientRect
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameW
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuState
GetMenuStringW
GetMessagePos
GetParent
GetPropW
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
InflateRect
InsertMenuItemW
InsertMenuW
IntersectRect
InvalidateRect
IsChild
IsDialogMessageA
IsDialogMessageW
IsIconic
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapW
LoadCursorW
LoadIconW
LoadKeyboardLayoutW
LoadStringW
MapVirtualKeyW
MapWindowPoints
MessageBoxA
MessageBoxW
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
OffsetRect
PeekMessageA
PeekMessageW
PostMessageW
PostQuitMessage
RedrawWindow
RegisterClassW
RegisterClipboardFormatW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropW
ScreenToClient
ScrollWindow
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetClassLongW
SetCursor
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoW
SetParent
SetPropW
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowsHookExW
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UpdateWindow
WaitMessage
WindowFromPoint
wsprintfA

ole32

CoCreateInstance
CoFreeUnusedLibraries
CoInitialize
CoUninitialize
OleInitialize
OleUninitialize

oleaut32

GetErrorInfo
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SysAllocString
SysAllocStringLen
SysFreeString
SysReAllocStringLen
SysStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit

shlwapi

PathCanonicalizeW

Exports

Exports

@@Maindllunit@Finalize
@@Maindllunit@Initialize
@@Simplefunctions@Finalize
@@Simplefunctions@Initialize
DisableRegEditorQuickLaunch
EnableRegEditorQuickLaunchEx
GetRegEditorQuickLaunchInfo
___CPPdebugHook

Sections

.text
Size: 540KB - Virtual size: 544KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 46KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$EXEDIR/RegOrganizerPortable/Data/Readme-Russian.txt
$EXEDIR/RegOrganizerPortable/Data/Readme.txt
$EXEDIR/RegOrganizerPortable/Data/Reg64Call.exe
.exe windows:6 windows x64 arch:x64

55413c38d437f9a627fb69cf8e51fda8

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0f:b8:ca:69:18:d4:27:16:02:77:fc:54:6a:82:3a:11:61:9b:4c:01:aa:c8:6c:46:11:db:bf:e5:cb:d1:e3:9e
Signer

Actual PE Digest

0f:b8:ca:69:18:d4:27:16:02:77:fc:54:6a:82:3a:11:61:9b:4c:01:aa:c8:6c:46:11:db:bf:e5:cb:d1:e3:9e

Digest Algorithm

sha256

PE Digest Matches

true

7d:ad:30:87:4d:e3:59:d5:4e:6f:18:db:44:b8:7a:1a:00:f0:20:6c
Signer

Actual PE Digest

7d:ad:30:87:4d:e3:59:d5:4e:6f:18:db:44:b8:7a:1a:00:f0:20:6c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

\\VBOXSVR\music\tmp\w1\RegistryProjects\WorkWithRegFiles\Reg64Call\x64\Release\Reg64Call.pdb

Imports

kernel32

GetCurrentThread
LoadLibraryW
FreeLibrary
GetProcAddress
GetCommandLineW
SwitchToThread
GetCurrentProcessId
GetLastError
GetModuleFileNameW
GetExitCodeProcess
Sleep
OpenProcess
GetTickCount
GetCurrentProcess
CloseHandle
OpenFileMappingW
CreateFileMappingW
CreateFileW
FlushViewOfFile
VirtualQuery
UnmapViewOfFile
SetThreadPriority
MapViewOfFile
FlushFileBuffers
WriteConsoleW
SetStdHandle
OutputDebugStringW
SetFilePointerEx
WideCharToMultiByte
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetStringTypeW
HeapFree
GetCommandLineA
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
GetCPInfo
HeapAlloc
IsProcessorFeaturePresent
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
IsDebuggerPresent
ExitProcess
GetModuleHandleExW
HeapSize
GetProcessHeap
GetCurrentThreadId
GetStdHandle
GetFileType
GetModuleFileNameA
WriteFile
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetACP
GetOEMCP
HeapReAlloc
LoadLibraryExW
GetConsoleCP
GetConsoleMode

advapi32

RegCloseKey
AdjustTokenPrivileges
RegEnumKeyExW
RegFlushKey
RegNotifyChangeKeyValue
RegOpenKeyExW
RegEnumValueW
RegSaveKeyExW
RegDeleteValueW
LookupPrivilegeValueW
RegSaveKeyW
RegDeleteKeyW
RegReplaceKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyExW
RegQueryMultipleValuesW
RegRestoreKeyW
OpenProcessToken
RegSetValueExW

shell32

CommandLineToArgvW

winmm

timeBeginPeriod

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$EXEDIR/RegOrganizerPortable/Data/RegKeysV3to5.dll
.dll windows:4 windows x86 arch:x86

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4a:db:46:91:48:61:d7:2d:72:e0:f7:09:36:0c:bd:ed:01:9b:01:4d:d6:0e:e4:15:b4:c8:91:e1:66:ea:7b:50
Signer

Actual PE Digest

4a:db:46:91:48:61:d7:2d:72:e0:f7:09:36:0c:bd:ed:01:9b:01:4d:d6:0e:e4:15:b4:c8:91:e1:66:ea:7b:50

Digest Algorithm

sha256

PE Digest Matches

true

3f:85:95:82:ad:4c:b2:16:14:58:22:c8:90:83:b3:51:17:b3:b7:49
Signer

Actual PE Digest

3f:85:95:82:ad:4c:b2:16:14:58:22:c8:90:83:b3:51:17:b3:b7:49

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

@@Maindllunit@Finalize
@@Maindllunit@Initialize
GetRegKeysForV3to5Info
___CPPdebugHook

Sections

Size: 206KB - Virtual size: 512KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 9KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 21KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 324KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$EXEDIR/RegOrganizerPortable/Data/RegOrganizer.exe
.exe windows:4 windows x86 arch:x86

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

49:2d:0c:fa:8c:2d:7c:ed:70:b3:79:a3:7e:e9:82:25:b4:c1:5d:6a:5b:5b:2b:33:ef:88:b8:e6:8d:6e:86:79
Signer

Actual PE Digest

49:2d:0c:fa:8c:2d:7c:ed:70:b3:79:a3:7e:e9:82:25:b4:c1:5d:6a:5b:5b:2b:33:ef:88:b8:e6:8d:6e:86:79

Digest Algorithm

sha256

PE Digest Matches

true

ba:3c:ce:4b:11:3f:9e:41:44:0c:bb:46:1e:5f:b1:ec:9e:29:a4:c4
Signer

Actual PE Digest

ba:3c:ce:4b:11:3f:9e:41:44:0c:bb:46:1e:5f:b1:ec:9e:29:a4:c4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

@$xp$11TRegistryEx
@$xp$19TTabSheetWithButton
@$xp$22TPageControlWithButton
@@Aboutunit@Finalize
@@Aboutunit@Initialize
@@Addtofavoritesandcommentseditingunit@Finalize
@@Addtofavoritesandcommentseditingunit@Initialize
@@Applicationsuninstallergear@Finalize
@@Applicationsuninstallergear@Initialize
@@Applicationsuninstallerunit@Finalize
@@Applicationsuninstallerunit@Initialize
@@Apptracesfinder@Finalize
@@Apptracesfinder@Initialize
@@Automaticregistrycleanupresultsunit@Finalize
@@Automaticregistrycleanupresultsunit@Initialize
@@Automaticregistrycleanupunit@Finalize
@@Automaticregistrycleanupunit@Initialize
@@Bifactorialprogress@Finalize
@@Bifactorialprogress@Initialize
@@Binaryvalueunit@Finalize
@@Binaryvalueunit@Initialize
@@Browserscleanup@Finalize
@@Browserscleanup@Initialize
@@Buylinksunit@Finalize
@@Buylinksunit@Initialize
@@Changelognotationconventionsunit@Finalize
@@Changelognotationconventionsunit@Initialize
@@Changelogsviewerunit@Finalize
@@Changelogsviewerunit@Initialize
@@Changelogwizardunit@Finalize
@@Changelogwizardunit@Initialize
@@Checkforupdate@Finalize
@@Checkforupdate@Initialize
@@Comboboxwithimage@Finalize
@@Comboboxwithimage@Initialize
@@Complexfunctions@Finalize
@@Complexfunctions@Initialize
@@Crccalculation@Finalize
@@Crccalculation@Initialize
@@Createregistrysnapshotunit@Finalize
@@Createregistrysnapshotunit@Initialize
@@Debugstuff@Finalize
@@Debugstuff@Initialize
@@Didyouknowunit@Finalize
@@Didyouknowunit@Initialize
@@Digitalsignature@Finalize
@@Digitalsignature@Initialize
@@Diskcleanupframeunit@Finalize
@@Diskcleanupframeunit@Initialize
@@Diskcleanupgear@Finalize
@@Diskcleanupgear@Initialize
@@Diskcleanupresultsunit@Finalize
@@Diskcleanupresultsunit@Initialize
@@Draganddroparea@Finalize
@@Draganddroparea@Initialize
@@Entrychangingunit@Finalize
@@Entrychangingunit@Initialize
@@Findappbyshortcutunit@Finalize
@@Findappbyshortcutunit@Initialize
@@Gdishared@Finalize
@@Gdishared@Initialize
@@Getdocumentfromurlunit@Finalize
@@Getdocumentfromurlunit@Initialize
@@Getinstalledprogramversionsnew@Finalize
@@Getinstalledprogramversionsnew@Initialize
@@Helperfor64bits@Finalize
@@Helperfor64bits@Initialize
@@Highlighting@Finalize
@@Highlighting@Initialize
@@Ignorelistsfilemasks@Finalize
@@Ignorelistsfilemasks@Initialize
@@Integervalueunit@Finalize
@@Integervalueunit@Initialize
@@Isfilecannotberemovedunit@Finalize
@@Isfilecannotberemovedunit@Initialize
@@Keypropertiesunit@Finalize
@@Keypropertiesunit@Initialize
@@Keysecuritysuspendunit@Finalize
@@Keysecuritysuspendunit@Initialize
@@Mainunit@Finalize
@@Mainunit@Initialize
@@Mixedfunctions@Finalize
@@Mixedfunctions@Initialize
@@Multilanguagesupport@Finalize
@@Multilanguagesupport@Initialize
@@Multistringvalueunit@Finalize
@@Multistringvalueunit@Initialize
@@Nagscreenunit@Finalize
@@Nagscreenunit@Initialize
@@Newignorelistitemunit@Finalize
@@Newignorelistitemunit@Initialize
@@Newstartupitemunit@Finalize
@@Newstartupitemunit@Initialize
@@Newversionavailableunit@Finalize
@@Newversionavailableunit@Initialize
@@Pagecontrolwithbutton@Finalize
@@Pagecontrolwithbutton@Initialize
@@Parseandauxregistryunit@Finalize
@@Parseandauxregistryunit@Initialize
@@Portableversion@Finalize
@@Portableversion@Initialize
@@Programdatastorage@Finalize
@@Programdatastorage@Initialize
@@Recyclebinutils@Finalize
@@Recyclebinutils@Initialize
@@Regfuncwrapunit@Finalize
@@Regfuncwrapunit@Initialize
@@Registrationunit@Finalize
@@Registrationunit@Initialize
@@Registrycleanup@Finalize
@@Registrycleanup@Initialize
@@Registryfavorites@Finalize
@@Registryfavorites@Initialize
@@Registryfavoritesremoveunit@Finalize
@@Registryfavoritesremoveunit@Initialize
@@Registryfileunit@Finalize
@@Registryfileunit@Initialize
@@Registryoptimizationfunctions@Finalize
@@Registryoptimizationfunctions@Initialize
@@Registryoptimizationunit@Finalize
@@Registryoptimizationunit@Initialize
@@Registrysearchprofileunit@Finalize
@@Registrysearchprofileunit@Initialize
@@Registrysnapshotsunit@Finalize
@@Registrysnapshotsunit@Initialize
@@Removefilesfailsafeunit@Finalize
@@Removefilesfailsafeunit@Initialize
@@Retrievenewfilemenu@Finalize
@@Retrievenewfilemenu@Initialize
@@Retrieveopenwithmenu@Finalize
@@Retrieveopenwithmenu@Initialize
@@Revertchangelogresultunit@Finalize
@@Revertchangelogresultunit@Initialize
@@Searchmatchunit@Finalize
@@Searchmatchunit@Initialize
@@Setprivilegies@Finalize
@@Setprivilegies@Initialize
@@Simplefunctions@Finalize
@@Simplefunctions@Initialize
@@Socialshareframeunit@Finalize
@@Socialshareframeunit@Initialize
@@Splashunit@Finalize
@@Splashunit@Initialize
@@Startupgear@Finalize
@@Startupgear@Initialize
@@Startupmanagerframeunit@Finalize
@@Startupmanagerframeunit@Initialize
@@Startupstatistics@Finalize
@@Startupstatistics@Initialize
@@Stringenteringunit@Finalize
@@Stringenteringunit@Initialize
@@Stringvalueunit@Finalize
@@Stringvalueunit@Initialize
@@Subscriptionexpiredunit@Finalize
@@Subscriptionexpiredunit@Initialize
@@Subscriptionreminderunit@Finalize
@@Subscriptionreminderunit@Initialize
@@Tagedatabaseunit@Finalize
@@Tagedatabaseunit@Initialize
@@Tweakschangestateunit@Finalize
@@Tweakschangestateunit@Initialize
@@Tweakscreatetweakunit@Finalize
@@Tweakscreatetweakunit@Initialize
@@Tweaksdocunit@Finalize
@@Tweaksdocunit@Initialize
@@Tweaksexportunit@Finalize
@@Tweaksexportunit@Initialize
@@Tweaksmanagementunit@Finalize
@@Tweaksmanagementunit@Initialize
@@Tweaksregistryvalueeditingunit@Finalize
@@Tweaksregistryvalueeditingunit@Initialize
@@Tweaksunit@Finalize
@@Tweaksunit@Initialize
@@Undoingchangescenterunit@Finalize
@@Undoingchangescenterunit@Initialize
@@Uninstallapplicationunit@Finalize
@@Uninstallapplicationunit@Initialize
@@Unit27@Finalize
@@Unit27@Initialize
@@Unit30@Finalize
@@Unit30@Initialize
@@Unit3@Finalize
@@Unit3@Initialize
@@Unit43@Finalize
@@Unit43@Initialize
@@Visualelements@Finalize
@@Visualelements@Initialize
@TPageControlWithButton@
@TPageControlWithButton@$bctr$qqrp25System@Classes@TComponent
@TPageControlWithButton@Change$qqrv
@TPageControlWithButton@CloseTabImagesChanged$qv
@TPageControlWithButton@Dispatch$qqrpv
@TPageControlWithButton@DrawTab$qqrirx18System@Types@TRecto
@TPageControlWithButton@GetActivePageIndexNew$qqrv
@TPageControlWithButton@GetActivePageNew$qqrv
@TPageControlWithButton@GetCloseTabButtonImageIndex$q43TPageControlWithButton@TCloseTabButtonImage
@TPageControlWithButton@GetPageNew$qqri
@TPageControlWithButton@IsNeedDrawCloseButton$qv
@TPageControlWithButton@IsThemed$qv
@TPageControlWithButton@OnCloseTab$qqrpv
@TPageControlWithButton@OnLButtonDown$qqrr24Winapi@Messages@TWMMouse
@TPageControlWithButton@OnLButtonUp$qqrr24Winapi@Messages@TWMMouse
@TPageControlWithButton@OnMouseLeave$qqrr24Winapi@Messages@TMessage
@TPageControlWithButton@OnMouseMove$qqrr24Winapi@Messages@TWMMouse
@TPageControlWithButton@OnShowingChanged$qqrr24Winapi@Messages@TMessage
@TPageControlWithButton@SetActivePageIndexNew$qqrxi
@TPageControlWithButton@SetActivePageNew$qqrp19TTabSheetWithButton
@TPageControlWithButton@SetCloseTabHotImageIndex$qqri
@TPageControlWithButton@SetCloseTabImageList$qqrp23Vcl@Controls@TImageList
@TPageControlWithButton@SetCloseTabImages$qp26TPageControlCloseTabImages
@TPageControlWithButton@SetCloseTabNormalImageIndex$qqri
@TPageControlWithButton@SetCloseTabPressedImageIndex$qqri
@TPageControlWithButton@UpdateActivePage$qqrv
@TPageControlWithButton@UpdateCloseTabButtonImage$q43TPageControlWithButton@TCloseTabButtonImage
@TPageControlWithButton@UpdateCloseTabButtonImage$qii
@TPageControlWithButton@UpdateTabCaptionBlanks$qv
@TPageControlWithButton@UpdateTabCaptions$qv
@TPageControlWithButton@UpdateTabSheetCaptions$qv
@TRegistryEx@
@TRegistryEx@$bctr$qqrui
@TRegistryEx@$bctr$qqrv
@TRegistryEx@$bdtr$qqrv
@TRegistryEx@ChangeKey$qqr6HKEY64x20System@UnicodeString
@TRegistryEx@CloseKey$qqrv
@TRegistryEx@CreateKey$qqrx20System@UnicodeString
@TRegistryEx@DeleteKey$qqrx20System@UnicodeString
@TRegistryEx@DeleteValue$qqrx20System@UnicodeString
@TRegistryEx@GetBaseKey$qqro
@TRegistryEx@GetData$qqrx20System@UnicodeStringpvir32System@Win@Registry@TRegDataType
@TRegistryEx@GetDataInfo$qqrx20System@UnicodeStringr32System@Win@Registry@TRegDataInfo
@TRegistryEx@GetDataSize$qqrx20System@UnicodeString
@TRegistryEx@GetDataType$qqrx20System@UnicodeString
@TRegistryEx@GetKey$qqrx20System@UnicodeString
@TRegistryEx@GetKeyInfo$qqrr31System@Win@Registry@TRegKeyInfo
@TRegistryEx@GetKeyNames$qqrp23System@Classes@TStrings
@TRegistryEx@GetValueNames$qqrp23System@Classes@TStrings
@TRegistryEx@HasSubKeys$qqrv
@TRegistryEx@IsRelative$qrx20System@UnicodeString
@TRegistryEx@KeyExists$qqrx20System@UnicodeString
@TRegistryEx@MaybeOpenKey$q20System@UnicodeStringoul
@TRegistryEx@OpenKey$qqrx20System@UnicodeStringo
@TRegistryEx@OpenKeyReadOnly$qqrx20System@UnicodeString
@TRegistryEx@PutData$qqrx20System@UnicodeStringpvi32System@Win@Registry@TRegDataType
@TRegistryEx@ReadBinaryData$qqrx20System@UnicodeStringpvi
@TRegistryEx@ReadBool$qqrx20System@UnicodeString
@TRegistryEx@ReadDate$qqrx20System@UnicodeString
@TRegistryEx@ReadDateTime$qqrx20System@UnicodeString
@TRegistryEx@ReadFloat$qqrx20System@UnicodeString
@TRegistryEx@ReadInteger$qqrx20System@UnicodeString
@TRegistryEx@ReadString$qqrx20System@UnicodeString
@TRegistryEx@RenameValue$qqrx20System@UnicodeStringt1
@TRegistryEx@SetCurrentKey$qqr6HKEY64
@TRegistryEx@SetRootKey$qqr6HKEY64
@TRegistryEx@ValueExists$qqrx20System@UnicodeString
@TRegistryEx@WriteBinaryData$qqrx20System@UnicodeStringpvi
@TRegistryEx@WriteBool$qqrx20System@UnicodeStringo
@TRegistryEx@WriteDate$qqrx20System@UnicodeString16System@TDateTime
@TRegistryEx@WriteDateTime$qqrx20System@UnicodeString16System@TDateTime
@TRegistryEx@WriteExpandString$qqrx20System@UnicodeStringt1
@TRegistryEx@WriteFloat$qqrx20System@UnicodeStringd
@TRegistryEx@WriteInteger$qqrx20System@UnicodeStringi
@TRegistryEx@WriteString$qqrx20System@UnicodeStringt1
@TTabSheetWithButton@
@TTabSheetWithButton@$bctr$qqrp25System@Classes@TComponent
@TTabSheetWithButton@GetPageControl$qqrv
@TTabSheetWithButton@GetTextNew$qqrv
@TTabSheetWithButton@IsCloseButton$xqv
@TTabSheetWithButton@SetCloseButton$qqro
@TTabSheetWithButton@SetPageControl$qqrp22TPageControlWithButton
@TTabSheetWithButton@SetTextNew$qqrx20System@UnicodeString
@TTabSheetWithButton@UpdateCaption$qv
TMethodImplementationIntercept
_AboutForm
_AddToFavoritesAndCommentsEditingForm
_ApplicationsUninstallerForm
_AutomaticRegistryCleanupForm
_AutomaticRegistryCleanupResultsForm
_BinaryValueForm
_ChangeLogNotationConventionsForm
_ChangeLogWizardForm
_ChangeLogsViewerForm
_CreateRegistrySnapshotForm
_DidYouKnowForm
_DiskCleanupFrame
_DiskCleanupGearModule
_DiskCleanupResultsForm
_EntryChangingForm
_FindAppByShortcutDataModule
_Form27
_Form3
_Form30
_Form43
_IntegerValueForm
_KeyPropertiesForm
_MainForm
_MixedFunctionsDataModule
_MultiLanguageSupportForm
_MultiStringValueForm
_NagScreenForm
_NewIgnoreListItemForm
_NewStartupItemForm
_NewVersionAvailableForm
_RegistrationForm
_RegistryFavoritesRemoveForm
_RegistryOptimizationForm
_RegistrySearchProfileForm
_RegistrySnapshotsForm
_RevertChangeLogResultForm
_SearchMatchForm
_SocialShareFrame
_SplashForm
_StartupManagerFrame
_StringEnteringForm
_StringValueForm
_SubscriptionExpiredForm
_SubscriptionReminderForm
_TweaksChangeStateForm
_TweaksCreateTweakForm
_TweaksDocDataModule
_TweaksExportForm
_TweaksForm
_TweaksManagementForm
_TweaksRegistryValueEditingForm
_UndoingChangesCenterForm
_UninstallApplicationForm
__GetExceptDLLinfo
___CPPdebugHook
dbkFCallWrapperAddr

Sections

Size: 3.7MB - Virtual size: 14.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 318KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 644KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 320KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$EXEDIR/RegOrganizerPortable/Data/RegOrganizerAgent.exe
.exe windows:4 windows x86 arch:x86

a1142cca2643d4e6a2c6db95ec34dfff

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

d0:53:03:8e:4e:6b:d1:d1:d6:e7:51:22:25:c2:87:2f:1f:0e:c1:2c:38:b2:0f:fa:26:71:ec:d3:43:aa:c4:f2
Signer

Actual PE Digest

d0:53:03:8e:4e:6b:d1:d1:d6:e7:51:22:25:c2:87:2f:1f:0e:c1:2c:38:b2:0f:fa:26:71:ec:d3:43:aa:c4:f2

