Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc
Overview
overview
7Static
static
37aa3d4c90d...59.exe
windows7-x64
77aa3d4c90d...59.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ty.dll
windows7-x64
3$PLUGINSDI...ty.dll
windows10-2004-x64
3$SYSDIR/Cr...86.dll
windows7-x64
3$SYSDIR/Cr...86.dll
windows10-2004-x64
3$SYSDIR/np...86.dll
windows7-x64
3$SYSDIR/np...86.dll
windows10-2004-x64
3$WINDIR/Sy...64.dll
windows7-x64
7$WINDIR/Sy...64.dll
windows10-2004-x64
7CertEnroll...86.exe
windows7-x64
3CertEnroll...86.exe
windows10-2004-x64
3uninst.exe
windows7-x64
7uninst.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ty.dll
windows7-x64
3$PLUGINSDI...ty.dll
windows10-2004-x64
3Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
7aa3d4c90df3fb7f9a09ed9953dbaca171b90f2d6dc80816c6775174a5e0f159.exe
Resource
win7-20240705-en
windows7-x64
10 signatures
150 seconds
Behavioral task
behavioral2
Sample
7aa3d4c90df3fb7f9a09ed9953dbaca171b90f2d6dc80816c6775174a5e0f159.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
9 signatures
150 seconds
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240708-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral5
Sample
$PLUGINSDIR/Utility.dll
Resource
win7-20240729-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral6
Sample
$PLUGINSDIR/Utility.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral7
Sample
$SYSDIR/CryptoKit.CertEnrollment.UD.x86.dll
Resource
win7-20240704-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral8
Sample
$SYSDIR/CryptoKit.CertEnrollment.UD.x86.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral9
Sample
$SYSDIR/npCryptoKit.CertEnrollment.UD.x86.dll
Resource
win7-20240704-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral10
Sample
$SYSDIR/npCryptoKit.CertEnrollment.UD.x86.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral11
Sample
$WINDIR/System32/CryptoKit.CertEnrollment.UD.x64.dll
Resource
win7-20240708-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral12
Sample
$WINDIR/System32/CryptoKit.CertEnrollment.UD.x64.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral13
Sample
CertEnrollmentHost.UD.x86.exe
Resource
win7-20240704-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral14
Sample
CertEnrollmentHost.UD.x86.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral15
Sample
uninst.exe
Resource
win7-20240708-en
windows7-x64
7 signatures
150 seconds
Behavioral task
behavioral16
Sample
uninst.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
6 signatures
150 seconds
Behavioral task
behavioral17
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240729-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral18
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral19
Sample
$PLUGINSDIR/Utility.dll
Resource
win7-20240704-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral20
Sample
$PLUGINSDIR/Utility.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
7aa3d4c90df3fb7f9a09ed9953dbaca171b90f2d6dc80816c6775174a5e0f159
-
Size
2.5MB
-
MD5
860cd4792be3ad19725c414531728345
-
SHA1
942bd671d653415bca5155a6ab3a0fb2c6f8853b
-
SHA256
7aa3d4c90df3fb7f9a09ed9953dbaca171b90f2d6dc80816c6775174a5e0f159
-
SHA512
368fdadf64630ceb1fd355ea05c92a78fd39709b1adc9df8b647e8a8db18c248bfce1d8adc2f3e01179c914970d1b0e0fb3f8099e3fb71f522665fdf17b2db9b
-
SSDEEP
49152:P09jGYiBRiJIpuGNtZwH6w8qEmNNeZmijT/kG1U2WiTRZRhmoht7S5/wiZ1hF:P0jZYiJZ8tZwYBmNudjDJ1ULWRLniZN
Score
3/10
Malware Config
Signatures
-
Unsigned PE 6 IoCs
Checks for missing Authenticode signature.