Digest Algorithm

sha256

PE Digest Matches

true

69:09:23:0f:32:02:13:ba:98:39:c7:af:ce:81:4f:48:49:1e:a7:ee
Signer

Actual PE Digest

69:09:23:0f:32:02:13:ba:98:39:c7:af:ce:81:4f:48:49:1e:a7:ee

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegFlushKey
RegOpenKeyExW
RegQueryValueExW

kernel32

CloseHandle
CompareStringW
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileW
CreateMutexW
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
EnumCalendarInfoW
ExitProcess
ExitThread
FindClose
FindFirstFileW
FindResourceW
FormatMessageW
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceW
GetEnvironmentStrings
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetLogicalDriveStringsW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemInfo
GetThreadLocale
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVersionExW
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomW
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LockResource
MulDiv
MultiByteToWideChar
OpenProcess
QueryDosDeviceW
RaiseException
ReadFile
ResetEvent
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SignalObjectAndWait
SizeofResource
Sleep
SwitchToThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
VirtualQueryEx
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcpyW
lstrcpynW
lstrlenW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

comctl32

FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Read
ImageList_Remove
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_Write
InitializeFlatSB
_TrackMouseEvent

gdi32

BitBlt
CopyEnhMetaFileW
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateDIBitmap
CreateFontIndirectW
CreateHalftonePalette
CreatePalette
CreatePenIndirect
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
ExcludeClipRect
FrameRgn
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDCOrgEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetObjectW
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32W
GetTextExtentPointW
GetTextMetricsW
GetWinMetaFileBits
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
PlayEnhMetaFile
RealizePalette
RectVisible
Rectangle
RestoreDC
SaveDC
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetEnhMetaFileBits
SetPixel
SetROP2
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWinMetaFileBits
SetWindowOrgEx
StretchBlt
UnrealizeObject

msimg32

AlphaBlend

shell32

SHGetSpecialFolderPathW
ShellExecuteW
Shell_NotifyIconW

user32

ActivateKeyboardLayout
AdjustWindowRectEx
AppendMenuW
BeginPaint
CallNextHookEx
CallWindowProcW
CharLowerBuffW
CharLowerW
CharNextW
CharUpperBuffW
CheckMenuItem
ClientToScreen
CloseClipboard
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExW
DefFrameProcW
DefMDIChildProcW
DefWindowProcA
DefWindowProcW
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextExW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndPaint
EnumChildWindows
EnumThreadWindows
EnumWindows
FillRect
FindWindowExW
FindWindowW
FrameRect
GetActiveWindow
GetCapture
GetClassInfoW
GetClassLongW
GetClientRect
GetClipboardData
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameW
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuState
GetMenuStringW
GetMessageA
GetMessagePos
GetParent
GetPropW
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
InflateRect
InsertMenuItemW
InsertMenuW
IntersectRect
InvalidateRect
IsChild
IsDialogMessageA
IsDialogMessageW
IsIconic
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapW
LoadCursorW
LoadIconA
LoadIconW
LoadKeyboardLayoutW
LoadStringW
MapVirtualKeyW
MapWindowPoints
MessageBeep
MessageBoxA
MessageBoxW
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
OffsetRect
OpenClipboard
PeekMessageA
PeekMessageW
PostMessageA
PostMessageW
PostQuitMessage
RedrawWindow
RegisterClassExW
RegisterClassW
RegisterClipboardFormatW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropW
ScreenToClient
ScrollWindow
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetClassLongW
SetClipboardData
SetCursor
SetFocus
SetForegroundWindow
SetMenu
SetMenuDefaultItem
SetMenuItemInfoW
SetParent
SetPropW
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowsHookExW
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UpdateWindow
WaitMessage
WindowFromPoint
wsprintfA
wsprintfW

ole32

CoCreateInstance
CoInitialize
CoSetProxyBlanket
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
OleInitialize
OleUninitialize

oleaut32

CreateErrorInfo
GetErrorInfo
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SetErrorInfo
SysAllocString
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit

psapi

GetProcessImageFileNameW

Exports

Exports

@@Installertracingagentshared@Finalize
@@Installertracingagentshared@Initialize
@@Simplefunctions@Finalize
@@Simplefunctions@Initialize
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 677KB - Virtual size: 680KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 412KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$EXEDIR/RegOrganizerPortable/Data/StartupCheckingHelper.exe
.exe windows:4 windows x86 arch:x86

98612cffa3482e64608a9b2e01d1a871

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e1:9a:cb:14:2f:47:dc:28:0f:8a:97:38:47:fd:11:a7:dc:29:33:c2:d8:3a:b6:ba:60:4a:86:07:6e:be:88:17
Signer

Actual PE Digest

e1:9a:cb:14:2f:47:dc:28:0f:8a:97:38:47:fd:11:a7:dc:29:33:c2:d8:3a:b6:ba:60:4a:86:07:6e:be:88:17

Digest Algorithm

sha256

PE Digest Matches

true

a5:cd:64:9e:6c:46:71:fb:c2:07:5f:88:19:c2:eb:ab:89:f1:95:fc
Signer

Actual PE Digest

a5:cd:64:9e:6c:46:71:fb:c2:07:5f:88:19:c2:eb:ab:89:f1:95:fc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
ChangeServiceConfig2W
ChangeServiceConfigW
CloseServiceHandle
DeleteService
EnumServicesStatusW
GetUserNameW
LookupPrivilegeValueW
OpenProcessToken
OpenSCManagerW
OpenServiceW
QueryServiceConfig2W
QueryServiceConfigW
RegCloseKey
RegConnectRegistryW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegLoadKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegReplaceKeyW
RegRestoreKeyW
RegSaveKeyW
RegSetValueExW
RegUnLoadKeyW

kernel32

CloseHandle
CompareStringW
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateMutexW
CreateThread
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
EnumCalendarInfoW
EnumResourceNamesW
EnumSystemLocalesW
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileW
FindNextFileW
FindResourceW
FlushViewOfFile
FormatMessageW
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCPInfoExW
GetCommandLineW
GetComputerNameW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceW
GetEnvironmentStringsW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileTime
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetLongPathNameW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeExW
GetStringTypeW
GetSystemDefaultLangID
GetSystemDefaultUILanguage
GetSystemInfo
GetTempFileNameW
GetTempPathW
GetThreadLocale
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetUserDefaultUILanguage
GetVersion
GetVersionExA
GetVersionExW
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomW
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LockResource
MapViewOfFile
MulDiv
MultiByteToWideChar
OpenFileMappingA
OpenFileMappingW
OpenProcess
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReleaseMutex
ResetEvent
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SetThreadPriority
SizeofResource
Sleep
SuspendThread
SwitchToThread
SystemTimeToTzSpecificLocalTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
VirtualQueryEx
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpW
lstrlenW

netapi32

NetWkstaGetInfo

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winspool.drv

ClosePrinter
DocumentPropertiesW
EnumPrintersW
ord203
OpenPrinterW

comctl32

FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
ImageList_Add
ImageList_BeginDrag
ImageList_Copy
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_LoadImageW
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_SetOverlayImage
ImageList_Write
ord17
InitializeFlatSB
_TrackMouseEvent

gdi32

AbortDoc
AngleArc
Arc
ArcTo
BitBlt
Chord
CombineRgn
CopyEnhMetaFileW
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateDIBitmap
CreateFontIndirectW
CreateHalftonePalette
CreateICW
CreatePalette
CreatePenIndirect
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
Ellipse
EndDoc
EndPage
EnumFontFamiliesExW
EnumFontsW
ExcludeClipRect
ExtFloodFill
ExtTextOutW
FrameRgn
GdiFlush
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileDescriptionW
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetObjectW
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32W
GetTextExtentPointW
GetTextMetricsW
GetWinMetaFileBits
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
Pie
PlayEnhMetaFile
PolyBezier
PolyBezierTo
Polygon
Polyline
RealizePalette
RectVisible
Rectangle
RestoreDC
RoundRect
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetAbortProc
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetDIBits
SetEnhMetaFileBits
SetMapMode
SetPixel
SetROP2
SetRectRgn
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWinMetaFileBits
SetWindowOrgEx
StartDocW
StartPage
StretchBlt
StretchDIBits
UnrealizeObject

shell32

SHFileOperationW
SHGetSpecialFolderPathW
ShellExecuteW
Shell_NotifyIconW

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginPaint
CallNextHookEx
CallWindowProcW
CharLowerBuffW
CharLowerW
CharNextW
CharUpperBuffW
CharUpperW
CheckMenuItem
ChildWindowFromPoint
ClientToScreen
CloseClipboard
CopyIcon
CopyImage
CreateAcceleratorTableW
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExW
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextExW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndMenu
EndPaint
EnumChildWindows
EnumDisplayMonitors
EnumThreadWindows
EnumWindows
FillRect
FindWindowExW
FindWindowW
FrameRect
GetActiveWindow
GetCapture
GetClassInfoExW
GetClassInfoW
GetClassLongW
GetClassNameW
GetClientRect
GetClipboardData
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDlgCtrlID
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameW
GetKeyboardState
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuState
GetMenuStringW
GetMessageExtraInfo
GetMessagePos
GetMonitorInfoW
GetParent
GetPropW
GetScrollBarInfo
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMetrics
GetTopWindow
GetUpdateRect
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
HideCaret
InsertMenuItemW
InsertMenuW
InvalidateRect
IsChild
IsDialogMessageA
IsDialogMessageW
IsIconic
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapW
LoadCursorW
LoadIconW
LoadKeyboardLayoutW
LoadStringW
LockWindowUpdate
MapVirtualKeyW
MapWindowPoints
MessageBeep
MessageBoxW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
OpenClipboard
PeekMessageA
PeekMessageW
PostMessageW
PostQuitMessage
RedrawWindow
RegisterClassW
RegisterClipboardFormatW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropW
ScreenToClient
ScrollWindow
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetClassLongW
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoW
SetParent
SetPropW
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowCaret
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UpdateWindow
WaitMessage
WindowFromPoint
wsprintfA
GetSystemMenu

winmm

timeBeginPeriod

ole32

CoCreateInstance
CoFreeUnusedLibraries
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
IsEqualGUID
OleInitialize
OleUninitialize

oleaut32

CreateErrorInfo
GetErrorInfo
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SetErrorInfo
SysAllocString
SysAllocStringLen
SysFreeString
SysReAllocStringLen
SysStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit

Exports

Exports

@$xp$11TRegistryEx
@@Complexfunctions@Finalize
@@Complexfunctions@Initialize
@@Debugstuff@Finalize
@@Debugstuff@Initialize
@@Log@Finalize
@@Log@Initialize
@@Programdatastorage@Finalize
@@Programdatastorage@Initialize
@@Regfuncwrapunit@Finalize
@@Regfuncwrapunit@Initialize
@@Simplefunctions@Finalize
@@Simplefunctions@Initialize
@@Startupgear@Finalize
@@Startupgear@Initialize
@TRegistryEx@
@TRegistryEx@$bctr$qqrui
@TRegistryEx@$bctr$qqrv
@TRegistryEx@$bdtr$qqrv
@TRegistryEx@ChangeKey$qqr6HKEY64x20System@UnicodeString
@TRegistryEx@CloseKey$qqrv
@TRegistryEx@CreateKey$qqrx20System@UnicodeString
@TRegistryEx@DeleteKey$qqrx20System@UnicodeString
@TRegistryEx@DeleteValue$qqrx20System@UnicodeString
@TRegistryEx@GetBaseKey$qqro
@TRegistryEx@GetData$qqrx20System@UnicodeStringpvir32System@Win@Registry@TRegDataType
@TRegistryEx@GetDataInfo$qqrx20System@UnicodeStringr32System@Win@Registry@TRegDataInfo
@TRegistryEx@GetDataSize$qqrx20System@UnicodeString
@TRegistryEx@GetDataType$qqrx20System@UnicodeString
@TRegistryEx@GetKey$qqrx20System@UnicodeString
@TRegistryEx@GetKeyInfo$qqrr31System@Win@Registry@TRegKeyInfo
@TRegistryEx@GetKeyNames$qqrp23System@Classes@TStrings
@TRegistryEx@GetValueNames$qqrp23System@Classes@TStrings
@TRegistryEx@HasSubKeys$qqrv
@TRegistryEx@IsRelative$qrx20System@UnicodeString
@TRegistryEx@KeyExists$qqrx20System@UnicodeString
@TRegistryEx@MaybeOpenKey$q20System@UnicodeStringoul
@TRegistryEx@OpenKey$qqrx20System@UnicodeStringo
@TRegistryEx@OpenKeyReadOnly$qqrx20System@UnicodeString
@TRegistryEx@PutData$qqrx20System@UnicodeStringpvi32System@Win@Registry@TRegDataType
@TRegistryEx@ReadBinaryData$qqrx20System@UnicodeStringpvi
@TRegistryEx@ReadBool$qqrx20System@UnicodeString
@TRegistryEx@ReadDate$qqrx20System@UnicodeString
@TRegistryEx@ReadDateTime$qqrx20System@UnicodeString
@TRegistryEx@ReadFloat$qqrx20System@UnicodeString
@TRegistryEx@ReadInteger$qqrx20System@UnicodeString
@TRegistryEx@ReadString$qqrx20System@UnicodeString
@TRegistryEx@RenameValue$qqrx20System@UnicodeStringt1
@TRegistryEx@SetCurrentKey$qqr6HKEY64
@TRegistryEx@SetRootKey$qqr6HKEY64
@TRegistryEx@ValueExists$qqrx20System@UnicodeString
@TRegistryEx@WriteBinaryData$qqrx20System@UnicodeStringpvi
@TRegistryEx@WriteBool$qqrx20System@UnicodeStringo
@TRegistryEx@WriteDate$qqrx20System@UnicodeString16System@TDateTime
@TRegistryEx@WriteDateTime$qqrx20System@UnicodeString16System@TDateTime
@TRegistryEx@WriteExpandString$qqrx20System@UnicodeStringt1
@TRegistryEx@WriteFloat$qqrx20System@UnicodeStringd
@TRegistryEx@WriteInteger$qqrx20System@UnicodeStringi
@TRegistryEx@WriteString$qqrx20System@UnicodeStringt1
TMethodImplementationIntercept
__GetExceptDLLinfo
___CPPdebugHook
dbkFCallWrapperAddr

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 193KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 236KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$EXEDIR/RegOrganizerPortable/Data/StartupCheckingService.exe
.exe windows:4 windows x86 arch:x86

abe26ceb2399e13eadccab292ca28891

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

fb:23:67:58:b7:63:82:3d:3f:4f:ed:45:c7:07:c1:0c:72:f7:17:aa:ec:f2:9d:07:21:3e:78:f8:a8:30:86:6f
Signer

Actual PE Digest

fb:23:67:58:b7:63:82:3d:3f:4f:ed:45:c7:07:c1:0c:72:f7:17:aa:ec:f2:9d:07:21:3e:78:f8:a8:30:86:6f

Digest Algorithm

sha256

PE Digest Matches

true

1f:09:d5:cd:4a:80:05:90:20:1d:64:a1:f2:1f:61:6c:10:f8:1a:f5
Signer

Actual PE Digest

1f:09:d5:cd:4a:80:05:90:20:1d:64:a1:f2:1f:61:6c:10:f8:1a:f5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
ChangeServiceConfig2W
CloseServiceHandle
ControlService
CreateProcessWithTokenW
CreateServiceW
DeleteService
GetTokenInformation
LookupPrivilegeValueW
OpenProcessToken
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
QueryServiceStatusEx
RegCloseKey
RegConnectRegistryW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegLoadKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegReplaceKeyW
RegRestoreKeyW
RegSaveKeyW
RegSetValueExW
RegUnLoadKeyW
RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW
StartServiceW

kernel32

CloseHandle
CompareStringW
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileMappingA
CreateFileW
CreateThread
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
EnumCalendarInfoW
EnumResourceNamesW
EnumSystemLocalesW
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
FindResourceW
FormatMessageW
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCPInfoExW
GetCommandLineW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceW
GetDriveTypeW
GetEnvironmentStringsW
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetLongPathNameW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeExW
GetStringTypeW
GetSystemDefaultLangID
GetSystemDefaultUILanguage
GetSystemInfo
GetTempFileNameW
GetTempPathW
GetThreadLocale
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultUILanguage
GetVersion
GetVersionExA
GetVersionExW
GetVolumeInformationW
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomW
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapSize
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LockResource
MapViewOfFile
MulDiv
MultiByteToWideChar
OpenFileMappingA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ResetEvent
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetCurrentDirectoryW
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SetThreadPriority
SizeofResource
Sleep
SuspendThread
SwitchToThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
VirtualQueryEx
WTSGetActiveConsoleSessionId
WaitForMultipleObjects
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpW
lstrlenW

netapi32

NetWkstaGetInfo

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winspool.drv

ClosePrinter
DocumentPropertiesW
EnumPrintersW
ord203
OpenPrinterW

comctl32

FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
ImageList_Add
ImageList_BeginDrag
ImageList_Copy
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_LoadImageW
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_SetOverlayImage
ImageList_Write
ord17
InitializeFlatSB
_TrackMouseEvent

gdi32

AbortDoc
AngleArc
Arc
ArcTo
BitBlt
Chord
CombineRgn
CopyEnhMetaFileW
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateDIBitmap
CreateFontIndirectW
CreateHalftonePalette
CreateICW
CreatePalette
CreatePenIndirect
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
Ellipse
EndDoc
EndPage
EnumFontFamiliesExW
EnumFontsW
ExcludeClipRect
ExtFloodFill
ExtTextOutW
FrameRgn
GdiFlush
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileDescriptionW
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetNearestPaletteIndex
GetObjectW
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetStretchBltMode
GetSystemPaletteEntries
GetTextExtentPoint32W
GetTextExtentPointW
GetTextMetricsW
GetWinMetaFileBits
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
Pie
PlayEnhMetaFile
PolyBezier
PolyBezierTo
Polygon
Polyline
RealizePalette
RectVisible
Rectangle
ResizePalette
RestoreDC
RoundRect
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetAbortProc
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetDIBits
SetEnhMetaFileBits
SetMapMode
SetPixel
SetROP2
SetRectRgn
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWinMetaFileBits
SetWindowOrgEx
StartDocW
StartPage
StretchBlt
StretchDIBits
UnrealizeObject

shell32

CommandLineToArgvW
SHFileOperationW
SHGetSpecialFolderPathW
ShellExecuteW
Shell_NotifyIconW

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginPaint
CallNextHookEx
CallWindowProcW
CharLowerBuffW
CharLowerW
CharNextW
CharUpperBuffW
CharUpperW
CheckMenuItem
ChildWindowFromPoint
ClientToScreen
CloseClipboard
CopyIcon
CopyImage
CreateAcceleratorTableW
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExW
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextExW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndMenu
EndPaint
EnumChildWindows
EnumDisplayMonitors
EnumThreadWindows
EnumWindows
FillRect
FindWindowExW
FindWindowW
FrameRect
GetActiveWindow
GetCapture
GetClassInfoExW
GetClassInfoW
GetClassLongW
GetClassNameW
GetClientRect
GetClipboardData
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDlgCtrlID
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameW
GetKeyboardState
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuState
GetMenuStringW
GetMessageExtraInfo
GetMessagePos
GetMonitorInfoW
GetParent
GetPropW
GetScrollBarInfo
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMetrics
GetTopWindow
GetUpdateRect
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
HideCaret
InsertMenuItemW
InsertMenuW
InvalidateRect
IsChild
IsDialogMessageA
IsDialogMessageW
IsIconic
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapW
LoadCursorW
LoadIconW
LoadKeyboardLayoutW
LoadStringW
LockWindowUpdate
MapVirtualKeyW
MapWindowPoints
MessageBeep
MessageBoxW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
OpenClipboard
PeekMessageA
PeekMessageW
PostMessageW
PostQuitMessage
RedrawWindow
RegisterClassW
RegisterClipboardFormatW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropW
ScreenToClient
ScrollWindow
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetClassLongW
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoW
SetParent
SetPropW
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowCaret
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UpdateWindow
WaitMessage
WindowFromPoint
wsprintfA
GetSystemMenu

ole32

CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
IsEqualGUID
OleInitialize
OleUninitialize

oleaut32

GetErrorInfo
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SysAllocString
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSQueryUserToken

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
LoadUserProfileW
UnloadUserProfile

Exports

Exports

@@Log@Finalize
@@Log@Initialize
@@Programdatastorage@Finalize
@@Programdatastorage@Initialize
@@Simplefunctions@Finalize
@@Simplefunctions@Initialize
TMethodImplementationIntercept
__GetExceptDLLinfo
___CPPdebugHook
dbkFCallWrapperAddr

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 318KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$EXEDIR/RegOrganizerPortable/Data/UndoingChangesCenterUnit.const
$EXEDIR/RegOrganizerPortable/Data/WhatsNew-Russian.txt
$EXEDIR/RegOrganizerPortable/Data/WhatsNew.txt
$EXEDIR/RegOrganizerPortable/Data/WinRTApps.dll
.dll windows:6 windows x86 arch:x86

cac4b05c8ebbda33af7039e8c3082162

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f9:38:a5:5a:24:ac:bc:04:d7:b3:83:fa:c5:5c:a4:71:0c:e7:28:66:2d:9d:7b:c5:90:71:84:b1:37:17:c9:84
Signer

Actual PE Digest

f9:38:a5:5a:24:ac:bc:04:d7:b3:83:fa:c5:5c:a4:71:0c:e7:28:66:2d:9d:7b:c5:90:71:84:b1:37:17:c9:84

Digest Algorithm

sha256

PE Digest Matches

true

39:8c:93:3b:7d:6d:86:74:04:38:8b:b2:39:ea:0f:93:a8:a2:39:fe
Signer

Actual PE Digest

39:8c:93:3b:7d:6d:86:74:04:38:8b:b2:39:ea:0f:93:a8:a2:39:fe

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\music\tmp\w1\FullUninstall\.Related\WinRTApps.dll\Output\WinRTApps.pdb

Imports

kernel32

GetProcAddress
GetLocaleInfoEx
ResolveLocaleName
FindFirstFileW
FindClose
FindNextFileW
RaiseException
CloseHandle
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
OutputDebugStringW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LoadLibraryExW
HeapReAlloc
GetOEMCP
IsValidCodePage
GetACP
GetModuleFileNameW
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLastError
HeapFree
GetCommandLineA
GetCurrentThreadId
RtlUnwind
HeapAlloc
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsDebuggerPresent
ExitProcess
GetModuleHandleExW
HeapSize
GetProcessHeap
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree
CoCreateInstance

shlwapi

ord487
SHCreateStreamOnFileEx

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsCreateString
WindowsDeleteString

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoUninitialize
RoInitialize

Exports

Exports

GetWinRTAppsApi

Sections

.text
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$EXEDIR/RegOrganizerPortable/Data/links.xml
.xml
$EXEDIR/RegOrganizerPortable/Data/regkey.ini
$EXEDIR/RegOrganizerPortable/Data/tweaks.bkp.xml
.xml
$EXEDIR/RegOrganizerPortable/Data/updaterdll.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

@@Updatershared@Finalize
@@Updatershared@Initialize
DownlodFileFromTheInternet
___CPPdebugHook

Sections

Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$EXEDIR/RegOrganizerPortable/Reg64Call.exe
.exe windows:5 windows x64 arch:x64

aa785f714858af1f24eaea80606da5d6

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c5:52:97:cd:13:8b:73:b1:72:3e:ac:f4:12:a2:66:17:38:ec:14:5a:aa:19:25:c6:2f:b3:dc:7d:77:1e:22:db
Signer

Actual PE Digest

c5:52:97:cd:13:8b:73:b1:72:3e:ac:f4:12:a2:66:17:38:ec:14:5a:aa:19:25:c6:2f:b3:dc:7d:77:1e:22:db

Digest Algorithm

sha256

PE Digest Matches

true

38:e5:c0:0d:3a:04:a1:98:c3:1c:cd:ea:1c:85:c4:a1:8a:77:4f:7f
Signer

Actual PE Digest

38:e5:c0:0d:3a:04:a1:98:c3:1c:cd:ea:1c:85:c4:a1:8a:77:4f:7f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\work\RegistryProjects\WorkWithRegFiles\Reg64Call\x64\Release\Reg64Call.pdb

Imports

kernel32

GetCurrentThread
LoadLibraryW
GetCurrentProcess
GetProcAddress
FreeLibrary
GetCommandLineW
SwitchToThread
GetCurrentProcessId
GetModuleFileNameW
GetExitCodeProcess
Sleep
OpenProcess
GetTickCount
CloseHandle
OpenFileMappingW
CreateFileMappingW
CreateFileW
FlushViewOfFile
VirtualQuery
UnmapViewOfFile
SetThreadPriority
MapViewOfFile
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
WideCharToMultiByte
MultiByteToWideChar
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
GetCommandLineA
GetStartupInfoW
RaiseException
RtlPcToFileHeader
GetCPInfo
RtlLookupFunctionEntry
RtlUnwindEx
HeapAlloc
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapSetInformation
GetVersion
HeapCreate
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
HeapSize
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetStringTypeW
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
FlushFileBuffers

advapi32

RegCloseKey
AdjustTokenPrivileges
RegEnumKeyExW
RegFlushKey
RegOpenKeyExW
RegEnumValueW
RegSaveKeyExW
RegDeleteValueW
LookupPrivilegeValueW
RegSaveKeyW
RegDeleteKeyW
RegReplaceKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyExW
RegRestoreKeyW
OpenProcessToken
RegSetValueExW

shell32

CommandLineToArgvW

winmm

timeBeginPeriod

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/nsProcess.dll
.dll windows:5 windows x86 arch:x86

439074d1c01f7b16781bdf060930814a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
TerminateProcess
WaitForSingleObject
GetExitCodeProcess
OpenProcess
MultiByteToWideChar
lstrlenA
lstrlenW
LoadLibraryA
lstrcmpiW
lstrcpynW
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryW
GetVersionExW
GlobalFree
GlobalAlloc

user32

GetWindowThreadProcessId
EnumWindows
wsprintfW
PostMessageW

Exports

Exports

_CloseProcess
_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 927B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 254B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppUninstIgnore.bkp.xml
CloseApplication.dll
.dll windows:4 windows x86 arch:x86

752c0bf2e02537842b0a8b5a66c7851c

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

33:aa:1a:38:88:22:12:a7:3c:2d:de:09:04:4e:48:24:b3:b7:89:bb:a2:27:d2:ca:28:4f:29:ba:c0:54:d0:c7
Signer

Actual PE Digest

33:aa:1a:38:88:22:12:a7:3c:2d:de:09:04:4e:48:24:b3:b7:89:bb:a2:27:d2:ca:28:4f:29:ba:c0:54:d0:c7

Digest Algorithm

sha256

PE Digest Matches

true

73:ff:44:1d:67:f1:7d:8b:49:78:2c:e2:80:28:de:81:1b:b0:51:e8
Signer

Actual PE Digest

73:ff:44:1d:67:f1:7d:8b:49:78:2c:e2:80:28:de:81:1b:b0:51:e8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegFlushKey
RegOpenKeyExW
RegQueryValueExW

kernel32

CloseHandle
CompareStringW
CreateEventW
CreateFileA
CreateFileW
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
EnumCalendarInfoW
ExitProcess
ExitThread
FindClose
FindFirstFileW
FindResourceW
FormatMessageW
FreeEnvironmentStringsA
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceW
GetEnvironmentStrings
GetExitCodeThread
GetFileAttributesA
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemInfo
GetThreadLocale
GetTickCount
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVersionExW
GlobalAddAtomW
GlobalDeleteAtom
GlobalFindAtomW
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LockResource
MulDiv
MultiByteToWideChar
OpenEventW
OpenProcess
RaiseException
ReadFile
ResetEvent
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SignalObjectAndWait
SizeofResource
Sleep
SwitchToThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
VirtualQueryEx
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcpyW
lstrcpynW
lstrlenW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

comctl32

FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Read
ImageList_Remove
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_Write
InitializeFlatSB
_TrackMouseEvent

gdi32

BitBlt
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateDIBitmap
CreateFontIndirectW
CreateHalftonePalette
CreatePalette
CreatePenIndirect
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
ExcludeClipRect
FrameRgn
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDCOrgEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetObjectW
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32W
GetTextMetricsW
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
RealizePalette
RectVisible
RestoreDC
SaveDC
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetPixel
SetROP2
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWindowOrgEx
StretchBlt
UnrealizeObject

msimg32

AlphaBlend

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginPaint
CallNextHookEx
CallWindowProcW
CharLowerW
CharNextW
CharUpperBuffW
CheckMenuItem
ClientToScreen
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExW
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextExW
DrawTextW
EnableMenuItem
EnableScrollBar
EnableWindow
EndPaint
EnumChildWindows
EnumThreadWindows
EnumWindows
FillRect
FindWindowExW
FindWindowW
FrameRect
GetActiveWindow
GetCapture
GetClassInfoW
GetClassLongW
GetClientRect
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameW
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuState
GetMenuStringW
GetMessagePos
GetParent
GetPropW
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
InflateRect
InsertMenuItemW
InsertMenuW
IntersectRect
InvalidateRect
IsChild
IsDialogMessageA
IsDialogMessageW
IsIconic
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapW
LoadCursorW
LoadIconW
LoadKeyboardLayoutW
LoadStringW
MapVirtualKeyW
MapWindowPoints
MessageBoxA
MessageBoxW
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
OffsetRect
PeekMessageA
PeekMessageW
PostMessageW
PostQuitMessage
RedrawWindow
RegisterClassW
RegisterClipboardFormatW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropW
ScreenToClient
ScrollWindow
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetClassLongW
SetCursor
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoW
SetParent
SetPropW
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowsHookExW
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UpdateWindow
WaitMessage
WindowFromPoint
wsprintfA

ole32

CoInitialize
CoUninitialize
OleInitialize
OleUninitialize

oleaut32

GetErrorInfo
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameA

Exports

Exports

CloseApplication
IsApplicationExecuted
___CPPdebugHook

Sections

.text
Size: 508KB - Virtual size: 508KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Data/AppUninstIgnore.bkp.xml
Data/CloseApplication.dll
.dll windows:4 windows x86 arch:x86

752c0bf2e02537842b0a8b5a66c7851c

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

33:aa:1a:38:88:22:12:a7:3c:2d:de:09:04:4e:48:24:b3:b7:89:bb:a2:27:d2:ca:28:4f:29:ba:c0:54:d0:c7
Signer

Actual PE Digest

33:aa:1a:38:88:22:12:a7:3c:2d:de:09:04:4e:48:24:b3:b7:89:bb:a2:27:d2:ca:28:4f:29:ba:c0:54:d0:c7

Digest Algorithm

sha256

PE Digest Matches

true

73:ff:44:1d:67:f1:7d:8b:49:78:2c:e2:80:28:de:81:1b:b0:51:e8
Signer

Actual PE Digest

73:ff:44:1d:67:f1:7d:8b:49:78:2c:e2:80:28:de:81:1b:b0:51:e8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegFlushKey
RegOpenKeyExW
RegQueryValueExW

kernel32

CloseHandle
CompareStringW
CreateEventW
CreateFileA
CreateFileW
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
EnumCalendarInfoW
ExitProcess
ExitThread
FindClose
FindFirstFileW
FindResourceW
FormatMessageW
FreeEnvironmentStringsA
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceW
GetEnvironmentStrings
GetExitCodeThread
GetFileAttributesA
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemInfo
GetThreadLocale
GetTickCount
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVersionExW
GlobalAddAtomW
GlobalDeleteAtom
GlobalFindAtomW
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LockResource
MulDiv
MultiByteToWideChar
OpenEventW
OpenProcess
RaiseException
ReadFile
ResetEvent
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SignalObjectAndWait
SizeofResource
Sleep
SwitchToThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
VirtualQueryEx
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcpyW
lstrcpynW
lstrlenW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

comctl32

FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Read
ImageList_Remove
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_Write
InitializeFlatSB
_TrackMouseEvent

gdi32

BitBlt
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateDIBitmap
CreateFontIndirectW
CreateHalftonePalette
CreatePalette
CreatePenIndirect
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
ExcludeClipRect
FrameRgn
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDCOrgEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetObjectW
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32W
GetTextMetricsW
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
RealizePalette
RectVisible
RestoreDC
SaveDC
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetPixel
SetROP2
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWindowOrgEx
StretchBlt
UnrealizeObject

msimg32

AlphaBlend

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginPaint
CallNextHookEx
CallWindowProcW
CharLowerW
CharNextW
CharUpperBuffW
CheckMenuItem
ClientToScreen
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExW
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextExW
DrawTextW
EnableMenuItem
EnableScrollBar
EnableWindow
EndPaint
EnumChildWindows
EnumThreadWindows
EnumWindows
FillRect
FindWindowExW
FindWindowW
FrameRect
GetActiveWindow
GetCapture
GetClassInfoW
GetClassLongW
GetClientRect
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameW
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuState
GetMenuStringW
GetMessagePos
GetParent
GetPropW
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
InflateRect
InsertMenuItemW
InsertMenuW
IntersectRect
InvalidateRect
IsChild
IsDialogMessageA
IsDialogMessageW
IsIconic
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapW
LoadCursorW
LoadIconW
LoadKeyboardLayoutW
LoadStringW
MapVirtualKeyW
MapWindowPoints
MessageBoxA
MessageBoxW
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
OffsetRect
PeekMessageA
PeekMessageW
PostMessageW
PostQuitMessage
RedrawWindow
RegisterClassW
RegisterClipboardFormatW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropW
ScreenToClient
ScrollWindow
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetClassLongW
SetCursor
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoW
SetParent
SetPropW
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowsHookExW
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UpdateWindow
WaitMessage
WindowFromPoint
wsprintfA

ole32

CoInitialize
CoUninitialize
OleInitialize
OleUninitialize

oleaut32

GetErrorInfo
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameA

Exports

Exports

CloseApplication
IsApplicationExecuted
___CPPdebugHook

Sections

.text
Size: 508KB - Virtual size: 508KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Data/Documentation/English/Documentation.chm
.chm
Data/Documentation/Russian/Documentation.chm
.chm
Data/HardwareConstant.dll
.dll windows:5 windows x86 arch:x86

abcf51cc9ff3a4143d084b02d70ceb69

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

32:8a:11:fc:58:09:6a:a6:32:ee:4d:a8:02:27:ed:b4:bd:34:94:16:5c:af:65:95:64:1b:0c:b3:a0:d7:f1:5e
Signer

Actual PE Digest

32:8a:11:fc:58:09:6a:a6:32:ee:4d:a8:02:27:ed:b4:bd:34:94:16:5c:af:65:95:64:1b:0c:b3:a0:d7:f1:5e

Digest Algorithm

sha256

PE Digest Matches

true

5d:90:5d:59:e8:93:6e:7b:b6:41:fc:d5:8c:11:06:8b:35:c1:38:fe
Signer

Actual PE Digest

5d:90:5d:59:e8:93:6e:7b:b6:41:fc:d5:8c:11:06:8b:35:c1:38:fe

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\work\HardwareID\Release\HardwareConstant.pdb

Imports

kernel32

DeviceIoControl
GetVolumePathNameW
MultiByteToWideChar
GetLastError
CloseHandle
CreateFileW
WriteConsoleW
FormatMessageW
LoadLibraryW
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
WideCharToMultiByte
GetStringTypeW
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
HeapAlloc
GetCPInfo
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetProcAddress
HeapCreate
HeapDestroy
WriteFile
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
ExitProcess
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapSize
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
HeapReAlloc
SetStdHandle

user32

wsprintfW

advapi32

CryptGetHashParam
CryptHashData
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptDestroyHash

shell32

SHGetSpecialFolderPathW

Exports

Exports

GetHardwareConstant
GetHardwareInfo
HardwareConstantUnitTest

Sections

.text
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Data/HelperFor64Bits.exe
.exe windows:5 windows x64 arch:x64

4201638a3137bdf5091beba1ceceec76

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

71:4f:fc:65:79:97:59:56:f0:a5:11:c2:b8:9a:ce:5c:82:79:93:6c:23:53:84:b9:3e:a5:b3:cf:76:a4:d6:02
Signer

Actual PE Digest

71:4f:fc:65:79:97:59:56:f0:a5:11:c2:b8:9a:ce:5c:82:79:93:6c:23:53:84:b9:3e:a5:b3:cf:76:a4:d6:02

Digest Algorithm

sha256

PE Digest Matches

true

c7:72:e9:0b:60:17:89:88:94:2d:96:be:1f:82:a0:45:77:10:24:fc
Signer

Actual PE Digest

c7:72:e9:0b:60:17:89:88:94:2d:96:be:1f:82:a0:45:77:10:24:fc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorSacl
GetTokenInformation
GetUserNameW
IsValidSecurityDescriptor
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegConnectRegistryW
RegCreateKeyExW
RegDeleteKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegLoadKeyW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryMultipleValuesW
RegQueryValueExW
RegReplaceKeyW
RegRestoreKeyW
RegSaveKeyW
RegSetValueExW
RegUnLoadKeyW
SetNamedSecurityInfoW

kernel32

AddVectoredExceptionHandler
CloseHandle
CompareStringA
CompareStringW
CreateDirectoryA
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateProcessW
CreateThread
DeleteCriticalSection
DeleteFileA
DeleteFileW
DuplicateHandle
EnterCriticalSection
EnumCalendarInfoW
EnumResourceNamesW
EnumSystemLocalesW
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceA
FindResourceW
FlushViewOfFile
FormatMessageW
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCPInfoExW
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDateFormatW
GetDiskFreeSpaceW
GetEnvironmentStrings
GetEnvironmentStringsW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileInformationByHandle
GetFileSize
GetFileSizeEx
GetFileTime
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetLogicalDriveStringsW
GetLongPathNameW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeExA
GetStringTypeExW
GetStringTypeW
GetSystemDefaultLangID
GetSystemDefaultUILanguage
GetSystemInfo
GetTempFileNameW
GetTempPathW
GetThreadLocale
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetUserDefaultUILanguage
GetVersion
GetVersionExA
GetVersionExW
GetWindowsDirectoryW
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomW
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LockResource
MapViewOfFile
MulDiv
MultiByteToWideChar
OpenFileMappingW
OpenProcess
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
RemoveDirectoryA
RemoveDirectoryW
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlCaptureContext
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
SetThreadLocale
SetThreadPriority
SizeofResource
Sleep
SuspendThread
SwitchToThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
VirtualQueryEx
WaitForMultipleObjects
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpW
lstrlenW
RtlRestoreContext
RtlUnwindEx

netapi32

NetApiBufferFree
NetUserGetInfo
NetWkstaGetInfo

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winspool.drv

ClosePrinter
DocumentPropertiesW
EnumPrintersW
GetDefaultPrinterW
OpenPrinterW

comctl32

FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
ImageList_Add
ImageList_BeginDrag
ImageList_Copy
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_LoadImageW
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_SetOverlayImage
ImageList_Write
InitCommonControls
InitializeFlatSB
_TrackMouseEvent

gdi32

AbortDoc
AddFontMemResourceEx
AngleArc
Arc
ArcTo
BitBlt
Chord
CombineRgn
CopyEnhMetaFileW
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateDIBitmap
CreateFontIndirectW
CreateHalftonePalette
CreateICW
CreatePalette
CreatePenIndirect
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
Ellipse
EndDoc
EndPage
EnumFontFamiliesExW
EnumFontsW
ExcludeClipRect
ExtFloodFill
ExtTextOutW
FrameRgn
GdiFlush
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileDescriptionW
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetNearestPaletteIndex
GetObjectW
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetStretchBltMode
GetSystemPaletteEntries
GetTextExtentPoint32W
GetTextExtentPointW
GetTextMetricsW
GetWinMetaFileBits
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
Pie
PlayEnhMetaFile
PolyBezier
PolyBezierTo
Polygon
Polyline
RealizePalette
RectVisible
Rectangle
ResizePalette
RestoreDC
RoundRect
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetAbortProc
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetDIBits
SetEnhMetaFileBits
SetMapMode
SetPixel
SetROP2
SetRectRgn
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWinMetaFileBits
SetWindowOrgEx
StartDocW
StartPage
StretchBlt
StretchDIBits
UnrealizeObject

shell32

CommandLineToArgvW
ExtractAssociatedIconW
ExtractIconW
SHFileOperationW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginPaint
CallNextHookEx
CallWindowProcW
CharLowerBuffA
CharLowerBuffW
CharLowerW
CharNextW
CharUpperBuffA
CharUpperBuffW
CharUpperW
CheckMenuItem
ChildWindowFromPoint
ClientToScreen
CloseClipboard
CopyIcon
CopyImage
CreateAcceleratorTableW
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExW
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextExW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndMenu
EndPaint
EnumChildWindows
EnumDisplayMonitors
EnumThreadWindows
EnumWindows
ExitWindowsEx
FillRect
FindWindowExW
FindWindowW
FrameRect
GetActiveWindow
GetCapture
GetClassInfoExW
GetClassInfoW
GetClassNameW
GetClientRect
GetClipboardData
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDlgCtrlID
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameW
GetKeyboardState
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuState
GetMenuStringW
GetMessageExtraInfo
GetMessagePos
GetMonitorInfoW
GetParent
GetPropW
GetScrollBarInfo
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetUpdateRect
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
HideCaret
InsertMenuItemW
InsertMenuW
InvalidateRect
IsChild
IsDialogMessageA
IsDialogMessageW
IsIconic
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapW
LoadCursorW
LoadIconW
LoadKeyboardLayoutW
LoadStringA
LoadStringW
LockWindowUpdate
MapVirtualKeyW
MapWindowPoints
MessageBeep
MessageBoxW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
OpenClipboard
PeekMessageA
PeekMessageW
PostMessageW
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassW
RegisterClipboardFormatW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropW
ScreenToClient
ScrollWindow
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoW
SetParent
SetPropW
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowCaret
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UpdateWindow
WaitMessage
WindowFromPoint
mouse_event
GetClassLongPtrW
GetWindowLongPtrW
SetClassLongPtrW
SetWindowLongPtrW
wsprintfA

winmm

timeBeginPeriod

ole32

CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoFreeUnusedLibraries
CoInitialize
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
IsEqualGUID
OleInitialize
OleUninitialize

oleaut32

GetActiveObject
GetErrorInfo
SafeArrayAccessData
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetVartype
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SafeArrayUnaccessData
SysAllocString
SysAllocStringLen
SysFreeString
SysReAllocStringLen
SysStringLen
VariantChangeType
VariantClear
VariantCopy
VariantCopyInd
VariantInit

wininet

FindCloseUrlCache
FindFirstUrlCacheEntryW
FindNextUrlCacheEntryW
InternetQueryOptionW

shlwapi

StrCmpLogicalW

Exports

Exports

_ZTR20TCloseProgramWaiting
_ZTRN11debug_stuff8internal12TIdleHandlerE
_ZTRN15RegistryTracing10TRegNotify5TImplE
_ZTRN15RegistryTracing17TRegSnapShotAsync5TImplE
_ZTRN15RegistryTracing20TProgressObservation5TImplE
_ZTRN15RegistryTracing22TSeparateThreadCapture5TImplE
__CPPdebugHook

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 298KB - Virtual size: 523KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 484KB - Virtual size: 484KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Data/IgnoreDiskCleaner.bkp.xml
Data/IgnoreRegCleaner.bkp.xml
Data/InstallerTracingAgent.dll
.dll windows:4 windows x86 arch:x86

a0eb8587af0f242e7f235f5d2a73f1e5

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1d:c2:44:64:ff:c5:93:59:a5:1c:99:9b:84:34:fd:83:0b:6f:1e:86:43:85:ee:b7:4f:f7:1d:01:a6:b1:a6:c6
Signer

Actual PE Digest

1d:c2:44:64:ff:c5:93:59:a5:1c:99:9b:84:34:fd:83:0b:6f:1e:86:43:85:ee:b7:4f:f7:1d:01:a6:b1:a6:c6

Digest Algorithm

sha256

PE Digest Matches

true

aa:c0:f6:ab:a4:ee:2d:62:91:6c:32:df:9b:e3:20:c2:e0:25:80:6a
Signer

Actual PE Digest

aa:c0:f6:ab:a4:ee:2d:62:91:6c:32:df:9b:e3:20:c2:e0:25:80:6a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegFlushKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW

kernel32

CloseHandle
CompareStringW
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileW
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
EnumCalendarInfoW
ExitProcess
ExitThread
FindClose
FindFirstFileW
FindResourceW
FormatMessageW
FreeEnvironmentStringsA
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceW
GetEnvironmentStrings
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetLogicalDriveStringsW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemInfo
GetThreadLocale
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVersionExW
GlobalAddAtomW
GlobalDeleteAtom
GlobalFindAtomW
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LockResource
MulDiv
MultiByteToWideChar
OpenMutexW
OpenProcess
QueryDosDeviceW
RaiseException
ReadFile
ResetEvent
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SignalObjectAndWait
SizeofResource
Sleep
SwitchToThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
VirtualQueryEx
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcpyW
lstrcpynW
lstrlenW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

comctl32

FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Read
ImageList_Remove
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_Write
InitializeFlatSB
_TrackMouseEvent

gdi32

BitBlt
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateDIBitmap
CreateFontIndirectW
CreateHalftonePalette
CreatePalette
CreatePenIndirect
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
ExcludeClipRect
FrameRgn
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDCOrgEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetObjectW
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32W
GetTextMetricsW
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
RealizePalette
RectVisible
RestoreDC
SaveDC
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetPixel
SetROP2
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWindowOrgEx
StretchBlt
UnrealizeObject

msimg32

AlphaBlend

shell32

SHGetSpecialFolderPathW
ShellExecuteW

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginPaint
CallNextHookEx
CallWindowProcW
CharLowerW
CharNextW
CharUpperBuffW
CheckMenuItem
ClientToScreen
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExW
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextExW
DrawTextW
EnableMenuItem
EnableScrollBar
EnableWindow
EndPaint
EnumChildWindows
EnumThreadWindows
EnumWindows
FillRect
FindWindowExW
FindWindowW
FrameRect
GetActiveWindow
GetCapture
GetClassInfoW
GetClassLongW
GetClientRect
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameW
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuState
GetMenuStringW
GetMessagePos
GetParent
GetPropW
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
InflateRect
InsertMenuItemW
InsertMenuW
IntersectRect
InvalidateRect
IsChild
IsDialogMessageA
IsDialogMessageW
IsIconic
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapW
LoadCursorW
LoadIconW
LoadKeyboardLayoutW
LoadStringW
MapVirtualKeyW
MapWindowPoints
MessageBoxA
MessageBoxW
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
OffsetRect
PeekMessageA
PeekMessageW
PostMessageA
PostMessageW
PostQuitMessage
RedrawWindow
RegisterClassW
RegisterClipboardFormatW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropW
ScreenToClient
ScrollWindow
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetClassLongW
SetCursor
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoW
SetParent
SetPropW
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowsHookExW
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UpdateWindow
WaitMessage
WindowFromPoint
wsprintfA
wsprintfW

ole32

CoCreateInstance
CoInitialize
CoUninitialize
OleInitialize
OleUninitialize

oleaut32

CreateErrorInfo
GetErrorInfo
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SetErrorInfo
SysAllocString
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit

psapi

GetProcessImageFileNameW

Exports

Exports

@@Installertracingagentshared@Finalize
@@Installertracingagentshared@Initialize
@@Simplefunctions@Finalize
@@Simplefunctions@Initialize
DisableInstallerTracingAgent
EnableInstallerTracingAgentEx
FreeAgentSettingsStructure
GetInstallerTracingAgentSettings
IsInstallerTracingAgentEnabled
IsInstallerTracingAgentWorking
LoadInstallerTracingAgent
SetInstallerTracingAgentSettings
UnloadInstallerTracingAgent
___CPPdebugHook