resource 7aa3d4c90df3fb7f9a09ed9953dbaca171b90f2d6dc80816c6775174a5e0f159 unpack001/$PLUGINSDIR/System.dll unpack001/$PLUGINSDIR/Utility.dll unpack001/uninst.exe unpack002/$PLUGINSDIR/System.dll unpack002/$PLUGINSDIR/Utility.dll
Files
-
7aa3d4c90df3fb7f9a09ed9953dbaca171b90f2d6dc80816c6775174a5e0f159.exe windows:4 windows x86 arch:x86
56a78d55f3f7af51443e58e0ce2fb5f6
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW
shell32
SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
ole32
OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree
comctl32
ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked
user32
GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu
gdi32
SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject
kernel32
GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
CreateFileW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
Sections
.text Size: 26KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 172KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 108KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 29KB - Virtual size: 29KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/System.dll.dll windows:4 windows x86 arch:x86
fc0224e99e736751432961db63a41b76
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError
user32
wsprintfW
ole32
StringFromGUID2
CLSIDFromString
Exports
Exports
Sections
.text Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 867B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 120B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 662B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/Utility.dll.dll windows:5 windows x86 arch:x86
e94bd755e974f0e570e2969b9d725e70
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
D:\agent\_work\290\s\CSP\Private\Src\Tools\Utility\Release\Utility.pdb
Imports
kernel32
WriteFile
GetLastError
SetLastError
CreateToolhelp32Snapshot
GetCurrentThreadId
OpenProcess
TerminateProcess
Process32NextW
WaitForMultipleObjects
CloseHandle
GetCurrentProcessId
FreeLibrary
GetProcAddress
LoadLibraryW
LocalFree
Process32FirstW
LocalAlloc
CreateFileA
GlobalFree
lstrcpyW
lstrcpynW
GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineA
HeapFree
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
HeapAlloc
VirtualAlloc
HeapReAlloc
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
SetStdHandle
FlushFileBuffers
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
advapi32
RegCloseKey
GetTraceEnableLevel
RegOpenKeyExW
UnregisterTraceGuids
GetTraceLoggerHandle
RegQueryValueExW
GetTraceEnableFlags
ControlTraceW
TraceEvent
RegisterTraceGuidsW
user32
wsprintfW
Exports
Exports
FindProc
GetOSVersion
KillProc
Sections
.text Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$SYSDIR/CryptoKit.CertEnrollment.UD.x86.dll.dll regsvr32 windows:5 windows x86 arch:x86
51a758e44f0043fcc9bbe55a9f8ad17d
Code Sign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29/04/2021, 00:00Not After28/04/2036, 23:59SubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before21/09/2022, 00:00Not After21/11/2033, 23:59SubjectCN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0f:d6:db:25:2a:af:e3:c3:a6:80:a7:73:92:f0:70:4cCertificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before02/02/2023, 00:00Not After12/02/2026, 23:59SubjectCN=China Financial Certification Authority Co. Ltd,O=China Financial Certification Authority Co. Ltd,ST=beijing,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
c0:9b:2d:84:8b:d4:24:37:65:ac:d4:de:2b:54:d2:f9:c4:0d:f4:18Signer
Actual PE Digestc0:9b:2d:84:8b:d4:24:37:65:ac:d4:de:2b:54:d2:f9:c4:0d:f4:18Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
D:\agent\_work\656\s\Toolkits\Private\Src\CryptoKits\CertEnrollment.UD\PackageInstallScript\x86\Release\CryptoKit.CertEnrollment.UD.x86.pdb
Imports
kernel32
InterlockedCompareExchange
IsProcessorFeaturePresent
lstrlenA
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
InterlockedIncrement
lstrcmpiW
GetModuleHandleW
FormatMessageW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
MultiByteToWideChar
GetLastError
SetLastError
LoadLibraryW
GetModuleHandleA
GetVersion
GetFileAttributesW
OutputDebugStringA
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
GetVersionExW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
GetFileType
GetStdHandle