Sections

.text
Size: 646KB - Virtual size: 648KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Data/Languages/French-7.16.sib
Data/Languages/Korean-7.16.sib.sib
Data/Languages/Portuguese(pt-BR)-7.16.sib
Data/Languages/Portuguese(pt-PT)-7.16.sib
Data/Languages/Ukrainian.sib
Data/Languages/russian.sib
Data/OptimizationAnimation.avi
Data/ProgramDataStorage.const
Data/QuickRegEditorLaunch.dll
.dll windows:4 windows x86 arch:x86

7405a696a67b74e0c3f208639b333285

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a0:90:c3:6b:ae:46:3f:30:0f:04:6a:55:3e:cb:7b:76:12:20:06:0e:b0:25:94:c6:d8:05:3a:71:a5:75:cf:e0
Signer

Actual PE Digest

a0:90:c3:6b:ae:46:3f:30:0f:04:6a:55:3e:cb:7b:76:12:20:06:0e:b0:25:94:c6:d8:05:3a:71:a5:75:cf:e0

Digest Algorithm

sha256

PE Digest Matches

true

2d:38:d5:c1:db:1a:53:3d:eb:6f:4b:76:31:21:59:96:c3:aa:0f:78
Signer

Actual PE Digest

2d:38:d5:c1:db:1a:53:3d:eb:6f:4b:76:31:21:59:96:c3:aa:0f:78

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegFlushKey
RegOpenKeyExW
RegQueryValueExW

kernel32

CloseHandle
CompareStringW
CreateEventW
CreateFileA
CreateFileW
CreateThread
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
EnumCalendarInfoW
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindClose
FindFirstFileW
FindNextFileW
FindResourceW
FormatMessageW
FreeEnvironmentStringsA
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceW
GetEnvironmentStrings
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemInfo
GetThreadLocale
GetTickCount
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVersionExW
GlobalAddAtomW
GlobalDeleteAtom
GlobalFindAtomW
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LockResource
MulDiv
MultiByteToWideChar
RaiseException
ReadFile
ResetEvent
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SignalObjectAndWait
SizeofResource
Sleep
SwitchToThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
VirtualQueryEx
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcpyW
lstrcpynW
lstrlenW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

comctl32

FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Read
ImageList_Remove
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_Write
InitializeFlatSB
_TrackMouseEvent

gdi32

BitBlt
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateDIBitmap
CreateFontIndirectW
CreateHalftonePalette
CreatePalette
CreatePenIndirect
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
ExcludeClipRect
FrameRgn
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDCOrgEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetObjectW
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32W
GetTextMetricsW
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
RealizePalette
RectVisible
RestoreDC
SaveDC
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetPixel
SetROP2
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWindowOrgEx
StretchBlt
UnrealizeObject

msimg32

AlphaBlend

shell32

SHGetSpecialFolderPathW

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginPaint
CallNextHookEx
CallWindowProcW
CharLowerBuffW
CharLowerW
CharNextW
CharUpperBuffW
CheckMenuItem
ClientToScreen
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExW
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextExW
DrawTextW
EnableMenuItem
EnableScrollBar
EnableWindow
EndPaint
EnumChildWindows
EnumThreadWindows
EnumWindows
FillRect
FindWindowExW
FindWindowW
FrameRect
GetActiveWindow
GetCapture
GetClassInfoW
GetClassLongW
GetClientRect
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameW
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuState
GetMenuStringW
GetMessagePos
GetParent
GetPropW
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
InflateRect
InsertMenuItemW
InsertMenuW
IntersectRect
InvalidateRect
IsChild
IsDialogMessageA
IsDialogMessageW
IsIconic
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapW
LoadCursorW
LoadIconW
LoadKeyboardLayoutW
LoadStringW
MapVirtualKeyW
MapWindowPoints
MessageBoxA
MessageBoxW
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
OffsetRect
PeekMessageA
PeekMessageW
PostMessageW
PostQuitMessage
RedrawWindow
RegisterClassW
RegisterClipboardFormatW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropW
ScreenToClient
ScrollWindow
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetClassLongW
SetCursor
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoW
SetParent
SetPropW
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowsHookExW
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UpdateWindow
WaitMessage
WindowFromPoint
wsprintfA

ole32

CoCreateInstance
CoFreeUnusedLibraries
CoInitialize
CoUninitialize
OleInitialize
OleUninitialize

oleaut32

GetErrorInfo
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SysAllocString
SysAllocStringLen
SysFreeString
SysReAllocStringLen
SysStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit

shlwapi

PathCanonicalizeW

Exports

Exports

@@Maindllunit@Finalize
@@Maindllunit@Initialize
@@Simplefunctions@Finalize
@@Simplefunctions@Initialize
DisableRegEditorQuickLaunch
EnableRegEditorQuickLaunchEx
GetRegEditorQuickLaunchInfo
___CPPdebugHook

Sections

.text
Size: 540KB - Virtual size: 544KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 46KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Data/Readme-Russian.txt
Data/Readme.txt
Data/Reg64Call.exe
.exe windows:6 windows x64 arch:x64

55413c38d437f9a627fb69cf8e51fda8

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0f:b8:ca:69:18:d4:27:16:02:77:fc:54:6a:82:3a:11:61:9b:4c:01:aa:c8:6c:46:11:db:bf:e5:cb:d1:e3:9e
Signer

Actual PE Digest

0f:b8:ca:69:18:d4:27:16:02:77:fc:54:6a:82:3a:11:61:9b:4c:01:aa:c8:6c:46:11:db:bf:e5:cb:d1:e3:9e

Digest Algorithm

sha256

PE Digest Matches

true

7d:ad:30:87:4d:e3:59:d5:4e:6f:18:db:44:b8:7a:1a:00:f0:20:6c
Signer

Actual PE Digest

7d:ad:30:87:4d:e3:59:d5:4e:6f:18:db:44:b8:7a:1a:00:f0:20:6c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

\\VBOXSVR\music\tmp\w1\RegistryProjects\WorkWithRegFiles\Reg64Call\x64\Release\Reg64Call.pdb

Imports

kernel32

GetCurrentThread
LoadLibraryW
FreeLibrary
GetProcAddress
GetCommandLineW
SwitchToThread
GetCurrentProcessId
GetLastError
GetModuleFileNameW
GetExitCodeProcess
Sleep
OpenProcess
GetTickCount
GetCurrentProcess
CloseHandle
OpenFileMappingW
CreateFileMappingW
CreateFileW
FlushViewOfFile
VirtualQuery
UnmapViewOfFile
SetThreadPriority
MapViewOfFile
FlushFileBuffers
WriteConsoleW
SetStdHandle
OutputDebugStringW
SetFilePointerEx
WideCharToMultiByte
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetStringTypeW
HeapFree
GetCommandLineA
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
GetCPInfo
HeapAlloc
IsProcessorFeaturePresent
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
IsDebuggerPresent
ExitProcess
GetModuleHandleExW
HeapSize
GetProcessHeap
GetCurrentThreadId
GetStdHandle
GetFileType
GetModuleFileNameA
WriteFile
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetACP
GetOEMCP
HeapReAlloc
LoadLibraryExW
GetConsoleCP
GetConsoleMode

advapi32

RegCloseKey
AdjustTokenPrivileges
RegEnumKeyExW
RegFlushKey
RegNotifyChangeKeyValue
RegOpenKeyExW
RegEnumValueW
RegSaveKeyExW
RegDeleteValueW
LookupPrivilegeValueW
RegSaveKeyW
RegDeleteKeyW
RegReplaceKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyExW
RegQueryMultipleValuesW
RegRestoreKeyW
OpenProcessToken
RegSetValueExW

shell32

CommandLineToArgvW

winmm

timeBeginPeriod

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Data/RegKeysV3to5.dll
.dll windows:4 windows x86 arch:x86

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4a:db:46:91:48:61:d7:2d:72:e0:f7:09:36:0c:bd:ed:01:9b:01:4d:d6:0e:e4:15:b4:c8:91:e1:66:ea:7b:50
Signer

Actual PE Digest

4a:db:46:91:48:61:d7:2d:72:e0:f7:09:36:0c:bd:ed:01:9b:01:4d:d6:0e:e4:15:b4:c8:91:e1:66:ea:7b:50

Digest Algorithm

sha256

PE Digest Matches

true

3f:85:95:82:ad:4c:b2:16:14:58:22:c8:90:83:b3:51:17:b3:b7:49
Signer

Actual PE Digest

3f:85:95:82:ad:4c:b2:16:14:58:22:c8:90:83:b3:51:17:b3:b7:49

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

@@Maindllunit@Finalize
@@Maindllunit@Initialize
GetRegKeysForV3to5Info
___CPPdebugHook

Sections

Size: 206KB - Virtual size: 512KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 9KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 21KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 324KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Data/RegOrganizer.exe
.exe windows:4 windows x86 arch:x86

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

49:2d:0c:fa:8c:2d:7c:ed:70:b3:79:a3:7e:e9:82:25:b4:c1:5d:6a:5b:5b:2b:33:ef:88:b8:e6:8d:6e:86:79
Signer

Actual PE Digest

49:2d:0c:fa:8c:2d:7c:ed:70:b3:79:a3:7e:e9:82:25:b4:c1:5d:6a:5b:5b:2b:33:ef:88:b8:e6:8d:6e:86:79

Digest Algorithm

sha256

PE Digest Matches

true

ba:3c:ce:4b:11:3f:9e:41:44:0c:bb:46:1e:5f:b1:ec:9e:29:a4:c4
Signer

Actual PE Digest

ba:3c:ce:4b:11:3f:9e:41:44:0c:bb:46:1e:5f:b1:ec:9e:29:a4:c4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

@$xp$11TRegistryEx
@$xp$19TTabSheetWithButton
@$xp$22TPageControlWithButton
@@Aboutunit@Finalize
@@Aboutunit@Initialize
@@Addtofavoritesandcommentseditingunit@Finalize
@@Addtofavoritesandcommentseditingunit@Initialize
@@Applicationsuninstallergear@Finalize
@@Applicationsuninstallergear@Initialize
@@Applicationsuninstallerunit@Finalize
@@Applicationsuninstallerunit@Initialize
@@Apptracesfinder@Finalize
@@Apptracesfinder@Initialize
@@Automaticregistrycleanupresultsunit@Finalize
@@Automaticregistrycleanupresultsunit@Initialize
@@Automaticregistrycleanupunit@Finalize
@@Automaticregistrycleanupunit@Initialize
@@Bifactorialprogress@Finalize
@@Bifactorialprogress@Initialize
@@Binaryvalueunit@Finalize
@@Binaryvalueunit@Initialize
@@Browserscleanup@Finalize
@@Browserscleanup@Initialize
@@Buylinksunit@Finalize
@@Buylinksunit@Initialize
@@Changelognotationconventionsunit@Finalize
@@Changelognotationconventionsunit@Initialize
@@Changelogsviewerunit@Finalize
@@Changelogsviewerunit@Initialize
@@Changelogwizardunit@Finalize
@@Changelogwizardunit@Initialize
@@Checkforupdate@Finalize
@@Checkforupdate@Initialize
@@Comboboxwithimage@Finalize
@@Comboboxwithimage@Initialize
@@Complexfunctions@Finalize
@@Complexfunctions@Initialize
@@Crccalculation@Finalize
@@Crccalculation@Initialize
@@Createregistrysnapshotunit@Finalize
@@Createregistrysnapshotunit@Initialize
@@Debugstuff@Finalize
@@Debugstuff@Initialize
@@Didyouknowunit@Finalize
@@Didyouknowunit@Initialize
@@Digitalsignature@Finalize
@@Digitalsignature@Initialize
@@Diskcleanupframeunit@Finalize
@@Diskcleanupframeunit@Initialize
@@Diskcleanupgear@Finalize
@@Diskcleanupgear@Initialize
@@Diskcleanupresultsunit@Finalize
@@Diskcleanupresultsunit@Initialize
@@Draganddroparea@Finalize
@@Draganddroparea@Initialize
@@Entrychangingunit@Finalize
@@Entrychangingunit@Initialize
@@Findappbyshortcutunit@Finalize
@@Findappbyshortcutunit@Initialize
@@Gdishared@Finalize
@@Gdishared@Initialize
@@Getdocumentfromurlunit@Finalize
@@Getdocumentfromurlunit@Initialize
@@Getinstalledprogramversionsnew@Finalize
@@Getinstalledprogramversionsnew@Initialize
@@Helperfor64bits@Finalize
@@Helperfor64bits@Initialize
@@Highlighting@Finalize
@@Highlighting@Initialize
@@Ignorelistsfilemasks@Finalize
@@Ignorelistsfilemasks@Initialize
@@Integervalueunit@Finalize
@@Integervalueunit@Initialize
@@Isfilecannotberemovedunit@Finalize
@@Isfilecannotberemovedunit@Initialize
@@Keypropertiesunit@Finalize
@@Keypropertiesunit@Initialize
@@Keysecuritysuspendunit@Finalize
@@Keysecuritysuspendunit@Initialize
@@Mainunit@Finalize
@@Mainunit@Initialize
@@Mixedfunctions@Finalize
@@Mixedfunctions@Initialize
@@Multilanguagesupport@Finalize
@@Multilanguagesupport@Initialize
@@Multistringvalueunit@Finalize
@@Multistringvalueunit@Initialize
@@Nagscreenunit@Finalize
@@Nagscreenunit@Initialize
@@Newignorelistitemunit@Finalize
@@Newignorelistitemunit@Initialize
@@Newstartupitemunit@Finalize
@@Newstartupitemunit@Initialize
@@Newversionavailableunit@Finalize
@@Newversionavailableunit@Initialize
@@Pagecontrolwithbutton@Finalize
@@Pagecontrolwithbutton@Initialize
@@Parseandauxregistryunit@Finalize
@@Parseandauxregistryunit@Initialize
@@Portableversion@Finalize
@@Portableversion@Initialize
@@Programdatastorage@Finalize
@@Programdatastorage@Initialize
@@Recyclebinutils@Finalize
@@Recyclebinutils@Initialize
@@Regfuncwrapunit@Finalize
@@Regfuncwrapunit@Initialize
@@Registrationunit@Finalize
@@Registrationunit@Initialize
@@Registrycleanup@Finalize
@@Registrycleanup@Initialize
@@Registryfavorites@Finalize
@@Registryfavorites@Initialize
@@Registryfavoritesremoveunit@Finalize
@@Registryfavoritesremoveunit@Initialize
@@Registryfileunit@Finalize
@@Registryfileunit@Initialize
@@Registryoptimizationfunctions@Finalize
@@Registryoptimizationfunctions@Initialize
@@Registryoptimizationunit@Finalize
@@Registryoptimizationunit@Initialize
@@Registrysearchprofileunit@Finalize
@@Registrysearchprofileunit@Initialize
@@Registrysnapshotsunit@Finalize
@@Registrysnapshotsunit@Initialize
@@Removefilesfailsafeunit@Finalize
@@Removefilesfailsafeunit@Initialize
@@Retrievenewfilemenu@Finalize
@@Retrievenewfilemenu@Initialize
@@Retrieveopenwithmenu@Finalize
@@Retrieveopenwithmenu@Initialize
@@Revertchangelogresultunit@Finalize
@@Revertchangelogresultunit@Initialize
@@Searchmatchunit@Finalize
@@Searchmatchunit@Initialize
@@Setprivilegies@Finalize
@@Setprivilegies@Initialize
@@Simplefunctions@Finalize
@@Simplefunctions@Initialize
@@Socialshareframeunit@Finalize
@@Socialshareframeunit@Initialize
@@Splashunit@Finalize
@@Splashunit@Initialize
@@Startupgear@Finalize
@@Startupgear@Initialize
@@Startupmanagerframeunit@Finalize
@@Startupmanagerframeunit@Initialize
@@Startupstatistics@Finalize
@@Startupstatistics@Initialize
@@Stringenteringunit@Finalize
@@Stringenteringunit@Initialize
@@Stringvalueunit@Finalize
@@Stringvalueunit@Initialize
@@Subscriptionexpiredunit@Finalize
@@Subscriptionexpiredunit@Initialize
@@Subscriptionreminderunit@Finalize
@@Subscriptionreminderunit@Initialize
@@Tagedatabaseunit@Finalize
@@Tagedatabaseunit@Initialize
@@Tweakschangestateunit@Finalize
@@Tweakschangestateunit@Initialize
@@Tweakscreatetweakunit@Finalize
@@Tweakscreatetweakunit@Initialize
@@Tweaksdocunit@Finalize
@@Tweaksdocunit@Initialize
@@Tweaksexportunit@Finalize
@@Tweaksexportunit@Initialize
@@Tweaksmanagementunit@Finalize
@@Tweaksmanagementunit@Initialize
@@Tweaksregistryvalueeditingunit@Finalize
@@Tweaksregistryvalueeditingunit@Initialize
@@Tweaksunit@Finalize
@@Tweaksunit@Initialize
@@Undoingchangescenterunit@Finalize
@@Undoingchangescenterunit@Initialize
@@Uninstallapplicationunit@Finalize
@@Uninstallapplicationunit@Initialize
@@Unit27@Finalize
@@Unit27@Initialize
@@Unit30@Finalize
@@Unit30@Initialize
@@Unit3@Finalize
@@Unit3@Initialize
@@Unit43@Finalize
@@Unit43@Initialize
@@Visualelements@Finalize
@@Visualelements@Initialize
@TPageControlWithButton@
@TPageControlWithButton@$bctr$qqrp25System@Classes@TComponent
@TPageControlWithButton@Change$qqrv
@TPageControlWithButton@CloseTabImagesChanged$qv
@TPageControlWithButton@Dispatch$qqrpv
@TPageControlWithButton@DrawTab$qqrirx18System@Types@TRecto
@TPageControlWithButton@GetActivePageIndexNew$qqrv
@TPageControlWithButton@GetActivePageNew$qqrv
@TPageControlWithButton@GetCloseTabButtonImageIndex$q43TPageControlWithButton@TCloseTabButtonImage
@TPageControlWithButton@GetPageNew$qqri
@TPageControlWithButton@IsNeedDrawCloseButton$qv
@TPageControlWithButton@IsThemed$qv
@TPageControlWithButton@OnCloseTab$qqrpv
@TPageControlWithButton@OnLButtonDown$qqrr24Winapi@Messages@TWMMouse
@TPageControlWithButton@OnLButtonUp$qqrr24Winapi@Messages@TWMMouse
@TPageControlWithButton@OnMouseLeave$qqrr24Winapi@Messages@TMessage
@TPageControlWithButton@OnMouseMove$qqrr24Winapi@Messages@TWMMouse
@TPageControlWithButton@OnShowingChanged$qqrr24Winapi@Messages@TMessage
@TPageControlWithButton@SetActivePageIndexNew$qqrxi
@TPageControlWithButton@SetActivePageNew$qqrp19TTabSheetWithButton
@TPageControlWithButton@SetCloseTabHotImageIndex$qqri
@TPageControlWithButton@SetCloseTabImageList$qqrp23Vcl@Controls@TImageList
@TPageControlWithButton@SetCloseTabImages$qp26TPageControlCloseTabImages
@TPageControlWithButton@SetCloseTabNormalImageIndex$qqri
@TPageControlWithButton@SetCloseTabPressedImageIndex$qqri
@TPageControlWithButton@UpdateActivePage$qqrv
@TPageControlWithButton@UpdateCloseTabButtonImage$q43TPageControlWithButton@TCloseTabButtonImage
@TPageControlWithButton@UpdateCloseTabButtonImage$qii
@TPageControlWithButton@UpdateTabCaptionBlanks$qv
@TPageControlWithButton@UpdateTabCaptions$qv
@TPageControlWithButton@UpdateTabSheetCaptions$qv
@TRegistryEx@
@TRegistryEx@$bctr$qqrui
@TRegistryEx@$bctr$qqrv
@TRegistryEx@$bdtr$qqrv
@TRegistryEx@ChangeKey$qqr6HKEY64x20System@UnicodeString
@TRegistryEx@CloseKey$qqrv
@TRegistryEx@CreateKey$qqrx20System@UnicodeString
@TRegistryEx@DeleteKey$qqrx20System@UnicodeString
@TRegistryEx@DeleteValue$qqrx20System@UnicodeString
@TRegistryEx@GetBaseKey$qqro
@TRegistryEx@GetData$qqrx20System@UnicodeStringpvir32System@Win@Registry@TRegDataType
@TRegistryEx@GetDataInfo$qqrx20System@UnicodeStringr32System@Win@Registry@TRegDataInfo
@TRegistryEx@GetDataSize$qqrx20System@UnicodeString
@TRegistryEx@GetDataType$qqrx20System@UnicodeString
@TRegistryEx@GetKey$qqrx20System@UnicodeString
@TRegistryEx@GetKeyInfo$qqrr31System@Win@Registry@TRegKeyInfo
@TRegistryEx@GetKeyNames$qqrp23System@Classes@TStrings
@TRegistryEx@GetValueNames$qqrp23System@Classes@TStrings
@TRegistryEx@HasSubKeys$qqrv
@TRegistryEx@IsRelative$qrx20System@UnicodeString
@TRegistryEx@KeyExists$qqrx20System@UnicodeString
@TRegistryEx@MaybeOpenKey$q20System@UnicodeStringoul
@TRegistryEx@OpenKey$qqrx20System@UnicodeStringo
@TRegistryEx@OpenKeyReadOnly$qqrx20System@UnicodeString
@TRegistryEx@PutData$qqrx20System@UnicodeStringpvi32System@Win@Registry@TRegDataType
@TRegistryEx@ReadBinaryData$qqrx20System@UnicodeStringpvi
@TRegistryEx@ReadBool$qqrx20System@UnicodeString
@TRegistryEx@ReadDate$qqrx20System@UnicodeString
@TRegistryEx@ReadDateTime$qqrx20System@UnicodeString
@TRegistryEx@ReadFloat$qqrx20System@UnicodeString
@TRegistryEx@ReadInteger$qqrx20System@UnicodeString
@TRegistryEx@ReadString$qqrx20System@UnicodeString
@TRegistryEx@RenameValue$qqrx20System@UnicodeStringt1
@TRegistryEx@SetCurrentKey$qqr6HKEY64
@TRegistryEx@SetRootKey$qqr6HKEY64
@TRegistryEx@ValueExists$qqrx20System@UnicodeString
@TRegistryEx@WriteBinaryData$qqrx20System@UnicodeStringpvi
@TRegistryEx@WriteBool$qqrx20System@UnicodeStringo
@TRegistryEx@WriteDate$qqrx20System@UnicodeString16System@TDateTime
@TRegistryEx@WriteDateTime$qqrx20System@UnicodeString16System@TDateTime
@TRegistryEx@WriteExpandString$qqrx20System@UnicodeStringt1
@TRegistryEx@WriteFloat$qqrx20System@UnicodeStringd
@TRegistryEx@WriteInteger$qqrx20System@UnicodeStringi
@TRegistryEx@WriteString$qqrx20System@UnicodeStringt1
@TTabSheetWithButton@
@TTabSheetWithButton@$bctr$qqrp25System@Classes@TComponent
@TTabSheetWithButton@GetPageControl$qqrv
@TTabSheetWithButton@GetTextNew$qqrv
@TTabSheetWithButton@IsCloseButton$xqv
@TTabSheetWithButton@SetCloseButton$qqro
@TTabSheetWithButton@SetPageControl$qqrp22TPageControlWithButton
@TTabSheetWithButton@SetTextNew$qqrx20System@UnicodeString
@TTabSheetWithButton@UpdateCaption$qv
TMethodImplementationIntercept
_AboutForm
_AddToFavoritesAndCommentsEditingForm
_ApplicationsUninstallerForm
_AutomaticRegistryCleanupForm
_AutomaticRegistryCleanupResultsForm
_BinaryValueForm
_ChangeLogNotationConventionsForm
_ChangeLogWizardForm
_ChangeLogsViewerForm
_CreateRegistrySnapshotForm
_DidYouKnowForm
_DiskCleanupFrame
_DiskCleanupGearModule
_DiskCleanupResultsForm
_EntryChangingForm
_FindAppByShortcutDataModule
_Form27
_Form3
_Form30
_Form43
_IntegerValueForm
_KeyPropertiesForm
_MainForm
_MixedFunctionsDataModule
_MultiLanguageSupportForm
_MultiStringValueForm
_NagScreenForm
_NewIgnoreListItemForm
_NewStartupItemForm
_NewVersionAvailableForm
_RegistrationForm
_RegistryFavoritesRemoveForm
_RegistryOptimizationForm
_RegistrySearchProfileForm
_RegistrySnapshotsForm
_RevertChangeLogResultForm
_SearchMatchForm
_SocialShareFrame
_SplashForm
_StartupManagerFrame
_StringEnteringForm
_StringValueForm
_SubscriptionExpiredForm
_SubscriptionReminderForm
_TweaksChangeStateForm
_TweaksCreateTweakForm
_TweaksDocDataModule
_TweaksExportForm
_TweaksForm
_TweaksManagementForm
_TweaksRegistryValueEditingForm
_UndoingChangesCenterForm
_UninstallApplicationForm
__GetExceptDLLinfo
___CPPdebugHook
dbkFCallWrapperAddr

Sections

Size: 3.7MB - Virtual size: 14.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 318KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 644KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 320KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Data/RegOrganizerAgent.exe
.exe windows:4 windows x86 arch:x86

a1142cca2643d4e6a2c6db95ec34dfff

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

d0:53:03:8e:4e:6b:d1:d1:d6:e7:51:22:25:c2:87:2f:1f:0e:c1:2c:38:b2:0f:fa:26:71:ec:d3:43:aa:c4:f2
Signer

Actual PE Digest

d0:53:03:8e:4e:6b:d1:d1:d6:e7:51:22:25:c2:87:2f:1f:0e:c1:2c:38:b2:0f:fa:26:71:ec:d3:43:aa:c4:f2

Digest Algorithm

sha256

PE Digest Matches

true

69:09:23:0f:32:02:13:ba:98:39:c7:af:ce:81:4f:48:49:1e:a7:ee
Signer

Actual PE Digest

69:09:23:0f:32:02:13:ba:98:39:c7:af:ce:81:4f:48:49:1e:a7:ee

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegFlushKey
RegOpenKeyExW
RegQueryValueExW

kernel32

CloseHandle
CompareStringW
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileW
CreateMutexW
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
EnumCalendarInfoW
ExitProcess
ExitThread
FindClose
FindFirstFileW
FindResourceW
FormatMessageW
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceW
GetEnvironmentStrings
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetLogicalDriveStringsW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemInfo
GetThreadLocale
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVersionExW
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomW
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LockResource
MulDiv
MultiByteToWideChar
OpenProcess
QueryDosDeviceW
RaiseException
ReadFile
ResetEvent
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SignalObjectAndWait
SizeofResource
Sleep
SwitchToThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
VirtualQueryEx
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcpyW
lstrcpynW
lstrlenW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

comctl32

FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Read
ImageList_Remove
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_Write
InitializeFlatSB
_TrackMouseEvent

gdi32

BitBlt
CopyEnhMetaFileW
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateDIBitmap
CreateFontIndirectW
CreateHalftonePalette
CreatePalette
CreatePenIndirect
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
ExcludeClipRect
FrameRgn
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDCOrgEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetObjectW
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32W
GetTextExtentPointW
GetTextMetricsW
GetWinMetaFileBits
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
PlayEnhMetaFile
RealizePalette
RectVisible
Rectangle
RestoreDC
SaveDC
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetEnhMetaFileBits
SetPixel
SetROP2
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWinMetaFileBits
SetWindowOrgEx
StretchBlt
UnrealizeObject

msimg32

AlphaBlend

shell32

SHGetSpecialFolderPathW
ShellExecuteW
Shell_NotifyIconW

user32

ActivateKeyboardLayout
AdjustWindowRectEx
AppendMenuW
BeginPaint
CallNextHookEx
CallWindowProcW
CharLowerBuffW
CharLowerW
CharNextW
CharUpperBuffW
CheckMenuItem
ClientToScreen
CloseClipboard
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExW
DefFrameProcW
DefMDIChildProcW
DefWindowProcA
DefWindowProcW
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextExW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndPaint
EnumChildWindows
EnumThreadWindows
EnumWindows
FillRect
FindWindowExW
FindWindowW
FrameRect
GetActiveWindow
GetCapture
GetClassInfoW
GetClassLongW
GetClientRect
GetClipboardData
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameW
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuState
GetMenuStringW
GetMessageA
GetMessagePos
GetParent
GetPropW
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
InflateRect
InsertMenuItemW
InsertMenuW
IntersectRect
InvalidateRect
IsChild
IsDialogMessageA
IsDialogMessageW
IsIconic
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapW
LoadCursorW
LoadIconA
LoadIconW
LoadKeyboardLayoutW
LoadStringW
MapVirtualKeyW
MapWindowPoints
MessageBeep
MessageBoxA
MessageBoxW
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
OffsetRect
OpenClipboard
PeekMessageA
PeekMessageW
PostMessageA
PostMessageW
PostQuitMessage
RedrawWindow
RegisterClassExW
RegisterClassW
RegisterClipboardFormatW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropW
ScreenToClient
ScrollWindow
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetClassLongW
SetClipboardData
SetCursor
SetFocus
SetForegroundWindow
SetMenu
SetMenuDefaultItem
SetMenuItemInfoW
SetParent
SetPropW
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowsHookExW
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UpdateWindow
WaitMessage
WindowFromPoint
wsprintfA
wsprintfW

ole32

CoCreateInstance
CoInitialize
CoSetProxyBlanket
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
OleInitialize
OleUninitialize

oleaut32

CreateErrorInfo
GetErrorInfo
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SetErrorInfo
SysAllocString
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit

psapi

GetProcessImageFileNameW

Exports

Exports

@@Installertracingagentshared@Finalize
@@Installertracingagentshared@Initialize
@@Simplefunctions@Finalize
@@Simplefunctions@Initialize
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 677KB - Virtual size: 680KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 412KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Data/StartupCheckingHelper.exe
.exe windows:4 windows x86 arch:x86

98612cffa3482e64608a9b2e01d1a871

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e1:9a:cb:14:2f:47:dc:28:0f:8a:97:38:47:fd:11:a7:dc:29:33:c2:d8:3a:b6:ba:60:4a:86:07:6e:be:88:17
Signer

Actual PE Digest

e1:9a:cb:14:2f:47:dc:28:0f:8a:97:38:47:fd:11:a7:dc:29:33:c2:d8:3a:b6:ba:60:4a:86:07:6e:be:88:17

Digest Algorithm

sha256

PE Digest Matches

true

a5:cd:64:9e:6c:46:71:fb:c2:07:5f:88:19:c2:eb:ab:89:f1:95:fc
Signer

Actual PE Digest

a5:cd:64:9e:6c:46:71:fb:c2:07:5f:88:19:c2:eb:ab:89:f1:95:fc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
ChangeServiceConfig2W
ChangeServiceConfigW
CloseServiceHandle
DeleteService
EnumServicesStatusW
GetUserNameW
LookupPrivilegeValueW
OpenProcessToken
OpenSCManagerW
OpenServiceW
QueryServiceConfig2W
QueryServiceConfigW
RegCloseKey
RegConnectRegistryW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegLoadKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegReplaceKeyW
RegRestoreKeyW
RegSaveKeyW
RegSetValueExW
RegUnLoadKeyW

kernel32

CloseHandle
CompareStringW
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateMutexW
CreateThread
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
EnumCalendarInfoW
EnumResourceNamesW
EnumSystemLocalesW
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileW
FindNextFileW
FindResourceW
FlushViewOfFile
FormatMessageW
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCPInfoExW
GetCommandLineW
GetComputerNameW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceW
GetEnvironmentStringsW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileTime
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetLongPathNameW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeExW
GetStringTypeW
GetSystemDefaultLangID
GetSystemDefaultUILanguage
GetSystemInfo
GetTempFileNameW
GetTempPathW
GetThreadLocale
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetUserDefaultUILanguage
GetVersion
GetVersionExA
GetVersionExW
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomW
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LockResource
MapViewOfFile
MulDiv
MultiByteToWideChar
OpenFileMappingA
OpenFileMappingW
OpenProcess
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReleaseMutex
ResetEvent
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SetThreadPriority
SizeofResource
Sleep
SuspendThread
SwitchToThread
SystemTimeToTzSpecificLocalTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
VirtualQueryEx
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpW
lstrlenW

netapi32

NetWkstaGetInfo

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winspool.drv

ClosePrinter
DocumentPropertiesW
EnumPrintersW
ord203
OpenPrinterW

comctl32

FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
ImageList_Add
ImageList_BeginDrag
ImageList_Copy
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_LoadImageW
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_SetOverlayImage
ImageList_Write
ord17
InitializeFlatSB
_TrackMouseEvent

gdi32

AbortDoc
AngleArc
Arc
ArcTo
BitBlt
Chord
CombineRgn
CopyEnhMetaFileW
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateDIBitmap
CreateFontIndirectW
CreateHalftonePalette
CreateICW
CreatePalette
CreatePenIndirect
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
Ellipse
EndDoc
EndPage
EnumFontFamiliesExW
EnumFontsW
ExcludeClipRect
ExtFloodFill
ExtTextOutW
FrameRgn
GdiFlush
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileDescriptionW
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetObjectW
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32W
GetTextExtentPointW
GetTextMetricsW
GetWinMetaFileBits
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
Pie
PlayEnhMetaFile
PolyBezier
PolyBezierTo
Polygon
Polyline
RealizePalette
RectVisible
Rectangle
RestoreDC
RoundRect
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetAbortProc
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetDIBits
SetEnhMetaFileBits
SetMapMode
SetPixel
SetROP2
SetRectRgn
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWinMetaFileBits
SetWindowOrgEx
StartDocW
StartPage
StretchBlt
StretchDIBits
UnrealizeObject

shell32

SHFileOperationW
SHGetSpecialFolderPathW
ShellExecuteW
Shell_NotifyIconW

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginPaint
CallNextHookEx
CallWindowProcW
CharLowerBuffW
CharLowerW
CharNextW
CharUpperBuffW
CharUpperW
CheckMenuItem
ChildWindowFromPoint
ClientToScreen
CloseClipboard
CopyIcon
CopyImage
CreateAcceleratorTableW
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExW
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextExW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndMenu
EndPaint
EnumChildWindows
EnumDisplayMonitors
EnumThreadWindows
EnumWindows
FillRect
FindWindowExW
FindWindowW
FrameRect
GetActiveWindow
GetCapture
GetClassInfoExW
GetClassInfoW
GetClassLongW
GetClassNameW
GetClientRect
GetClipboardData
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDlgCtrlID
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameW
GetKeyboardState
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuState
GetMenuStringW
GetMessageExtraInfo
GetMessagePos
GetMonitorInfoW
GetParent
GetPropW
GetScrollBarInfo
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMetrics
GetTopWindow
GetUpdateRect
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
HideCaret
InsertMenuItemW
InsertMenuW
InvalidateRect
IsChild
IsDialogMessageA
IsDialogMessageW
IsIconic
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapW
LoadCursorW
LoadIconW
LoadKeyboardLayoutW
LoadStringW
LockWindowUpdate
MapVirtualKeyW
MapWindowPoints
MessageBeep
MessageBoxW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
OpenClipboard
PeekMessageA
PeekMessageW
PostMessageW
PostQuitMessage
RedrawWindow
RegisterClassW
RegisterClipboardFormatW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropW
ScreenToClient
ScrollWindow
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetClassLongW
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoW
SetParent
SetPropW
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowCaret
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UpdateWindow
WaitMessage
WindowFromPoint
wsprintfA
GetSystemMenu

winmm

timeBeginPeriod

ole32

CoCreateInstance
CoFreeUnusedLibraries
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
IsEqualGUID
OleInitialize
OleUninitialize

oleaut32

CreateErrorInfo
GetErrorInfo
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SetErrorInfo
SysAllocString
SysAllocStringLen
SysFreeString
SysReAllocStringLen
SysStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit

Exports

Exports

@$xp$11TRegistryEx
@@Complexfunctions@Finalize
@@Complexfunctions@Initialize
@@Debugstuff@Finalize
@@Debugstuff@Initialize
@@Log@Finalize
@@Log@Initialize
@@Programdatastorage@Finalize
@@Programdatastorage@Initialize
@@Regfuncwrapunit@Finalize
@@Regfuncwrapunit@Initialize
@@Simplefunctions@Finalize
@@Simplefunctions@Initialize
@@Startupgear@Finalize
@@Startupgear@Initialize
@TRegistryEx@
@TRegistryEx@$bctr$qqrui
@TRegistryEx@$bctr$qqrv
@TRegistryEx@$bdtr$qqrv
@TRegistryEx@ChangeKey$qqr6HKEY64x20System@UnicodeString
@TRegistryEx@CloseKey$qqrv
@TRegistryEx@CreateKey$qqrx20System@UnicodeString
@TRegistryEx@DeleteKey$qqrx20System@UnicodeString
@TRegistryEx@DeleteValue$qqrx20System@UnicodeString
@TRegistryEx@GetBaseKey$qqro
@TRegistryEx@GetData$qqrx20System@UnicodeStringpvir32System@Win@Registry@TRegDataType
@TRegistryEx@GetDataInfo$qqrx20System@UnicodeStringr32System@Win@Registry@TRegDataInfo
@TRegistryEx@GetDataSize$qqrx20System@UnicodeString
@TRegistryEx@GetDataType$qqrx20System@UnicodeString
@TRegistryEx@GetKey$qqrx20System@UnicodeString
@TRegistryEx@GetKeyInfo$qqrr31System@Win@Registry@TRegKeyInfo
@TRegistryEx@GetKeyNames$qqrp23System@Classes@TStrings
@TRegistryEx@GetValueNames$qqrp23System@Classes@TStrings
@TRegistryEx@HasSubKeys$qqrv
@TRegistryEx@IsRelative$qrx20System@UnicodeString
@TRegistryEx@KeyExists$qqrx20System@UnicodeString
@TRegistryEx@MaybeOpenKey$q20System@UnicodeStringoul
@TRegistryEx@OpenKey$qqrx20System@UnicodeStringo
@TRegistryEx@OpenKeyReadOnly$qqrx20System@UnicodeString
@TRegistryEx@PutData$qqrx20System@UnicodeStringpvi32System@Win@Registry@TRegDataType
@TRegistryEx@ReadBinaryData$qqrx20System@UnicodeStringpvi
@TRegistryEx@ReadBool$qqrx20System@UnicodeString
@TRegistryEx@ReadDate$qqrx20System@UnicodeString
@TRegistryEx@ReadDateTime$qqrx20System@UnicodeString
@TRegistryEx@ReadFloat$qqrx20System@UnicodeString
@TRegistryEx@ReadInteger$qqrx20System@UnicodeString
@TRegistryEx@ReadString$qqrx20System@UnicodeString
@TRegistryEx@RenameValue$qqrx20System@UnicodeStringt1
@TRegistryEx@SetCurrentKey$qqr6HKEY64
@TRegistryEx@SetRootKey$qqr6HKEY64
@TRegistryEx@ValueExists$qqrx20System@UnicodeString
@TRegistryEx@WriteBinaryData$qqrx20System@UnicodeStringpvi
@TRegistryEx@WriteBool$qqrx20System@UnicodeStringo
@TRegistryEx@WriteDate$qqrx20System@UnicodeString16System@TDateTime
@TRegistryEx@WriteDateTime$qqrx20System@UnicodeString16System@TDateTime
@TRegistryEx@WriteExpandString$qqrx20System@UnicodeStringt1
@TRegistryEx@WriteFloat$qqrx20System@UnicodeStringd
@TRegistryEx@WriteInteger$qqrx20System@UnicodeStringi
@TRegistryEx@WriteString$qqrx20System@UnicodeStringt1
TMethodImplementationIntercept
__GetExceptDLLinfo
___CPPdebugHook
dbkFCallWrapperAddr

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 193KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 236KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Data/StartupCheckingService.exe
.exe windows:4 windows x86 arch:x86

abe26ceb2399e13eadccab292ca28891

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

fb:23:67:58:b7:63:82:3d:3f:4f:ed:45:c7:07:c1:0c:72:f7:17:aa:ec:f2:9d:07:21:3e:78:f8:a8:30:86:6f
Signer

Actual PE Digest

fb:23:67:58:b7:63:82:3d:3f:4f:ed:45:c7:07:c1:0c:72:f7:17:aa:ec:f2:9d:07:21:3e:78:f8:a8:30:86:6f

Digest Algorithm

sha256

PE Digest Matches

true

1f:09:d5:cd:4a:80:05:90:20:1d:64:a1:f2:1f:61:6c:10:f8:1a:f5
Signer

Actual PE Digest

1f:09:d5:cd:4a:80:05:90:20:1d:64:a1:f2:1f:61:6c:10:f8:1a:f5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
ChangeServiceConfig2W
CloseServiceHandle
ControlService
CreateProcessWithTokenW
CreateServiceW
DeleteService
GetTokenInformation
LookupPrivilegeValueW
OpenProcessToken
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
QueryServiceStatusEx
RegCloseKey
RegConnectRegistryW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegLoadKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegReplaceKeyW
RegRestoreKeyW
RegSaveKeyW
RegSetValueExW
RegUnLoadKeyW
RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW
StartServiceW

kernel32

CloseHandle
CompareStringW
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileMappingA
CreateFileW
CreateThread
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
EnumCalendarInfoW
EnumResourceNamesW
EnumSystemLocalesW
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
FindResourceW
FormatMessageW
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCPInfoExW
GetCommandLineW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceW
GetDriveTypeW
GetEnvironmentStringsW
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetLongPathNameW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeExW
GetStringTypeW
GetSystemDefaultLangID
GetSystemDefaultUILanguage
GetSystemInfo
GetTempFileNameW
GetTempPathW
GetThreadLocale
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultUILanguage
GetVersion
GetVersionExA
GetVersionExW
GetVolumeInformationW
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomW
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapSize
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LockResource
MapViewOfFile
MulDiv
MultiByteToWideChar
OpenFileMappingA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ResetEvent
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetCurrentDirectoryW
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SetThreadPriority
SizeofResource
Sleep
SuspendThread
SwitchToThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
VirtualQueryEx
WTSGetActiveConsoleSessionId
WaitForMultipleObjects
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpW
lstrlenW

netapi32

NetWkstaGetInfo

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winspool.drv

ClosePrinter
DocumentPropertiesW
EnumPrintersW
ord203
OpenPrinterW

comctl32

FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
ImageList_Add
ImageList_BeginDrag
ImageList_Copy
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_LoadImageW
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_SetOverlayImage
ImageList_Write
ord17
InitializeFlatSB
_TrackMouseEvent

gdi32

AbortDoc
AngleArc
Arc
ArcTo
BitBlt
Chord
CombineRgn
CopyEnhMetaFileW
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateDIBitmap
CreateFontIndirectW
CreateHalftonePalette
CreateICW
CreatePalette
CreatePenIndirect
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
Ellipse
EndDoc
EndPage
EnumFontFamiliesExW
EnumFontsW
ExcludeClipRect
ExtFloodFill
ExtTextOutW
FrameRgn
GdiFlush
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileDescriptionW
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetNearestPaletteIndex
GetObjectW
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetStretchBltMode
GetSystemPaletteEntries
GetTextExtentPoint32W
GetTextExtentPointW
GetTextMetricsW
GetWinMetaFileBits
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
Pie
PlayEnhMetaFile
PolyBezier
PolyBezierTo
Polygon
Polyline
RealizePalette
RectVisible
Rectangle
ResizePalette
RestoreDC
RoundRect
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetAbortProc
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetDIBits
SetEnhMetaFileBits
SetMapMode
SetPixel
SetROP2
SetRectRgn
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWinMetaFileBits
SetWindowOrgEx
StartDocW
StartPage
StretchBlt
StretchDIBits
UnrealizeObject

shell32

CommandLineToArgvW
SHFileOperationW
SHGetSpecialFolderPathW
ShellExecuteW
Shell_NotifyIconW