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
CloseHandle
LoadLibraryA
GetVersionExA
FlushConsoleInputBuffer
WideCharToMultiByte
CreateFileW
GetFileSizeEx
ReadFile
DeleteFileW
WriteFile
GetTempPathW
FileTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
FlushFileBuffers
HeapAlloc
HeapFree
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
Sleep
ExitProcess
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
HeapReAlloc
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
VirtualFree
VirtualAlloc
HeapCreate
HeapDestroy
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
LCMapStringW
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetConsoleCP
SetStdHandle
SetFilePointer
LCMapStringA
CreateFileA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
GetProcessHeap
GetProcAddress
FreeLibrary
LocalAlloc
LocalFree
user32
GetCursorPos
PtInRect
TrackMouseEvent
InvalidateRect
CreateWindowExW
CallWindowProcW
GetDC
ReleaseDC
GetSystemMetrics
DrawTextW
GetUserObjectInformationW
GetProcessWindowStation
EndDialog
MessageBoxA
ScreenToClient
SetWindowLongW
DialogBoxParamW
DefWindowProcW
LoadStringW
CharNextW
GetActiveWindow
GetForegroundWindow
DestroyWindow
BringWindowToTop
UnregisterClassA
SendMessageW
EndPaint
FillRect
ShowWindow
BeginPaint
LoadImageW
GetWindow
GetWindowLongW
MonitorFromWindow
GetMonitorInfoW
GetParent
GetClientRect
MapWindowPoints
GetDlgItem
SetWindowPos
GetDesktopWindow
GetWindowRect
advapi32
UnregisterTraceGuids
DeregisterEventSource
ReportEventA
RegisterEventSourceA
CryptCreateHash
CryptHashData
CryptSignHashW
CryptDestroyHash
CryptGetHashParam
CryptEnumProvidersW
CryptGetKeyParam
CryptSetKeyParam
CryptImportKey
CryptGenKey
CryptExportKey
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegQueryValueExW
ControlTraceW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
CryptGenRandom
TraceEvent
CryptReleaseContext
CryptDestroyKey
CryptDecrypt
CryptGetUserKey
CryptAcquireContextW
CryptGetProvParam
ole32
CoCreateGuid
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance
oleaut32
SysStringByteLen
VarUI4FromStr
SysStringLen
LoadRegTypeLi
SysAllocStringByteLen
UnRegisterTypeLi
RegisterTypeLi
SysAllocStringLen
LoadTypeLi
SysAllocString
SysFreeString
crypt32
CryptDecryptMessage
CertAddEncodedCertificateToStore
CertSetCertificateContextProperty
CryptExportPublicKeyInfo
CertCreateCertificateContext
CertNameToStrW
CertFindExtension
CryptDecodeObjectEx
CertVerifyTimeValidity
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CryptAcquireCertificatePrivateKey
CertGetNameStringW
CertFreeCertificateContext
CertCloseStore
CertOpenStore
CertDuplicateCertificateContext
CertAddCertificateContextToStore
CryptEncodeObject
gdiplus
GdipCreateFromHDC
GdipCloneImage
GdipLoadImageFromStream
GdipDisposeImage
GdiplusStartup
GdipAlloc
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectRectI
GdiplusShutdown
GdipFree
GdipDeleteGraphics
gdi32
SetBkMode
CreateSolidBrush
CreateFontIndirectW
GetObjectW
GetDeviceCaps
BitBlt
RoundRect
CreatePen
GetStockObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
SetTextColor
shlwapi
PathFileExistsW
StrStrIW
msimg32
GradientFill
cryptui
CryptUIDlgViewCertificateW
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 776KB - Virtual size: 776KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 234KB - Virtual size: 234KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 54KB - Virtual size: 54KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$SYSDIR/npCryptoKit.CertEnrollment.UD.x86.dll.dll windows:5 windows x86 arch:x86
ca37ec13dab380d1cfb798650b0a78ec
Code Sign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29/04/2021, 00:00Not After28/04/2036, 23:59SubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before21/09/2022, 00:00Not After21/11/2033, 23:59SubjectCN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0f:d6:db:25:2a:af:e3:c3:a6:80:a7:73:92:f0:70:4cCertificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before02/02/2023, 00:00Not After12/02/2026, 23:59SubjectCN=China Financial Certification Authority Co. Ltd,O=China Financial Certification Authority Co. Ltd,ST=beijing,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
a5:fd:9c:65:06:17:d7:df:fa:b8:71:73:5f:67:2b:65:89:92:dc:8fSigner
Actual PE Digesta5:fd:9c:65:06:17:d7:df:fa:b8:71:73:5f:67:2b:65:89:92:dc:8fDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