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginPaint
CallNextHookEx
CallWindowProcW
CharLowerBuffW
CharLowerW
CharNextW
CharUpperBuffW
CharUpperW
CheckMenuItem
ChildWindowFromPoint
ClientToScreen
CloseClipboard
CopyIcon
CopyImage
CreateAcceleratorTableW
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExW
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextExW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndMenu
EndPaint
EnumChildWindows
EnumDisplayMonitors
EnumThreadWindows
EnumWindows
FillRect
FindWindowExW
FindWindowW
FrameRect
GetActiveWindow
GetCapture
GetClassInfoExW
GetClassInfoW
GetClassLongW
GetClassNameW
GetClientRect
GetClipboardData
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDlgCtrlID
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameW
GetKeyboardState
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuState
GetMenuStringW
GetMessageExtraInfo
GetMessagePos
GetMonitorInfoW
GetParent
GetPropW
GetScrollBarInfo
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMetrics
GetTopWindow
GetUpdateRect
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
HideCaret
InsertMenuItemW
InsertMenuW
InvalidateRect
IsChild
IsDialogMessageA
IsDialogMessageW
IsIconic
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapW
LoadCursorW
LoadIconW
LoadKeyboardLayoutW
LoadStringW
LockWindowUpdate
MapVirtualKeyW
MapWindowPoints
MessageBeep
MessageBoxW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
OpenClipboard
PeekMessageA
PeekMessageW
PostMessageW
PostQuitMessage
RedrawWindow
RegisterClassW
RegisterClipboardFormatW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropW
ScreenToClient
ScrollWindow
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetClassLongW
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoW
SetParent
SetPropW
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowCaret
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UpdateWindow
WaitMessage
WindowFromPoint
wsprintfA
GetSystemMenu

ole32

CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
IsEqualGUID
OleInitialize
OleUninitialize

oleaut32

GetErrorInfo
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SysAllocString
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSQueryUserToken

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
LoadUserProfileW
UnloadUserProfile

Exports

Exports

@@Log@Finalize
@@Log@Initialize
@@Programdatastorage@Finalize
@@Programdatastorage@Initialize
@@Simplefunctions@Finalize
@@Simplefunctions@Initialize
TMethodImplementationIntercept
__GetExceptDLLinfo
___CPPdebugHook
dbkFCallWrapperAddr

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 318KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Data/UndoingChangesCenterUnit.const
Data/WhatsNew-Russian.txt
Data/WhatsNew.txt
Data/WinRTApps.dll
.dll windows:6 windows x86 arch:x86

cac4b05c8ebbda33af7039e8c3082162

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f9:38:a5:5a:24:ac:bc:04:d7:b3:83:fa:c5:5c:a4:71:0c:e7:28:66:2d:9d:7b:c5:90:71:84:b1:37:17:c9:84
Signer

Actual PE Digest

f9:38:a5:5a:24:ac:bc:04:d7:b3:83:fa:c5:5c:a4:71:0c:e7:28:66:2d:9d:7b:c5:90:71:84:b1:37:17:c9:84

Digest Algorithm

sha256

PE Digest Matches

true

39:8c:93:3b:7d:6d:86:74:04:38:8b:b2:39:ea:0f:93:a8:a2:39:fe
Signer

Actual PE Digest

39:8c:93:3b:7d:6d:86:74:04:38:8b:b2:39:ea:0f:93:a8:a2:39:fe

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\music\tmp\w1\FullUninstall\.Related\WinRTApps.dll\Output\WinRTApps.pdb

Imports

kernel32

GetProcAddress
GetLocaleInfoEx
ResolveLocaleName
FindFirstFileW
FindClose
FindNextFileW
RaiseException
CloseHandle
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
OutputDebugStringW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LoadLibraryExW
HeapReAlloc
GetOEMCP
IsValidCodePage
GetACP
GetModuleFileNameW
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLastError
HeapFree
GetCommandLineA
GetCurrentThreadId
RtlUnwind
HeapAlloc
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsDebuggerPresent
ExitProcess
GetModuleHandleExW
HeapSize
GetProcessHeap
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree
CoCreateInstance

shlwapi

ord487
SHCreateStreamOnFileEx

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsCreateString
WindowsDeleteString

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoUninitialize
RoInitialize

Exports

Exports

GetWinRTAppsApi

Sections

.text
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Data/links.xml
.xml
Data/regkey.ini
Data/tweaks.bkp.xml
.xml
Data/updaterdll.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

@@Updatershared@Finalize
@@Updatershared@Initialize
DownlodFileFromTheInternet
___CPPdebugHook

Sections

Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Documentation/English/Documentation.chm
.chm
Documentation/Russian/Documentation.chm
.chm
HardwareConstant.dll
.dll windows:5 windows x86 arch:x86

abcf51cc9ff3a4143d084b02d70ceb69

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

32:8a:11:fc:58:09:6a:a6:32:ee:4d:a8:02:27:ed:b4:bd:34:94:16:5c:af:65:95:64:1b:0c:b3:a0:d7:f1:5e
Signer

Actual PE Digest

32:8a:11:fc:58:09:6a:a6:32:ee:4d:a8:02:27:ed:b4:bd:34:94:16:5c:af:65:95:64:1b:0c:b3:a0:d7:f1:5e

Digest Algorithm

sha256

PE Digest Matches

true

5d:90:5d:59:e8:93:6e:7b:b6:41:fc:d5:8c:11:06:8b:35:c1:38:fe
Signer

Actual PE Digest

5d:90:5d:59:e8:93:6e:7b:b6:41:fc:d5:8c:11:06:8b:35:c1:38:fe

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\work\HardwareID\Release\HardwareConstant.pdb

Imports

kernel32

DeviceIoControl
GetVolumePathNameW
MultiByteToWideChar
GetLastError
CloseHandle
CreateFileW
WriteConsoleW
FormatMessageW
LoadLibraryW
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
WideCharToMultiByte
GetStringTypeW
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
HeapAlloc
GetCPInfo
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetProcAddress
HeapCreate
HeapDestroy
WriteFile
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
ExitProcess
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapSize
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
HeapReAlloc
SetStdHandle

user32

wsprintfW

advapi32

CryptGetHashParam
CryptHashData
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptDestroyHash

shell32

SHGetSpecialFolderPathW

Exports

Exports

GetHardwareConstant
GetHardwareInfo
HardwareConstantUnitTest

Sections

.text
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HelperFor64Bits.exe
.exe windows:5 windows x64 arch:x64

4201638a3137bdf5091beba1ceceec76

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

71:4f:fc:65:79:97:59:56:f0:a5:11:c2:b8:9a:ce:5c:82:79:93:6c:23:53:84:b9:3e:a5:b3:cf:76:a4:d6:02
Signer

Actual PE Digest

71:4f:fc:65:79:97:59:56:f0:a5:11:c2:b8:9a:ce:5c:82:79:93:6c:23:53:84:b9:3e:a5:b3:cf:76:a4:d6:02

Digest Algorithm

sha256

PE Digest Matches

true

c7:72:e9:0b:60:17:89:88:94:2d:96:be:1f:82:a0:45:77:10:24:fc
Signer

Actual PE Digest

c7:72:e9:0b:60:17:89:88:94:2d:96:be:1f:82:a0:45:77:10:24:fc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorSacl
GetTokenInformation
GetUserNameW
IsValidSecurityDescriptor
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegConnectRegistryW
RegCreateKeyExW
RegDeleteKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegLoadKeyW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryMultipleValuesW
RegQueryValueExW
RegReplaceKeyW
RegRestoreKeyW
RegSaveKeyW
RegSetValueExW
RegUnLoadKeyW
SetNamedSecurityInfoW

kernel32

AddVectoredExceptionHandler
CloseHandle
CompareStringA
CompareStringW
CreateDirectoryA
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateProcessW
CreateThread
DeleteCriticalSection
DeleteFileA
DeleteFileW
DuplicateHandle
EnterCriticalSection
EnumCalendarInfoW
EnumResourceNamesW
EnumSystemLocalesW
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceA
FindResourceW
FlushViewOfFile
FormatMessageW
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCPInfoExW
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDateFormatW
GetDiskFreeSpaceW
GetEnvironmentStrings
GetEnvironmentStringsW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileInformationByHandle
GetFileSize
GetFileSizeEx
GetFileTime
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetLogicalDriveStringsW
GetLongPathNameW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeExA
GetStringTypeExW
GetStringTypeW
GetSystemDefaultLangID
GetSystemDefaultUILanguage
GetSystemInfo
GetTempFileNameW
GetTempPathW
GetThreadLocale
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetUserDefaultUILanguage
GetVersion
GetVersionExA
GetVersionExW
GetWindowsDirectoryW
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomW
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LockResource
MapViewOfFile
MulDiv
MultiByteToWideChar
OpenFileMappingW
OpenProcess
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
RemoveDirectoryA
RemoveDirectoryW
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlCaptureContext
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
SetThreadLocale
SetThreadPriority
SizeofResource
Sleep
SuspendThread
SwitchToThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
VirtualQueryEx
WaitForMultipleObjects
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpW
lstrlenW
RtlRestoreContext
RtlUnwindEx

netapi32

NetApiBufferFree
NetUserGetInfo
NetWkstaGetInfo

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winspool.drv

ClosePrinter
DocumentPropertiesW
EnumPrintersW
GetDefaultPrinterW
OpenPrinterW

comctl32

FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
ImageList_Add
ImageList_BeginDrag
ImageList_Copy
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_LoadImageW
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_SetOverlayImage
ImageList_Write
InitCommonControls
InitializeFlatSB
_TrackMouseEvent

gdi32

AbortDoc
AddFontMemResourceEx
AngleArc
Arc
ArcTo
BitBlt
Chord
CombineRgn
CopyEnhMetaFileW
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateDIBitmap
CreateFontIndirectW
CreateHalftonePalette
CreateICW
CreatePalette
CreatePenIndirect
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
Ellipse
EndDoc
EndPage
EnumFontFamiliesExW
EnumFontsW
ExcludeClipRect
ExtFloodFill
ExtTextOutW
FrameRgn
GdiFlush
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileDescriptionW
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetNearestPaletteIndex
GetObjectW
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetStretchBltMode
GetSystemPaletteEntries
GetTextExtentPoint32W
GetTextExtentPointW
GetTextMetricsW
GetWinMetaFileBits
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
Pie
PlayEnhMetaFile
PolyBezier
PolyBezierTo
Polygon
Polyline
RealizePalette
RectVisible
Rectangle
ResizePalette
RestoreDC
RoundRect
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetAbortProc
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetDIBits
SetEnhMetaFileBits
SetMapMode
SetPixel
SetROP2
SetRectRgn
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWinMetaFileBits
SetWindowOrgEx
StartDocW
StartPage
StretchBlt
StretchDIBits
UnrealizeObject

shell32

CommandLineToArgvW
ExtractAssociatedIconW
ExtractIconW
SHFileOperationW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginPaint
CallNextHookEx
CallWindowProcW
CharLowerBuffA
CharLowerBuffW
CharLowerW
CharNextW
CharUpperBuffA
CharUpperBuffW
CharUpperW
CheckMenuItem
ChildWindowFromPoint
ClientToScreen
CloseClipboard
CopyIcon
CopyImage
CreateAcceleratorTableW
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExW
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextExW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndMenu
EndPaint
EnumChildWindows
EnumDisplayMonitors
EnumThreadWindows
EnumWindows
ExitWindowsEx
FillRect
FindWindowExW
FindWindowW
FrameRect
GetActiveWindow
GetCapture
GetClassInfoExW
GetClassInfoW
GetClassNameW
GetClientRect
GetClipboardData
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDlgCtrlID
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameW
GetKeyboardState
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuState
GetMenuStringW
GetMessageExtraInfo
GetMessagePos
GetMonitorInfoW
GetParent
GetPropW
GetScrollBarInfo
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetUpdateRect
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
HideCaret
InsertMenuItemW
InsertMenuW
InvalidateRect
IsChild
IsDialogMessageA
IsDialogMessageW
IsIconic
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapW
LoadCursorW
LoadIconW
LoadKeyboardLayoutW
LoadStringA
LoadStringW
LockWindowUpdate
MapVirtualKeyW
MapWindowPoints
MessageBeep
MessageBoxW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
OpenClipboard
PeekMessageA
PeekMessageW
PostMessageW
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassW
RegisterClipboardFormatW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropW
ScreenToClient
ScrollWindow
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoW
SetParent
SetPropW
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowCaret
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UpdateWindow
WaitMessage
WindowFromPoint
mouse_event
GetClassLongPtrW
GetWindowLongPtrW
SetClassLongPtrW
SetWindowLongPtrW
wsprintfA

winmm

timeBeginPeriod

ole32

CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoFreeUnusedLibraries
CoInitialize
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
IsEqualGUID
OleInitialize
OleUninitialize

oleaut32

GetActiveObject
GetErrorInfo
SafeArrayAccessData
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetVartype
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SafeArrayUnaccessData
SysAllocString
SysAllocStringLen
SysFreeString
SysReAllocStringLen
SysStringLen
VariantChangeType
VariantClear
VariantCopy
VariantCopyInd
VariantInit

wininet

FindCloseUrlCache
FindFirstUrlCacheEntryW
FindNextUrlCacheEntryW
InternetQueryOptionW

shlwapi

StrCmpLogicalW

Exports

Exports

_ZTR20TCloseProgramWaiting
_ZTRN11debug_stuff8internal12TIdleHandlerE
_ZTRN15RegistryTracing10TRegNotify5TImplE
_ZTRN15RegistryTracing17TRegSnapShotAsync5TImplE
_ZTRN15RegistryTracing20TProgressObservation5TImplE
_ZTRN15RegistryTracing22TSeparateThreadCapture5TImplE
__CPPdebugHook

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 298KB - Virtual size: 523KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 484KB - Virtual size: 484KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IgnoreDiskCleaner.bkp.xml
IgnoreRegCleaner.bkp.xml
InstallerTracingAgent.dll
.dll windows:4 windows x86 arch:x86

a0eb8587af0f242e7f235f5d2a73f1e5

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1d:c2:44:64:ff:c5:93:59:a5:1c:99:9b:84:34:fd:83:0b:6f:1e:86:43:85:ee:b7:4f:f7:1d:01:a6:b1:a6:c6
Signer

Actual PE Digest

1d:c2:44:64:ff:c5:93:59:a5:1c:99:9b:84:34:fd:83:0b:6f:1e:86:43:85:ee:b7:4f:f7:1d:01:a6:b1:a6:c6

Digest Algorithm

sha256

PE Digest Matches

true

aa:c0:f6:ab:a4:ee:2d:62:91:6c:32:df:9b:e3:20:c2:e0:25:80:6a
Signer

Actual PE Digest

aa:c0:f6:ab:a4:ee:2d:62:91:6c:32:df:9b:e3:20:c2:e0:25:80:6a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegFlushKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW

kernel32

CloseHandle
CompareStringW
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileW
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
EnumCalendarInfoW
ExitProcess
ExitThread
FindClose
FindFirstFileW
FindResourceW
FormatMessageW
FreeEnvironmentStringsA
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceW
GetEnvironmentStrings
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetLogicalDriveStringsW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemInfo
GetThreadLocale
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVersionExW
GlobalAddAtomW
GlobalDeleteAtom
GlobalFindAtomW
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LockResource
MulDiv
MultiByteToWideChar
OpenMutexW
OpenProcess
QueryDosDeviceW
RaiseException
ReadFile
ResetEvent
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SignalObjectAndWait
SizeofResource
Sleep
SwitchToThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
VirtualQueryEx
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcpyW
lstrcpynW
lstrlenW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

comctl32

FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Read
ImageList_Remove
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_Write
InitializeFlatSB
_TrackMouseEvent

gdi32

BitBlt
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateDIBitmap
CreateFontIndirectW
CreateHalftonePalette
CreatePalette
CreatePenIndirect
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
ExcludeClipRect
FrameRgn
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDCOrgEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetObjectW
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32W
GetTextMetricsW
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
RealizePalette
RectVisible
RestoreDC
SaveDC
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetPixel
SetROP2
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWindowOrgEx
StretchBlt
UnrealizeObject

msimg32

AlphaBlend

shell32

SHGetSpecialFolderPathW
ShellExecuteW

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginPaint
CallNextHookEx
CallWindowProcW
CharLowerW
CharNextW
CharUpperBuffW
CheckMenuItem
ClientToScreen
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExW
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextExW
DrawTextW
EnableMenuItem
EnableScrollBar
EnableWindow
EndPaint
EnumChildWindows
EnumThreadWindows
EnumWindows
FillRect
FindWindowExW
FindWindowW
FrameRect
GetActiveWindow
GetCapture
GetClassInfoW
GetClassLongW
GetClientRect
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameW
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuState
GetMenuStringW
GetMessagePos
GetParent
GetPropW
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
InflateRect
InsertMenuItemW
InsertMenuW
IntersectRect
InvalidateRect
IsChild
IsDialogMessageA
IsDialogMessageW
IsIconic
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapW
LoadCursorW
LoadIconW
LoadKeyboardLayoutW
LoadStringW
MapVirtualKeyW
MapWindowPoints
MessageBoxA
MessageBoxW
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
OffsetRect
PeekMessageA
PeekMessageW
PostMessageA
PostMessageW
PostQuitMessage
RedrawWindow
RegisterClassW
RegisterClipboardFormatW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropW
ScreenToClient
ScrollWindow
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetClassLongW
SetCursor
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoW
SetParent
SetPropW
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowsHookExW
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UpdateWindow
WaitMessage
WindowFromPoint
wsprintfA
wsprintfW

ole32

CoCreateInstance
CoInitialize
CoUninitialize
OleInitialize
OleUninitialize

oleaut32

CreateErrorInfo
GetErrorInfo
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SetErrorInfo
SysAllocString
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit

psapi

GetProcessImageFileNameW

Exports

Exports

@@Installertracingagentshared@Finalize
@@Installertracingagentshared@Initialize
@@Simplefunctions@Finalize
@@Simplefunctions@Initialize
DisableInstallerTracingAgent
EnableInstallerTracingAgentEx
FreeAgentSettingsStructure
GetInstallerTracingAgentSettings
IsInstallerTracingAgentEnabled
IsInstallerTracingAgentWorking
LoadInstallerTracingAgent
SetInstallerTracingAgentSettings
UnloadInstallerTracingAgent
___CPPdebugHook

Sections

.text
Size: 646KB - Virtual size: 648KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Languages/French-7.16.sib
Languages/Korean-7.16.sib.sib
Languages/Portuguese(pt-BR)-7.16.sib
Languages/Portuguese(pt-PT)-7.16.sib
Languages/Ukrainian.sib
Languages/russian.sib
OptimizationAnimation.avi
ProgramDataStorage.const
QuickRegEditorLaunch.dll
.dll windows:4 windows x86 arch:x86

7405a696a67b74e0c3f208639b333285

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a0:90:c3:6b:ae:46:3f:30:0f:04:6a:55:3e:cb:7b:76:12:20:06:0e:b0:25:94:c6:d8:05:3a:71:a5:75:cf:e0
Signer

Actual PE Digest

a0:90:c3:6b:ae:46:3f:30:0f:04:6a:55:3e:cb:7b:76:12:20:06:0e:b0:25:94:c6:d8:05:3a:71:a5:75:cf:e0

Digest Algorithm

sha256

PE Digest Matches

true

2d:38:d5:c1:db:1a:53:3d:eb:6f:4b:76:31:21:59:96:c3:aa:0f:78
Signer

Actual PE Digest

2d:38:d5:c1:db:1a:53:3d:eb:6f:4b:76:31:21:59:96:c3:aa:0f:78

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegFlushKey
RegOpenKeyExW
RegQueryValueExW

kernel32

CloseHandle
CompareStringW
CreateEventW
CreateFileA
CreateFileW
CreateThread
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
EnumCalendarInfoW
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindClose
FindFirstFileW
FindNextFileW
FindResourceW
FormatMessageW
FreeEnvironmentStringsA
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceW
GetEnvironmentStrings
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemInfo
GetThreadLocale
GetTickCount
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVersionExW
GlobalAddAtomW
GlobalDeleteAtom
GlobalFindAtomW
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LockResource
MulDiv
MultiByteToWideChar
RaiseException
ReadFile
ResetEvent
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SignalObjectAndWait
SizeofResource
Sleep
SwitchToThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
VirtualQueryEx
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcpyW
lstrcpynW
lstrlenW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

comctl32

FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Read
ImageList_Remove
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_Write
InitializeFlatSB
_TrackMouseEvent

gdi32

BitBlt
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateDIBitmap
CreateFontIndirectW
CreateHalftonePalette
CreatePalette
CreatePenIndirect
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
ExcludeClipRect
FrameRgn
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDCOrgEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetObjectW
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32W
GetTextMetricsW
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
RealizePalette
RectVisible
RestoreDC
SaveDC
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetPixel
SetROP2
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWindowOrgEx
StretchBlt
UnrealizeObject

msimg32

AlphaBlend

shell32

SHGetSpecialFolderPathW

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginPaint
CallNextHookEx
CallWindowProcW
CharLowerBuffW
CharLowerW
CharNextW
CharUpperBuffW
CheckMenuItem
ClientToScreen
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExW
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextExW
DrawTextW
EnableMenuItem
EnableScrollBar
EnableWindow
EndPaint
EnumChildWindows
EnumThreadWindows
EnumWindows
FillRect
FindWindowExW
FindWindowW
FrameRect
GetActiveWindow
GetCapture
GetClassInfoW
GetClassLongW
GetClientRect
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameW
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuState
GetMenuStringW
GetMessagePos
GetParent
GetPropW
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
InflateRect
InsertMenuItemW
InsertMenuW
IntersectRect
InvalidateRect
IsChild
IsDialogMessageA
IsDialogMessageW
IsIconic
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapW
LoadCursorW
LoadIconW
LoadKeyboardLayoutW
LoadStringW
MapVirtualKeyW
MapWindowPoints
MessageBoxA
MessageBoxW
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
OffsetRect
PeekMessageA
PeekMessageW
PostMessageW
PostQuitMessage
RedrawWindow
RegisterClassW
RegisterClipboardFormatW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropW
ScreenToClient
ScrollWindow
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetClassLongW
SetCursor
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoW
SetParent
SetPropW
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowsHookExW
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UpdateWindow
WaitMessage
WindowFromPoint
wsprintfA

ole32

CoCreateInstance
CoFreeUnusedLibraries
CoInitialize
CoUninitialize
OleInitialize
OleUninitialize

oleaut32

GetErrorInfo
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SysAllocString
SysAllocStringLen
SysFreeString
SysReAllocStringLen
SysStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit

shlwapi

PathCanonicalizeW

Exports

Exports

@@Maindllunit@Finalize
@@Maindllunit@Initialize
@@Simplefunctions@Finalize
@@Simplefunctions@Initialize
DisableRegEditorQuickLaunch
EnableRegEditorQuickLaunchEx
GetRegEditorQuickLaunchInfo
___CPPdebugHook

Sections

.text
Size: 540KB - Virtual size: 544KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 46KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Readme-Russian.txt
Readme.txt
Reg64Call.exe
.exe windows:6 windows x64 arch:x64

55413c38d437f9a627fb69cf8e51fda8

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0f:b8:ca:69:18:d4:27:16:02:77:fc:54:6a:82:3a:11:61:9b:4c:01:aa:c8:6c:46:11:db:bf:e5:cb:d1:e3:9e
Signer

Actual PE Digest

0f:b8:ca:69:18:d4:27:16:02:77:fc:54:6a:82:3a:11:61:9b:4c:01:aa:c8:6c:46:11:db:bf:e5:cb:d1:e3:9e