D:\agent\_work\656\s\Toolkits\Private\Src\CryptoKits\CertEnrollment.UD\PackageInstallScript\x86\Release\npCryptoKit.CertEnrollment.UD.x86.pdb
Imports
kernel32
GlobalUnlock
GlobalFree
GetFileType
GetStdHandle
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
LoadLibraryA
GetVersionExA
FlushConsoleInputBuffer
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GlobalLock
RtlUnwind
HeapFree
HeapAlloc
Sleep
ExitProcess
SetConsoleCtrlHandler
HeapReAlloc
GetSystemTimeAsFileTime
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GlobalAlloc
TlsAlloc
TlsSetValue
TlsFree
LCMapStringW
SetHandleCount
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
GetConsoleCP
VirtualAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
SetStdHandle
SetFilePointer
LCMapStringA
CreateFileA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
GetProcessHeap
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryExW
EnterCriticalSection
RaiseException
LeaveCriticalSection
lstrcmpiW
lstrlenW
OutputDebugStringA
GetFileAttributesW
GetVersion
GetModuleHandleW
GetModuleHandleA
FlushFileBuffers
GetFileSizeEx
FreeResource
LoadResource
SizeofResource
FindResourceW
InterlockedCompareExchange
IsProcessorFeaturePresent
FormatMessageW
MultiByteToWideChar
lstrlenA
SetLastError
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryW
LocalFree
GetVersionExW
GetTempPathW
WriteFile
DeleteFileW
CloseHandle
ReadFile
CreateFileW
WideCharToMultiByte
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
GetModuleFileNameW
TlsGetValue
GetCommandLineA
LocalAlloc
user32
GetCursorPos
EndDialog
EndPaint
FillRect
BeginPaint
ShowWindow
BringWindowToTop
SendMessageW
GetForegroundWindow
GetActiveWindow
LoadStringW
PtInRect
TrackMouseEvent
InvalidateRect
CreateWindowExW
CallWindowProcW
GetDC
ReleaseDC
GetSystemMetrics
LoadImageW
GetWindow
GetWindowLongW
MonitorFromWindow
GetMonitorInfoW
GetParent
GetClientRect
MapWindowPoints
GetDlgItem
SetWindowPos
GetWindowRect
ScreenToClient
SetWindowLongW
DialogBoxParamW
DefWindowProcW
CharNextW
DrawTextW
GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow
MessageBoxA
UnregisterClassA
advapi32
CryptGetProvParam
CryptEnumProvidersW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
CryptCreateHash
CryptHashData
CryptSignHashW
CryptDestroyHash
CryptGetHashParam
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
CryptGenKey
TraceEvent
CryptReleaseContext
CryptAcquireContextW
CryptGetUserKey
CryptDecrypt
CryptDestroyKey
ControlTraceW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
CryptExportKey
CryptSetKeyParam
CryptImportKey
CryptGenRandom
DeregisterEventSource
ReportEventA
RegisterEventSourceA
CryptGetKeyParam
oleaut32
SysAllocString
SysStringByteLen
VarUI4FromStr
SysAllocStringLen
SysAllocStringByteLen
SysFreeString
crypt32
CertDuplicateCertificateContext
CertGetNameStringW
CryptAcquireCertificatePrivateKey
CryptExportPublicKeyInfo
CryptDecryptMessage
CryptEncodeObject
CertVerifyTimeValidity
CryptDecodeObjectEx
CertFindExtension
CertNameToStrW
CertAddCertificateContextToStore
CertCloseStore
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertCreateCertificateContext
CertOpenStore
CertFreeCertificateContext
CertAddEncodedCertificateToStore
CertSetCertificateContextProperty
msimg32
GradientFill
gdiplus
GdipFree
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipDisposeImage
GdipLoadImageFromStream
GdipCloneImage
GdipAlloc
gdi32
CreateSolidBrush
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
CreatePen
RoundRect
BitBlt
GetDeviceCaps
GetObjectW
CreateFontIndirectW
SetTextColor
SetBkMode
GetStockObject
ole32
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateGuid
CoCreateInstance
shlwapi
PathFileExistsW
StrStrIW
cryptui
CryptUIDlgViewCertificateW
Exports
Exports
NP_GetEntryPoints
NP_GetMIMEDescription
NP_Initialize
NP_Shutdown
Sections
.text Size: 802KB - Virtual size: 802KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 242KB - Virtual size: 241KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 11KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 44KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 60KB - Virtual size: 59KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$WINDIR/System32/CryptoKit.CertEnrollment.UD.x64.dll.dll regsvr32 windows:5 windows x64 arch:x64
2668f318ef318d1beeb4006b326ff5ad
Code Sign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29/04/2021, 00:00Not After28/04/2036, 23:59SubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before21/09/2022, 00:00Not After21/11/2033, 23:59SubjectCN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0f:d6:db:25:2a:af:e3:c3:a6:80:a7:73:92:f0:70:4cCertificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before02/02/2023, 00:00Not After12/02/2026, 23:59SubjectCN=China Financial Certification Authority Co. Ltd,O=China Financial Certification Authority Co. Ltd,ST=beijing,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:52:d0:3a:a6:9c:d8:15:85:7e:a2:36:c7:7e:43:47:b3:4b:f2:22Signer
Actual PE Digest52:52:d0:3a:a6:9c:d8:15:85:7e:a2:36:c7:7e:43:47:b3:4b:f2:22Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
D:\agent\_work\656\s\Toolkits\Private\Src\CryptoKits\CertEnrollment.UD\PackageInstallScript\x64\Release\CryptoKit.CertEnrollment.UD.x64.pdb
Imports
kernel32
InterlockedPushEntrySList
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
lstrlenA
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
lstrcmpiW
GetModuleHandleW
FormatMessageW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
MultiByteToWideChar
GetLastError
SetLastError
DeactivateActCtx
ActivateActCtx
FindActCtxSectionStringW
CreateActCtxW
GetModuleHandleExW
QueryActCtxW
OutputDebugStringA
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
GetVersionExW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
GetVersion
GetFileType
GetStdHandle
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
CloseHandle
LoadLibraryA
FlushConsoleInputBuffer
WideCharToMultiByte
CreateFileW
ReadFile
DeleteFileW
WriteFile
GetTempPathW
FileTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
FlushFileBuffers
HeapAlloc
HeapFree
RtlPcToFileHeader
RtlUnwindEx
RtlLookupFunctionEntry
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
FlsSetValue
GetCommandLineA
Sleep
ExitProcess
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
HeapReAlloc
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
GetModuleFileNameA
HeapSetInformation
HeapCreate
HeapDestroy
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
HeapSize
LCMapStringW
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetConsoleCP
SetStdHandle
SetFilePointer
LCMapStringA
CreateFileA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
GetProcessHeap
LoadLibraryW
GetProcAddress
FreeLibrary
LocalAlloc
LocalFree
user32
PtInRect
TrackMouseEvent
InvalidateRect
CreateWindowExW
GetWindowLongPtrW
CallWindowProcW
GetDC
ReleaseDC
GetSystemMetrics
DrawTextW
GetUserObjectInformationW
GetProcessWindowStation
BeginPaint
GetCursorPos
GetWindowRect
ScreenToClient
SetWindowLongPtrW
DialogBoxParamW
DefWindowProcW
LoadStringW
CharNextW
GetActiveWindow
GetForegroundWindow
DestroyWindow
UnregisterClassA
ShowWindow
BringWindowToTop
EndDialog
EndPaint
MessageBoxW
FillRect
SendMessageW
LoadImageW
GetWindow
GetWindowLongW
MonitorFromWindow
GetMonitorInfoW
GetParent
GetClientRect
MapWindowPoints
GetDlgItem
GetDesktopWindow
SetWindowPos
advapi32
ReportEventW
RegisterEventSourceW
CryptCreateHash
CryptHashData
CryptSignHashW
CryptDestroyHash
CryptGetHashParam
CryptEnumProvidersW
CryptGetKeyParam
CryptSetKeyParam
CryptImportKey
CryptGenKey
CryptExportKey
CryptGenRandom
UnregisterTraceGuids
RegisterTraceGuidsW
CryptGetProvParam
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegQueryValueExW
ControlTraceW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
TraceEvent
CryptReleaseContext
CryptDestroyKey
CryptDecrypt
CryptGetUserKey
CryptAcquireContextW
RegDeleteKeyW
RegDeleteValueW
DeregisterEventSource
ole32
CoCreateGuid
CoUninitialize
CoTaskMemAlloc
CoInitialize
CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance
oleaut32
SysStringByteLen
VarUI4FromStr
SysStringLen
LoadRegTypeLi
SysAllocStringByteLen
UnRegisterTypeLi
RegisterTypeLi
SysAllocStringLen
LoadTypeLi
SysAllocString
SysFreeString
crypt32
CryptDecryptMessage
CertAddEncodedCertificateToStore
CertSetCertificateContextProperty
CryptExportPublicKeyInfo
CertNameToStrW
CertFindExtension
CryptDecodeObjectEx
CertVerifyTimeValidity
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertCreateCertificateContext
CryptAcquireCertificatePrivateKey