Digest Algorithm

sha256

PE Digest Matches

true

7d:ad:30:87:4d:e3:59:d5:4e:6f:18:db:44:b8:7a:1a:00:f0:20:6c
Signer

Actual PE Digest

7d:ad:30:87:4d:e3:59:d5:4e:6f:18:db:44:b8:7a:1a:00:f0:20:6c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

\\VBOXSVR\music\tmp\w1\RegistryProjects\WorkWithRegFiles\Reg64Call\x64\Release\Reg64Call.pdb

Imports

kernel32

GetCurrentThread
LoadLibraryW
FreeLibrary
GetProcAddress
GetCommandLineW
SwitchToThread
GetCurrentProcessId
GetLastError
GetModuleFileNameW
GetExitCodeProcess
Sleep
OpenProcess
GetTickCount
GetCurrentProcess
CloseHandle
OpenFileMappingW
CreateFileMappingW
CreateFileW
FlushViewOfFile
VirtualQuery
UnmapViewOfFile
SetThreadPriority
MapViewOfFile
FlushFileBuffers
WriteConsoleW
SetStdHandle
OutputDebugStringW
SetFilePointerEx
WideCharToMultiByte
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetStringTypeW
HeapFree
GetCommandLineA
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
GetCPInfo
HeapAlloc
IsProcessorFeaturePresent
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
IsDebuggerPresent
ExitProcess
GetModuleHandleExW
HeapSize
GetProcessHeap
GetCurrentThreadId
GetStdHandle
GetFileType
GetModuleFileNameA
WriteFile
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetACP
GetOEMCP
HeapReAlloc
LoadLibraryExW
GetConsoleCP
GetConsoleMode

advapi32

RegCloseKey
AdjustTokenPrivileges
RegEnumKeyExW
RegFlushKey
RegNotifyChangeKeyValue
RegOpenKeyExW
RegEnumValueW
RegSaveKeyExW
RegDeleteValueW
LookupPrivilegeValueW
RegSaveKeyW
RegDeleteKeyW
RegReplaceKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyExW
RegQueryMultipleValuesW
RegRestoreKeyW
OpenProcessToken
RegSetValueExW

shell32

CommandLineToArgvW

winmm

timeBeginPeriod

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RegKeysV3to5.dll
.dll windows:4 windows x86 arch:x86

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4a:db:46:91:48:61:d7:2d:72:e0:f7:09:36:0c:bd:ed:01:9b:01:4d:d6:0e:e4:15:b4:c8:91:e1:66:ea:7b:50
Signer

Actual PE Digest

4a:db:46:91:48:61:d7:2d:72:e0:f7:09:36:0c:bd:ed:01:9b:01:4d:d6:0e:e4:15:b4:c8:91:e1:66:ea:7b:50

Digest Algorithm

sha256

PE Digest Matches

true

3f:85:95:82:ad:4c:b2:16:14:58:22:c8:90:83:b3:51:17:b3:b7:49
Signer

Actual PE Digest

3f:85:95:82:ad:4c:b2:16:14:58:22:c8:90:83:b3:51:17:b3:b7:49

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

@@Maindllunit@Finalize
@@Maindllunit@Initialize
GetRegKeysForV3to5Info
___CPPdebugHook

Sections

Size: 206KB - Virtual size: 512KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 9KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 21KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 324KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RegOrganizer.exe
.exe windows:4 windows x86 arch:x86

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

49:2d:0c:fa:8c:2d:7c:ed:70:b3:79:a3:7e:e9:82:25:b4:c1:5d:6a:5b:5b:2b:33:ef:88:b8:e6:8d:6e:86:79
Signer

Actual PE Digest

49:2d:0c:fa:8c:2d:7c:ed:70:b3:79:a3:7e:e9:82:25:b4:c1:5d:6a:5b:5b:2b:33:ef:88:b8:e6:8d:6e:86:79

Digest Algorithm

sha256

PE Digest Matches

true

ba:3c:ce:4b:11:3f:9e:41:44:0c:bb:46:1e:5f:b1:ec:9e:29:a4:c4
Signer

Actual PE Digest

ba:3c:ce:4b:11:3f:9e:41:44:0c:bb:46:1e:5f:b1:ec:9e:29:a4:c4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

@$xp$11TRegistryEx
@$xp$19TTabSheetWithButton
@$xp$22TPageControlWithButton
@@Aboutunit@Finalize
@@Aboutunit@Initialize
@@Addtofavoritesandcommentseditingunit@Finalize
@@Addtofavoritesandcommentseditingunit@Initialize
@@Applicationsuninstallergear@Finalize
@@Applicationsuninstallergear@Initialize
@@Applicationsuninstallerunit@Finalize
@@Applicationsuninstallerunit@Initialize
@@Apptracesfinder@Finalize
@@Apptracesfinder@Initialize
@@Automaticregistrycleanupresultsunit@Finalize
@@Automaticregistrycleanupresultsunit@Initialize
@@Automaticregistrycleanupunit@Finalize
@@Automaticregistrycleanupunit@Initialize
@@Bifactorialprogress@Finalize
@@Bifactorialprogress@Initialize
@@Binaryvalueunit@Finalize
@@Binaryvalueunit@Initialize
@@Browserscleanup@Finalize
@@Browserscleanup@Initialize
@@Buylinksunit@Finalize
@@Buylinksunit@Initialize
@@Changelognotationconventionsunit@Finalize
@@Changelognotationconventionsunit@Initialize
@@Changelogsviewerunit@Finalize
@@Changelogsviewerunit@Initialize
@@Changelogwizardunit@Finalize
@@Changelogwizardunit@Initialize
@@Checkforupdate@Finalize
@@Checkforupdate@Initialize
@@Comboboxwithimage@Finalize
@@Comboboxwithimage@Initialize
@@Complexfunctions@Finalize
@@Complexfunctions@Initialize
@@Crccalculation@Finalize
@@Crccalculation@Initialize
@@Createregistrysnapshotunit@Finalize
@@Createregistrysnapshotunit@Initialize
@@Debugstuff@Finalize
@@Debugstuff@Initialize
@@Didyouknowunit@Finalize
@@Didyouknowunit@Initialize
@@Digitalsignature@Finalize
@@Digitalsignature@Initialize
@@Diskcleanupframeunit@Finalize
@@Diskcleanupframeunit@Initialize
@@Diskcleanupgear@Finalize
@@Diskcleanupgear@Initialize
@@Diskcleanupresultsunit@Finalize
@@Diskcleanupresultsunit@Initialize
@@Draganddroparea@Finalize
@@Draganddroparea@Initialize
@@Entrychangingunit@Finalize
@@Entrychangingunit@Initialize
@@Findappbyshortcutunit@Finalize
@@Findappbyshortcutunit@Initialize
@@Gdishared@Finalize
@@Gdishared@Initialize
@@Getdocumentfromurlunit@Finalize
@@Getdocumentfromurlunit@Initialize
@@Getinstalledprogramversionsnew@Finalize
@@Getinstalledprogramversionsnew@Initialize
@@Helperfor64bits@Finalize
@@Helperfor64bits@Initialize
@@Highlighting@Finalize
@@Highlighting@Initialize
@@Ignorelistsfilemasks@Finalize
@@Ignorelistsfilemasks@Initialize
@@Integervalueunit@Finalize
@@Integervalueunit@Initialize
@@Isfilecannotberemovedunit@Finalize
@@Isfilecannotberemovedunit@Initialize
@@Keypropertiesunit@Finalize
@@Keypropertiesunit@Initialize
@@Keysecuritysuspendunit@Finalize
@@Keysecuritysuspendunit@Initialize
@@Mainunit@Finalize
@@Mainunit@Initialize
@@Mixedfunctions@Finalize
@@Mixedfunctions@Initialize
@@Multilanguagesupport@Finalize
@@Multilanguagesupport@Initialize
@@Multistringvalueunit@Finalize
@@Multistringvalueunit@Initialize
@@Nagscreenunit@Finalize
@@Nagscreenunit@Initialize
@@Newignorelistitemunit@Finalize
@@Newignorelistitemunit@Initialize
@@Newstartupitemunit@Finalize
@@Newstartupitemunit@Initialize
@@Newversionavailableunit@Finalize
@@Newversionavailableunit@Initialize
@@Pagecontrolwithbutton@Finalize
@@Pagecontrolwithbutton@Initialize
@@Parseandauxregistryunit@Finalize
@@Parseandauxregistryunit@Initialize
@@Portableversion@Finalize
@@Portableversion@Initialize
@@Programdatastorage@Finalize
@@Programdatastorage@Initialize
@@Recyclebinutils@Finalize
@@Recyclebinutils@Initialize
@@Regfuncwrapunit@Finalize
@@Regfuncwrapunit@Initialize
@@Registrationunit@Finalize
@@Registrationunit@Initialize
@@Registrycleanup@Finalize
@@Registrycleanup@Initialize
@@Registryfavorites@Finalize
@@Registryfavorites@Initialize
@@Registryfavoritesremoveunit@Finalize
@@Registryfavoritesremoveunit@Initialize
@@Registryfileunit@Finalize
@@Registryfileunit@Initialize
@@Registryoptimizationfunctions@Finalize
@@Registryoptimizationfunctions@Initialize
@@Registryoptimizationunit@Finalize
@@Registryoptimizationunit@Initialize
@@Registrysearchprofileunit@Finalize
@@Registrysearchprofileunit@Initialize
@@Registrysnapshotsunit@Finalize
@@Registrysnapshotsunit@Initialize
@@Removefilesfailsafeunit@Finalize
@@Removefilesfailsafeunit@Initialize
@@Retrievenewfilemenu@Finalize
@@Retrievenewfilemenu@Initialize
@@Retrieveopenwithmenu@Finalize
@@Retrieveopenwithmenu@Initialize
@@Revertchangelogresultunit@Finalize
@@Revertchangelogresultunit@Initialize
@@Searchmatchunit@Finalize
@@Searchmatchunit@Initialize
@@Setprivilegies@Finalize
@@Setprivilegies@Initialize
@@Simplefunctions@Finalize
@@Simplefunctions@Initialize
@@Socialshareframeunit@Finalize
@@Socialshareframeunit@Initialize
@@Splashunit@Finalize
@@Splashunit@Initialize
@@Startupgear@Finalize
@@Startupgear@Initialize
@@Startupmanagerframeunit@Finalize
@@Startupmanagerframeunit@Initialize
@@Startupstatistics@Finalize
@@Startupstatistics@Initialize
@@Stringenteringunit@Finalize
@@Stringenteringunit@Initialize
@@Stringvalueunit@Finalize
@@Stringvalueunit@Initialize
@@Subscriptionexpiredunit@Finalize
@@Subscriptionexpiredunit@Initialize
@@Subscriptionreminderunit@Finalize
@@Subscriptionreminderunit@Initialize
@@Tagedatabaseunit@Finalize
@@Tagedatabaseunit@Initialize
@@Tweakschangestateunit@Finalize
@@Tweakschangestateunit@Initialize
@@Tweakscreatetweakunit@Finalize
@@Tweakscreatetweakunit@Initialize
@@Tweaksdocunit@Finalize
@@Tweaksdocunit@Initialize
@@Tweaksexportunit@Finalize
@@Tweaksexportunit@Initialize
@@Tweaksmanagementunit@Finalize
@@Tweaksmanagementunit@Initialize
@@Tweaksregistryvalueeditingunit@Finalize
@@Tweaksregistryvalueeditingunit@Initialize
@@Tweaksunit@Finalize
@@Tweaksunit@Initialize
@@Undoingchangescenterunit@Finalize
@@Undoingchangescenterunit@Initialize
@@Uninstallapplicationunit@Finalize
@@Uninstallapplicationunit@Initialize
@@Unit27@Finalize
@@Unit27@Initialize
@@Unit30@Finalize
@@Unit30@Initialize
@@Unit3@Finalize
@@Unit3@Initialize
@@Unit43@Finalize
@@Unit43@Initialize
@@Visualelements@Finalize
@@Visualelements@Initialize
@TPageControlWithButton@
@TPageControlWithButton@$bctr$qqrp25System@Classes@TComponent
@TPageControlWithButton@Change$qqrv
@TPageControlWithButton@CloseTabImagesChanged$qv
@TPageControlWithButton@Dispatch$qqrpv
@TPageControlWithButton@DrawTab$qqrirx18System@Types@TRecto
@TPageControlWithButton@GetActivePageIndexNew$qqrv
@TPageControlWithButton@GetActivePageNew$qqrv
@TPageControlWithButton@GetCloseTabButtonImageIndex$q43TPageControlWithButton@TCloseTabButtonImage
@TPageControlWithButton@GetPageNew$qqri
@TPageControlWithButton@IsNeedDrawCloseButton$qv
@TPageControlWithButton@IsThemed$qv
@TPageControlWithButton@OnCloseTab$qqrpv
@TPageControlWithButton@OnLButtonDown$qqrr24Winapi@Messages@TWMMouse
@TPageControlWithButton@OnLButtonUp$qqrr24Winapi@Messages@TWMMouse
@TPageControlWithButton@OnMouseLeave$qqrr24Winapi@Messages@TMessage
@TPageControlWithButton@OnMouseMove$qqrr24Winapi@Messages@TWMMouse
@TPageControlWithButton@OnShowingChanged$qqrr24Winapi@Messages@TMessage
@TPageControlWithButton@SetActivePageIndexNew$qqrxi
@TPageControlWithButton@SetActivePageNew$qqrp19TTabSheetWithButton
@TPageControlWithButton@SetCloseTabHotImageIndex$qqri
@TPageControlWithButton@SetCloseTabImageList$qqrp23Vcl@Controls@TImageList
@TPageControlWithButton@SetCloseTabImages$qp26TPageControlCloseTabImages
@TPageControlWithButton@SetCloseTabNormalImageIndex$qqri
@TPageControlWithButton@SetCloseTabPressedImageIndex$qqri
@TPageControlWithButton@UpdateActivePage$qqrv
@TPageControlWithButton@UpdateCloseTabButtonImage$q43TPageControlWithButton@TCloseTabButtonImage
@TPageControlWithButton@UpdateCloseTabButtonImage$qii
@TPageControlWithButton@UpdateTabCaptionBlanks$qv
@TPageControlWithButton@UpdateTabCaptions$qv
@TPageControlWithButton@UpdateTabSheetCaptions$qv
@TRegistryEx@
@TRegistryEx@$bctr$qqrui
@TRegistryEx@$bctr$qqrv
@TRegistryEx@$bdtr$qqrv
@TRegistryEx@ChangeKey$qqr6HKEY64x20System@UnicodeString
@TRegistryEx@CloseKey$qqrv
@TRegistryEx@CreateKey$qqrx20System@UnicodeString
@TRegistryEx@DeleteKey$qqrx20System@UnicodeString
@TRegistryEx@DeleteValue$qqrx20System@UnicodeString
@TRegistryEx@GetBaseKey$qqro
@TRegistryEx@GetData$qqrx20System@UnicodeStringpvir32System@Win@Registry@TRegDataType
@TRegistryEx@GetDataInfo$qqrx20System@UnicodeStringr32System@Win@Registry@TRegDataInfo
@TRegistryEx@GetDataSize$qqrx20System@UnicodeString
@TRegistryEx@GetDataType$qqrx20System@UnicodeString
@TRegistryEx@GetKey$qqrx20System@UnicodeString
@TRegistryEx@GetKeyInfo$qqrr31System@Win@Registry@TRegKeyInfo
@TRegistryEx@GetKeyNames$qqrp23System@Classes@TStrings
@TRegistryEx@GetValueNames$qqrp23System@Classes@TStrings
@TRegistryEx@HasSubKeys$qqrv
@TRegistryEx@IsRelative$qrx20System@UnicodeString
@TRegistryEx@KeyExists$qqrx20System@UnicodeString
@TRegistryEx@MaybeOpenKey$q20System@UnicodeStringoul
@TRegistryEx@OpenKey$qqrx20System@UnicodeStringo
@TRegistryEx@OpenKeyReadOnly$qqrx20System@UnicodeString
@TRegistryEx@PutData$qqrx20System@UnicodeStringpvi32System@Win@Registry@TRegDataType
@TRegistryEx@ReadBinaryData$qqrx20System@UnicodeStringpvi
@TRegistryEx@ReadBool$qqrx20System@UnicodeString
@TRegistryEx@ReadDate$qqrx20System@UnicodeString
@TRegistryEx@ReadDateTime$qqrx20System@UnicodeString
@TRegistryEx@ReadFloat$qqrx20System@UnicodeString
@TRegistryEx@ReadInteger$qqrx20System@UnicodeString
@TRegistryEx@ReadString$qqrx20System@UnicodeString
@TRegistryEx@RenameValue$qqrx20System@UnicodeStringt1
@TRegistryEx@SetCurrentKey$qqr6HKEY64
@TRegistryEx@SetRootKey$qqr6HKEY64
@TRegistryEx@ValueExists$qqrx20System@UnicodeString
@TRegistryEx@WriteBinaryData$qqrx20System@UnicodeStringpvi
@TRegistryEx@WriteBool$qqrx20System@UnicodeStringo
@TRegistryEx@WriteDate$qqrx20System@UnicodeString16System@TDateTime
@TRegistryEx@WriteDateTime$qqrx20System@UnicodeString16System@TDateTime
@TRegistryEx@WriteExpandString$qqrx20System@UnicodeStringt1
@TRegistryEx@WriteFloat$qqrx20System@UnicodeStringd
@TRegistryEx@WriteInteger$qqrx20System@UnicodeStringi
@TRegistryEx@WriteString$qqrx20System@UnicodeStringt1
@TTabSheetWithButton@
@TTabSheetWithButton@$bctr$qqrp25System@Classes@TComponent
@TTabSheetWithButton@GetPageControl$qqrv
@TTabSheetWithButton@GetTextNew$qqrv
@TTabSheetWithButton@IsCloseButton$xqv
@TTabSheetWithButton@SetCloseButton$qqro
@TTabSheetWithButton@SetPageControl$qqrp22TPageControlWithButton
@TTabSheetWithButton@SetTextNew$qqrx20System@UnicodeString
@TTabSheetWithButton@UpdateCaption$qv
TMethodImplementationIntercept
_AboutForm
_AddToFavoritesAndCommentsEditingForm
_ApplicationsUninstallerForm
_AutomaticRegistryCleanupForm
_AutomaticRegistryCleanupResultsForm
_BinaryValueForm
_ChangeLogNotationConventionsForm
_ChangeLogWizardForm
_ChangeLogsViewerForm
_CreateRegistrySnapshotForm
_DidYouKnowForm
_DiskCleanupFrame
_DiskCleanupGearModule
_DiskCleanupResultsForm
_EntryChangingForm
_FindAppByShortcutDataModule
_Form27
_Form3
_Form30
_Form43
_IntegerValueForm
_KeyPropertiesForm
_MainForm
_MixedFunctionsDataModule
_MultiLanguageSupportForm
_MultiStringValueForm
_NagScreenForm
_NewIgnoreListItemForm
_NewStartupItemForm
_NewVersionAvailableForm
_RegistrationForm
_RegistryFavoritesRemoveForm
_RegistryOptimizationForm
_RegistrySearchProfileForm
_RegistrySnapshotsForm
_RevertChangeLogResultForm
_SearchMatchForm
_SocialShareFrame
_SplashForm
_StartupManagerFrame
_StringEnteringForm
_StringValueForm
_SubscriptionExpiredForm
_SubscriptionReminderForm
_TweaksChangeStateForm
_TweaksCreateTweakForm
_TweaksDocDataModule
_TweaksExportForm
_TweaksForm
_TweaksManagementForm
_TweaksRegistryValueEditingForm
_UndoingChangesCenterForm
_UninstallApplicationForm
__GetExceptDLLinfo
___CPPdebugHook
dbkFCallWrapperAddr

Sections

Size: 3.7MB - Virtual size: 14.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 318KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 644KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 320KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RegOrganizerAgent.exe
.exe windows:4 windows x86 arch:x86

a1142cca2643d4e6a2c6db95ec34dfff

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

d0:53:03:8e:4e:6b:d1:d1:d6:e7:51:22:25:c2:87:2f:1f:0e:c1:2c:38:b2:0f:fa:26:71:ec:d3:43:aa:c4:f2
Signer

Actual PE Digest

d0:53:03:8e:4e:6b:d1:d1:d6:e7:51:22:25:c2:87:2f:1f:0e:c1:2c:38:b2:0f:fa:26:71:ec:d3:43:aa:c4:f2

Digest Algorithm

sha256

PE Digest Matches

true

69:09:23:0f:32:02:13:ba:98:39:c7:af:ce:81:4f:48:49:1e:a7:ee
Signer

Actual PE Digest

69:09:23:0f:32:02:13:ba:98:39:c7:af:ce:81:4f:48:49:1e:a7:ee

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegFlushKey
RegOpenKeyExW
RegQueryValueExW

kernel32

CloseHandle
CompareStringW
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileW
CreateMutexW
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
EnumCalendarInfoW
ExitProcess
ExitThread
FindClose
FindFirstFileW
FindResourceW
FormatMessageW
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceW
GetEnvironmentStrings
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetLogicalDriveStringsW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemInfo
GetThreadLocale
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVersionExW
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomW
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LockResource
MulDiv
MultiByteToWideChar
OpenProcess
QueryDosDeviceW
RaiseException
ReadFile
ResetEvent
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SignalObjectAndWait
SizeofResource
Sleep
SwitchToThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
VirtualQueryEx
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcpyW
lstrcpynW
lstrlenW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

comctl32

FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Read
ImageList_Remove
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_Write
InitializeFlatSB
_TrackMouseEvent

gdi32

BitBlt
CopyEnhMetaFileW
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateDIBitmap
CreateFontIndirectW
CreateHalftonePalette
CreatePalette
CreatePenIndirect
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
ExcludeClipRect
FrameRgn
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDCOrgEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetObjectW
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32W
GetTextExtentPointW
GetTextMetricsW
GetWinMetaFileBits
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
PlayEnhMetaFile
RealizePalette
RectVisible
Rectangle
RestoreDC
SaveDC
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetEnhMetaFileBits
SetPixel
SetROP2
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWinMetaFileBits
SetWindowOrgEx
StretchBlt
UnrealizeObject

msimg32

AlphaBlend

shell32

SHGetSpecialFolderPathW
ShellExecuteW
Shell_NotifyIconW

user32

ActivateKeyboardLayout
AdjustWindowRectEx
AppendMenuW
BeginPaint
CallNextHookEx
CallWindowProcW
CharLowerBuffW
CharLowerW
CharNextW
CharUpperBuffW
CheckMenuItem
ClientToScreen
CloseClipboard
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExW
DefFrameProcW
DefMDIChildProcW
DefWindowProcA
DefWindowProcW
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextExW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndPaint
EnumChildWindows
EnumThreadWindows
EnumWindows
FillRect
FindWindowExW
FindWindowW
FrameRect
GetActiveWindow
GetCapture
GetClassInfoW
GetClassLongW
GetClientRect
GetClipboardData
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameW
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuState
GetMenuStringW
GetMessageA
GetMessagePos
GetParent
GetPropW
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
InflateRect
InsertMenuItemW
InsertMenuW
IntersectRect
InvalidateRect
IsChild
IsDialogMessageA
IsDialogMessageW
IsIconic
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapW
LoadCursorW
LoadIconA
LoadIconW
LoadKeyboardLayoutW
LoadStringW
MapVirtualKeyW
MapWindowPoints
MessageBeep
MessageBoxA
MessageBoxW
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
OffsetRect
OpenClipboard
PeekMessageA
PeekMessageW
PostMessageA
PostMessageW
PostQuitMessage
RedrawWindow
RegisterClassExW
RegisterClassW
RegisterClipboardFormatW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropW
ScreenToClient
ScrollWindow
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetClassLongW
SetClipboardData
SetCursor
SetFocus
SetForegroundWindow
SetMenu
SetMenuDefaultItem
SetMenuItemInfoW
SetParent
SetPropW
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowsHookExW
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UpdateWindow
WaitMessage
WindowFromPoint
wsprintfA
wsprintfW

ole32

CoCreateInstance
CoInitialize
CoSetProxyBlanket
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
OleInitialize
OleUninitialize

oleaut32

CreateErrorInfo
GetErrorInfo
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SetErrorInfo
SysAllocString
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit

psapi

GetProcessImageFileNameW

Exports

Exports

@@Installertracingagentshared@Finalize
@@Installertracingagentshared@Initialize
@@Simplefunctions@Finalize
@@Simplefunctions@Initialize
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 677KB - Virtual size: 680KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 412KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
StartupCheckingHelper.exe
.exe windows:4 windows x86 arch:x86