CertGetNameStringW
CertFreeCertificateContext
CertCloseStore
CertOpenStore
CertDuplicateCertificateContext
CertAddCertificateContextToStore
CryptEncodeObject
gdiplus
GdipDeleteGraphics
GdipCloneImage
GdipLoadImageFromStream
GdipDisposeImage
GdipAlloc
GdipGetImageHeight
GdipGetImageWidth
GdiplusStartup
GdiplusShutdown
GdipCreateFromHDC
GdipFree
GdipDrawImageRectRectI
gdi32
SetBkMode
SetTextColor
CreateFontIndirectW
GetObjectW
GetDeviceCaps
BitBlt
CreateSolidBrush
CreatePen
GetStockObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
RoundRect
shlwapi
PathFileExistsW
StrStrIW
msimg32
GradientFill
cryptui
CryptUIDlgViewCertificateW
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 930KB - Virtual size: 929KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 293KB - Virtual size: 292KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 146KB - Virtual size: 164KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 49KB - Virtual size: 49KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
CertEnrollmentHost.UD.x86.exe.exe windows:5 windows x86 arch:x86
a0317d6a1c8269d30580c31387571cb2
Code Sign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29/04/2021, 00:00Not After28/04/2036, 23:59SubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before21/09/2022, 00:00Not After21/11/2033, 23:59SubjectCN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0f:d6:db:25:2a:af:e3:c3:a6:80:a7:73:92:f0:70:4cCertificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before02/02/2023, 00:00Not After12/02/2026, 23:59SubjectCN=China Financial Certification Authority Co. Ltd,O=China Financial Certification Authority Co. Ltd,ST=beijing,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
26:19:ff:4f:03:cc:f0:56:28:ac:df:51:c0:fb:6e:34:c7:44:e6:acSigner
Actual PE Digest26:19:ff:4f:03:cc:f0:56:28:ac:df:51:c0:fb:6e:34:c7:44:e6:acDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
D:\agent\_work\656\s\Toolkits\Private\Src\CryptoKits\CertEnrollment.UD\PackageInstallScript\x86\Release\CertEnrollmentHost.UD.x86.pdb
Imports
kernel32
LoadLibraryExW
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
GetCurrentProcess
FlushInstructionCache
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
EnterCriticalSection
RtlUnwind
Sleep
ExitProcess
SetConsoleCtrlHandler
HeapFree
HeapReAlloc
HeapAlloc
GetSystemTimeAsFileTime
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RaiseException
TlsAlloc
TlsSetValue
TlsFree
LCMapStringW
SetHandleCount
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
HeapCreate
VirtualFree
InitializeCriticalSectionAndSpinCount
VirtualAlloc
GetConsoleCP
SetStdHandle
SetFilePointer
LCMapStringA
CreateFileA
HeapSize
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
GetProcessHeap
LeaveCriticalSection
lstrcmpiW
lstrlenW
OutputDebugStringA
GetFileAttributesW
FlushFileBuffers
GetFileSizeEx
FreeResource
LoadResource
SizeofResource
FindResourceW
GetVersionExW
GetTempPathW
WriteFile
DeleteFileW
ReadFile
CreateFileW
WideCharToMultiByte
InterlockedCompareExchange
IsProcessorFeaturePresent
GetModuleHandleW
FormatMessageW
MultiByteToWideChar
lstrlenA
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryW
LocalFree
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
GetModuleFileNameW
SetLastError
FlushConsoleInputBuffer
GetVersionExA
LoadLibraryA
CloseHandle
GlobalMemoryStatus
GetCurrentProcessId
QueryPerformanceCounter
GetTickCount
GetStdHandle
GetFileType
GetVersion
GetModuleHandleA
GetCurrentThreadId
TlsGetValue
IsDebuggerPresent
LocalAlloc
user32
BeginPaint
ShowWindow
BringWindowToTop
SendMessageW
LoadImageW
GetWindow
GetWindowLongW
MonitorFromWindow
GetForegroundWindow
GetActiveWindow
LoadStringW
FillRect
EndPaint
EndDialog
GetCursorPos
PtInRect
TrackMouseEvent
InvalidateRect
CreateWindowExW
GetMonitorInfoW
GetParent
GetClientRect
MapWindowPoints
GetDlgItem
SetWindowPos
GetWindowRect
ScreenToClient
SetWindowLongW
DialogBoxParamW
DefWindowProcW
CharNextW
MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
CallWindowProcW
GetDC
ReleaseDC
GetSystemMetrics
DrawTextW
UnregisterClassA
advapi32
ReportEventA
RegisterEventSourceA
CryptGetKeyParam
CryptGetProvParam
CryptEnumProvidersW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
CryptCreateHash
CryptHashData
CryptSignHashW
CryptDestroyHash
CryptGetHashParam
RegQueryInfoKeyW
TraceEvent
CryptReleaseContext
CryptAcquireContextW
CryptGetUserKey
CryptDecrypt
CryptDestroyKey
ControlTraceW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
RegEnumKeyExW
RegDeleteValueW
CryptGenKey
CryptExportKey
CryptSetKeyParam
CryptImportKey
CryptGenRandom
DeregisterEventSource
oleaut32
SysAllocString
SysStringByteLen
VarUI4FromStr
SysAllocStringLen
SysAllocStringByteLen
SysFreeString
crypt32
CertDuplicateCertificateContext
CertGetNameStringW
CryptAcquireCertificatePrivateKey
CryptExportPublicKeyInfo
CryptDecryptMessage
CryptEncodeObject
CertVerifyTimeValidity
CryptDecodeObjectEx
CertFindExtension
CertNameToStrW
CertAddCertificateContextToStore
CertCloseStore
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertCreateCertificateContext
CertOpenStore
CertFreeCertificateContext
CertAddEncodedCertificateToStore
CertSetCertificateContextProperty
msimg32
GradientFill
gdiplus
GdipFree
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipDisposeImage
GdipLoadImageFromStream
GdipCloneImage
GdipAlloc
gdi32
DeleteObject
BitBlt
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
CreateSolidBrush
GetStockObject
CreatePen
RoundRect
GetObjectW
CreateFontIndirectW
SetTextColor
SetBkMode
SelectObject
ole32
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateGuid
CoCreateInstance
shlwapi
PathFileExistsW
StrStrIW
cryptui
CryptUIDlgViewCertificateW
Sections
.text Size: 828KB - Virtual size: 828KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 251KB - Virtual size: 250KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 43KB - Virtual size: 43KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 61KB - Virtual size: 61KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
com.cfca.CertEnrollmentHost.UD-firefox.json
-
com.cfca.CertEnrollmentHost.UD-win.json
-
uninst.exe.exe windows:4 windows x86 arch:x86
56a78d55f3f7af51443e58e0ce2fb5f6
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW
shell32
SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
ole32
OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree
comctl32
ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked
user32
GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu
gdi32
SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject
kernel32
GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
CreateFileW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
Sections
.text Size: 26KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 172KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 108KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 29KB - Virtual size: 29KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/System.dll.dll windows:4 windows x86 arch:x86
fc0224e99e736751432961db63a41b76
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError
user32
wsprintfW
ole32
StringFromGUID2
CLSIDFromString
Exports
Exports
Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc
Sections
.text Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 867B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 120B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 662B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/Utility.dll.dll windows:5 windows x86 arch:x86
e94bd755e974f0e570e2969b9d725e70
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
D:\agent\_work\290\s\CSP\Private\Src\Tools\Utility\Release\Utility.pdb
Imports
kernel32
WriteFile
GetLastError
SetLastError
CreateToolhelp32Snapshot
GetCurrentThreadId
OpenProcess
TerminateProcess
Process32NextW
WaitForMultipleObjects
CloseHandle
GetCurrentProcessId
FreeLibrary
GetProcAddress
LoadLibraryW
LocalFree
Process32FirstW
LocalAlloc
CreateFileA
GlobalFree
lstrcpyW
lstrcpynW
GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineA
HeapFree
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
HeapAlloc
VirtualAlloc
HeapReAlloc
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
SetStdHandle
FlushFileBuffers
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
advapi32
RegCloseKey
GetTraceEnableLevel
RegOpenKeyExW
UnregisterTraceGuids
GetTraceLoggerHandle
RegQueryValueExW
GetTraceEnableFlags
ControlTraceW
TraceEvent
RegisterTraceGuidsW
user32
wsprintfW
Exports
Exports
FindProc
GetOSVersion
KillProc
Sections
.text Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