98612cffa3482e64608a9b2e01d1a871

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e1:9a:cb:14:2f:47:dc:28:0f:8a:97:38:47:fd:11:a7:dc:29:33:c2:d8:3a:b6:ba:60:4a:86:07:6e:be:88:17
Signer

Actual PE Digest

e1:9a:cb:14:2f:47:dc:28:0f:8a:97:38:47:fd:11:a7:dc:29:33:c2:d8:3a:b6:ba:60:4a:86:07:6e:be:88:17

Digest Algorithm

sha256

PE Digest Matches

true

a5:cd:64:9e:6c:46:71:fb:c2:07:5f:88:19:c2:eb:ab:89:f1:95:fc
Signer

Actual PE Digest

a5:cd:64:9e:6c:46:71:fb:c2:07:5f:88:19:c2:eb:ab:89:f1:95:fc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
ChangeServiceConfig2W
ChangeServiceConfigW
CloseServiceHandle
DeleteService
EnumServicesStatusW
GetUserNameW
LookupPrivilegeValueW
OpenProcessToken
OpenSCManagerW
OpenServiceW
QueryServiceConfig2W
QueryServiceConfigW
RegCloseKey
RegConnectRegistryW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegLoadKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegReplaceKeyW
RegRestoreKeyW
RegSaveKeyW
RegSetValueExW
RegUnLoadKeyW

kernel32

CloseHandle
CompareStringW
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateMutexW
CreateThread
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
EnumCalendarInfoW
EnumResourceNamesW
EnumSystemLocalesW
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileW
FindNextFileW
FindResourceW
FlushViewOfFile
FormatMessageW
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCPInfoExW
GetCommandLineW
GetComputerNameW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceW
GetEnvironmentStringsW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileTime
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetLongPathNameW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeExW
GetStringTypeW
GetSystemDefaultLangID
GetSystemDefaultUILanguage
GetSystemInfo
GetTempFileNameW
GetTempPathW
GetThreadLocale
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetUserDefaultUILanguage
GetVersion
GetVersionExA
GetVersionExW
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomW
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LockResource
MapViewOfFile
MulDiv
MultiByteToWideChar
OpenFileMappingA
OpenFileMappingW
OpenProcess
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReleaseMutex
ResetEvent
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SetThreadPriority
SizeofResource
Sleep
SuspendThread
SwitchToThread
SystemTimeToTzSpecificLocalTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
VirtualQueryEx
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpW
lstrlenW

netapi32

NetWkstaGetInfo

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winspool.drv

ClosePrinter
DocumentPropertiesW
EnumPrintersW
ord203
OpenPrinterW

comctl32

FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
ImageList_Add
ImageList_BeginDrag
ImageList_Copy
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_LoadImageW
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_SetOverlayImage
ImageList_Write
ord17
InitializeFlatSB
_TrackMouseEvent

gdi32

AbortDoc
AngleArc
Arc
ArcTo
BitBlt
Chord
CombineRgn
CopyEnhMetaFileW
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateDIBitmap
CreateFontIndirectW
CreateHalftonePalette
CreateICW
CreatePalette
CreatePenIndirect
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
Ellipse
EndDoc
EndPage
EnumFontFamiliesExW
EnumFontsW
ExcludeClipRect
ExtFloodFill
ExtTextOutW
FrameRgn
GdiFlush
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileDescriptionW
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetObjectW
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32W
GetTextExtentPointW
GetTextMetricsW
GetWinMetaFileBits
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
Pie
PlayEnhMetaFile
PolyBezier
PolyBezierTo
Polygon
Polyline
RealizePalette
RectVisible
Rectangle
RestoreDC
RoundRect
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetAbortProc
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetDIBits
SetEnhMetaFileBits
SetMapMode
SetPixel
SetROP2
SetRectRgn
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWinMetaFileBits
SetWindowOrgEx
StartDocW
StartPage
StretchBlt
StretchDIBits
UnrealizeObject

shell32

SHFileOperationW
SHGetSpecialFolderPathW
ShellExecuteW
Shell_NotifyIconW

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginPaint
CallNextHookEx
CallWindowProcW
CharLowerBuffW
CharLowerW
CharNextW
CharUpperBuffW
CharUpperW
CheckMenuItem
ChildWindowFromPoint
ClientToScreen
CloseClipboard
CopyIcon
CopyImage
CreateAcceleratorTableW
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExW
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextExW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndMenu
EndPaint
EnumChildWindows
EnumDisplayMonitors
EnumThreadWindows
EnumWindows
FillRect
FindWindowExW
FindWindowW
FrameRect
GetActiveWindow
GetCapture
GetClassInfoExW
GetClassInfoW
GetClassLongW
GetClassNameW
GetClientRect
GetClipboardData
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDlgCtrlID
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameW
GetKeyboardState
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuState
GetMenuStringW
GetMessageExtraInfo
GetMessagePos
GetMonitorInfoW
GetParent
GetPropW
GetScrollBarInfo
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMetrics
GetTopWindow
GetUpdateRect
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
HideCaret
InsertMenuItemW
InsertMenuW
InvalidateRect
IsChild
IsDialogMessageA
IsDialogMessageW
IsIconic
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapW
LoadCursorW
LoadIconW
LoadKeyboardLayoutW
LoadStringW
LockWindowUpdate
MapVirtualKeyW
MapWindowPoints
MessageBeep
MessageBoxW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
OpenClipboard
PeekMessageA
PeekMessageW
PostMessageW
PostQuitMessage
RedrawWindow
RegisterClassW
RegisterClipboardFormatW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropW
ScreenToClient
ScrollWindow
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetClassLongW
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoW
SetParent
SetPropW
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowCaret
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UpdateWindow
WaitMessage
WindowFromPoint
wsprintfA
GetSystemMenu

winmm

timeBeginPeriod

ole32

CoCreateInstance
CoFreeUnusedLibraries
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
IsEqualGUID
OleInitialize
OleUninitialize

oleaut32

CreateErrorInfo
GetErrorInfo
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SetErrorInfo
SysAllocString
SysAllocStringLen
SysFreeString
SysReAllocStringLen
SysStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit

Exports

Exports

@$xp$11TRegistryEx
@@Complexfunctions@Finalize
@@Complexfunctions@Initialize
@@Debugstuff@Finalize
@@Debugstuff@Initialize
@@Log@Finalize
@@Log@Initialize
@@Programdatastorage@Finalize
@@Programdatastorage@Initialize
@@Regfuncwrapunit@Finalize
@@Regfuncwrapunit@Initialize
@@Simplefunctions@Finalize
@@Simplefunctions@Initialize
@@Startupgear@Finalize
@@Startupgear@Initialize
@TRegistryEx@
@TRegistryEx@$bctr$qqrui
@TRegistryEx@$bctr$qqrv
@TRegistryEx@$bdtr$qqrv
@TRegistryEx@ChangeKey$qqr6HKEY64x20System@UnicodeString
@TRegistryEx@CloseKey$qqrv
@TRegistryEx@CreateKey$qqrx20System@UnicodeString
@TRegistryEx@DeleteKey$qqrx20System@UnicodeString
@TRegistryEx@DeleteValue$qqrx20System@UnicodeString
@TRegistryEx@GetBaseKey$qqro
@TRegistryEx@GetData$qqrx20System@UnicodeStringpvir32System@Win@Registry@TRegDataType
@TRegistryEx@GetDataInfo$qqrx20System@UnicodeStringr32System@Win@Registry@TRegDataInfo
@TRegistryEx@GetDataSize$qqrx20System@UnicodeString
@TRegistryEx@GetDataType$qqrx20System@UnicodeString
@TRegistryEx@GetKey$qqrx20System@UnicodeString
@TRegistryEx@GetKeyInfo$qqrr31System@Win@Registry@TRegKeyInfo
@TRegistryEx@GetKeyNames$qqrp23System@Classes@TStrings
@TRegistryEx@GetValueNames$qqrp23System@Classes@TStrings
@TRegistryEx@HasSubKeys$qqrv
@TRegistryEx@IsRelative$qrx20System@UnicodeString
@TRegistryEx@KeyExists$qqrx20System@UnicodeString
@TRegistryEx@MaybeOpenKey$q20System@UnicodeStringoul
@TRegistryEx@OpenKey$qqrx20System@UnicodeStringo
@TRegistryEx@OpenKeyReadOnly$qqrx20System@UnicodeString
@TRegistryEx@PutData$qqrx20System@UnicodeStringpvi32System@Win@Registry@TRegDataType
@TRegistryEx@ReadBinaryData$qqrx20System@UnicodeStringpvi
@TRegistryEx@ReadBool$qqrx20System@UnicodeString
@TRegistryEx@ReadDate$qqrx20System@UnicodeString
@TRegistryEx@ReadDateTime$qqrx20System@UnicodeString
@TRegistryEx@ReadFloat$qqrx20System@UnicodeString
@TRegistryEx@ReadInteger$qqrx20System@UnicodeString
@TRegistryEx@ReadString$qqrx20System@UnicodeString
@TRegistryEx@RenameValue$qqrx20System@UnicodeStringt1
@TRegistryEx@SetCurrentKey$qqr6HKEY64
@TRegistryEx@SetRootKey$qqr6HKEY64
@TRegistryEx@ValueExists$qqrx20System@UnicodeString
@TRegistryEx@WriteBinaryData$qqrx20System@UnicodeStringpvi
@TRegistryEx@WriteBool$qqrx20System@UnicodeStringo
@TRegistryEx@WriteDate$qqrx20System@UnicodeString16System@TDateTime
@TRegistryEx@WriteDateTime$qqrx20System@UnicodeString16System@TDateTime
@TRegistryEx@WriteExpandString$qqrx20System@UnicodeStringt1
@TRegistryEx@WriteFloat$qqrx20System@UnicodeStringd
@TRegistryEx@WriteInteger$qqrx20System@UnicodeStringi
@TRegistryEx@WriteString$qqrx20System@UnicodeStringt1
TMethodImplementationIntercept
__GetExceptDLLinfo
___CPPdebugHook
dbkFCallWrapperAddr

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 193KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 236KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
StartupCheckingService.exe
.exe windows:4 windows x86 arch:x86

abe26ceb2399e13eadccab292ca28891

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

fb:23:67:58:b7:63:82:3d:3f:4f:ed:45:c7:07:c1:0c:72:f7:17:aa:ec:f2:9d:07:21:3e:78:f8:a8:30:86:6f
Signer

Actual PE Digest

fb:23:67:58:b7:63:82:3d:3f:4f:ed:45:c7:07:c1:0c:72:f7:17:aa:ec:f2:9d:07:21:3e:78:f8:a8:30:86:6f

Digest Algorithm

sha256

PE Digest Matches

true

1f:09:d5:cd:4a:80:05:90:20:1d:64:a1:f2:1f:61:6c:10:f8:1a:f5
Signer

Actual PE Digest

1f:09:d5:cd:4a:80:05:90:20:1d:64:a1:f2:1f:61:6c:10:f8:1a:f5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
ChangeServiceConfig2W
CloseServiceHandle
ControlService
CreateProcessWithTokenW
CreateServiceW
DeleteService
GetTokenInformation
LookupPrivilegeValueW
OpenProcessToken
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
QueryServiceStatusEx
RegCloseKey
RegConnectRegistryW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegLoadKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegReplaceKeyW
RegRestoreKeyW
RegSaveKeyW
RegSetValueExW
RegUnLoadKeyW
RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW
StartServiceW

kernel32

CloseHandle
CompareStringW
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileMappingA
CreateFileW
CreateThread
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
EnumCalendarInfoW
EnumResourceNamesW
EnumSystemLocalesW
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
FindResourceW
FormatMessageW
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCPInfoExW
GetCommandLineW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceW
GetDriveTypeW
GetEnvironmentStringsW
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetLongPathNameW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeExW
GetStringTypeW
GetSystemDefaultLangID
GetSystemDefaultUILanguage
GetSystemInfo
GetTempFileNameW
GetTempPathW
GetThreadLocale
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultUILanguage
GetVersion
GetVersionExA
GetVersionExW
GetVolumeInformationW
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomW
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapSize
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LockResource
MapViewOfFile
MulDiv
MultiByteToWideChar
OpenFileMappingA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ResetEvent
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetCurrentDirectoryW
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SetThreadPriority
SizeofResource
Sleep
SuspendThread
SwitchToThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
VirtualQueryEx
WTSGetActiveConsoleSessionId
WaitForMultipleObjects
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpW
lstrlenW

netapi32

NetWkstaGetInfo

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winspool.drv

ClosePrinter
DocumentPropertiesW
EnumPrintersW
ord203
OpenPrinterW

comctl32

FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
ImageList_Add
ImageList_BeginDrag
ImageList_Copy
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_LoadImageW
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_SetOverlayImage
ImageList_Write
ord17
InitializeFlatSB
_TrackMouseEvent

gdi32

AbortDoc
AngleArc
Arc
ArcTo
BitBlt
Chord
CombineRgn
CopyEnhMetaFileW
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateDIBitmap
CreateFontIndirectW
CreateHalftonePalette
CreateICW
CreatePalette
CreatePenIndirect
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
Ellipse
EndDoc
EndPage
EnumFontFamiliesExW
EnumFontsW
ExcludeClipRect
ExtFloodFill
ExtTextOutW
FrameRgn
GdiFlush
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileDescriptionW
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetNearestPaletteIndex
GetObjectW
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetStretchBltMode
GetSystemPaletteEntries
GetTextExtentPoint32W
GetTextExtentPointW
GetTextMetricsW
GetWinMetaFileBits
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
Pie
PlayEnhMetaFile
PolyBezier
PolyBezierTo
Polygon
Polyline
RealizePalette
RectVisible
Rectangle
ResizePalette
RestoreDC
RoundRect
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetAbortProc
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetDIBits
SetEnhMetaFileBits
SetMapMode
SetPixel
SetROP2
SetRectRgn
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWinMetaFileBits
SetWindowOrgEx
StartDocW
StartPage
StretchBlt
StretchDIBits
UnrealizeObject

shell32

CommandLineToArgvW
SHFileOperationW
SHGetSpecialFolderPathW
ShellExecuteW
Shell_NotifyIconW

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginPaint
CallNextHookEx
CallWindowProcW
CharLowerBuffW
CharLowerW
CharNextW
CharUpperBuffW
CharUpperW
CheckMenuItem
ChildWindowFromPoint
ClientToScreen
CloseClipboard
CopyIcon
CopyImage
CreateAcceleratorTableW
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExW
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextExW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndMenu
EndPaint
EnumChildWindows
EnumDisplayMonitors
EnumThreadWindows
EnumWindows
FillRect
FindWindowExW
FindWindowW
FrameRect
GetActiveWindow
GetCapture
GetClassInfoExW
GetClassInfoW
GetClassLongW
GetClassNameW
GetClientRect
GetClipboardData
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDlgCtrlID
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameW
GetKeyboardState
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuState
GetMenuStringW
GetMessageExtraInfo
GetMessagePos
GetMonitorInfoW
GetParent
GetPropW
GetScrollBarInfo
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMetrics
GetTopWindow
GetUpdateRect
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
HideCaret
InsertMenuItemW
InsertMenuW
InvalidateRect
IsChild
IsDialogMessageA
IsDialogMessageW
IsIconic
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapW
LoadCursorW
LoadIconW
LoadKeyboardLayoutW
LoadStringW
LockWindowUpdate
MapVirtualKeyW
MapWindowPoints
MessageBeep
MessageBoxW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
OpenClipboard
PeekMessageA
PeekMessageW
PostMessageW
PostQuitMessage
RedrawWindow
RegisterClassW
RegisterClipboardFormatW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropW
ScreenToClient
ScrollWindow
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetClassLongW
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoW
SetParent
SetPropW
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowCaret
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UpdateWindow
WaitMessage
WindowFromPoint
wsprintfA
GetSystemMenu

ole32

CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
IsEqualGUID
OleInitialize
OleUninitialize

oleaut32

GetErrorInfo
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SysAllocString
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSQueryUserToken

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
LoadUserProfileW
UnloadUserProfile

Exports

Exports

@@Log@Finalize
@@Log@Initialize
@@Programdatastorage@Finalize
@@Programdatastorage@Initialize
@@Simplefunctions@Finalize
@@Simplefunctions@Initialize
TMethodImplementationIntercept
__GetExceptDLLinfo
___CPPdebugHook
dbkFCallWrapperAddr

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 318KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
UndoingChangesCenterUnit.const
WhatsNew-Russian.txt
WhatsNew.txt
WinRTApps.dll
.dll windows:6 windows x86 arch:x86

cac4b05c8ebbda33af7039e8c3082162

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f9:38:a5:5a:24:ac:bc:04:d7:b3:83:fa:c5:5c:a4:71:0c:e7:28:66:2d:9d:7b:c5:90:71:84:b1:37:17:c9:84
Signer

Actual PE Digest

f9:38:a5:5a:24:ac:bc:04:d7:b3:83:fa:c5:5c:a4:71:0c:e7:28:66:2d:9d:7b:c5:90:71:84:b1:37:17:c9:84

Digest Algorithm

sha256

PE Digest Matches

true

39:8c:93:3b:7d:6d:86:74:04:38:8b:b2:39:ea:0f:93:a8:a2:39:fe
Signer

Actual PE Digest

39:8c:93:3b:7d:6d:86:74:04:38:8b:b2:39:ea:0f:93:a8:a2:39:fe

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\music\tmp\w1\FullUninstall\.Related\WinRTApps.dll\Output\WinRTApps.pdb

Imports

kernel32

GetProcAddress
GetLocaleInfoEx
ResolveLocaleName
FindFirstFileW
FindClose
FindNextFileW
RaiseException
CloseHandle
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
OutputDebugStringW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LoadLibraryExW
HeapReAlloc
GetOEMCP
IsValidCodePage
GetACP
GetModuleFileNameW
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLastError
HeapFree
GetCommandLineA
GetCurrentThreadId
RtlUnwind
HeapAlloc
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsDebuggerPresent
ExitProcess
GetModuleHandleExW
HeapSize
GetProcessHeap
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree
CoCreateInstance

shlwapi

ord487
SHCreateStreamOnFileEx

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsCreateString
WindowsDeleteString

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoUninitialize
RoInitialize

Exports

Exports

GetWinRTAppsApi

Sections

.text
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
links.xml
.xml
regkey.ini
tweaks.bkp.xml
.xml
updaterdll.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

@@Updatershared@Finalize
@@Updatershared@Initialize
DownlodFileFromTheInternet
___CPPdebugHook

Sections

Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Reg.Organizer.7.52key/Settings.reg
Reg.Organizer.7.52key/   !.txt
Reg.Organizer.7.52key/ᯠ portable.cmd
Reg.Organizer.7.52key/ ⠭.cmd

Sharing

General

Malware Config

Signatures

Files

32f3282581436269b3a75b6675fe3e08

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 415KB

.ndata Size: - Virtual size: 948KB

.rsrc Size: 358KB - Virtual size: 357KB

.reloc Size: 4KB - Virtual size: 3KB

752c0bf2e02537842b0a8b5a66c7851c

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5aCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5aCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

33:aa:1a:38:88:22:12:a7:3c:2d:de:09:04:4e:48:24:b3:b7:89:bb:a2:27:d2:ca:28:4f:29:ba:c0:54:d0:c7Signer

73:ff:44:1d:67:f1:7d:8b:49:78:2c:e2:80:28:de:81:1b:b0:51:e8Signer

Headers

File Characteristics

Imports

advapi32

kernel32

version

comctl32

gdi32

msimg32

user32

ole32

oleaut32

psapi

Exports

Exports

Sections

.text Size: 508KB - Virtual size: 508KB

.data Size: 29KB - Virtual size: 68KB

.tls Size: 512B - Virtual size: 4KB

.idata Size: 10KB - Virtual size: 12KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 53KB - Virtual size: 56KB

.reloc Size: 33KB - Virtual size: 36KB

abcf51cc9ff3a4143d084b02d70ceb69

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5aCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 415KB

.ndata
Size: - Virtual size: 948KB

.rsrc
Size: 358KB - Virtual size: 357KB

.reloc
Size: 4KB - Virtual size: 3KB

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

33:aa:1a:38:88:22:12:a7:3c:2d:de:09:04:4e:48:24:b3:b7:89:bb:a2:27:d2:ca:28:4f:29:ba:c0:54:d0:c7
Signer

73:ff:44:1d:67:f1:7d:8b:49:78:2c:e2:80:28:de:81:1b:b0:51:e8
Signer

.text
Size: 508KB - Virtual size: 508KB

.data
Size: 29KB - Virtual size: 68KB

.tls
Size: 512B - Virtual size: 4KB

.idata
Size: 10KB - Virtual size: 12KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 53KB - Virtual size: 56KB

.reloc
Size: 33KB - Virtual size: 36KB

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

32:8a:11:fc:58:09:6a:a6:32:ee:4d:a8:02:27:ed:b4:bd:34:94:16:5c:af:65:95:64:1b:0c:b3:a0:d7:f1:5e
Signer

5d:90:5d:59:e8:93:6e:7b:b6:41:fc:d5:8c:11:06:8b:35:c1:38:fe
Signer

.text
Size: 170KB - Virtual size: 169KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 12KB - Virtual size: 11KB

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

71:4f:fc:65:79:97:59:56:f0:a5:11:c2:b8:9a:ce:5c:82:79:93:6c:23:53:84:b9:3e:a5:b3:cf:76:a4:d6:02
Signer

c7:72:e9:0b:60:17:89:88:94:2d:96:be:1f:82:a0:45:77:10:24:fc
Signer