Archive installation[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Archive installation.rar
Size

2.8MB
MD5

9fb05de522c81603008ec77846048957
SHA1

50cffd88c9fe853a3e2a3a5000115f800fd10385
SHA256

c72770b51bc048bc660d8dd23d5c5dab5addd9d5dc604d9d7f434b88acb71359
SHA512

bae3be3de9d5d14d5a7a23326b08d6e772a7c38e439578cbf66bd382c048a51a4a9f95704fa56ad5e948e3b735f275738676bb07f46e203d60d974be19ea82c5
SSDEEP

49152:ydPMKjtjU6dPz6cNxa8KX6LDewzHgGTMtX5cAFGRzbEc4EntpG9:+TpDPRDT4XwzHgGIFKtzbEdEvG9

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Archive installation/Installer.exe
unpack001/Archive installation/ssleay32.dll
unpack001/Archive installation/version.dll

Files

Archive installation.rar
.rar

Password: crackpass
Archive installation/05/050ee8116a49e7788e4191a22417b59b4eba8456
Archive installation/05/0556f8b2dc424e7368b4ab9f8a315aa26982e3fc
Archive installation/05/056393a33a9633685c3dc3be2887f5cbd7dbc63f
Archive installation/05/057ab504f5f407ecca355b4b79a0e1c1f75060cf
Archive installation/05/058c46ac658ac3657b31d5395ecec39bf1146b39
Archive installation/05/05baaf5ed0cbdab08292b3962e1b1385e13b9dba
Archive installation/05/05bb8272e6d747d0f94025d4078c2649a889c877
Archive installation/05/05f429069e65d78f7e6609d070a3f294cc3128ab
Archive installation/0c/0c020c5e6a49609c4585654e92b3cfed07558507
Archive installation/0c/0c42b94014a3b58e1ae24defb6beaeb84011f9b8
Archive installation/0c/0c548af9a197ecb01293fea959b3aeba5facf56c
Archive installation/0c/0c6bb010b1b50f592881a1f858d5db5f0a181f22
Archive installation/0c/0c6cb9f73193e345654d12d929d040e72552dd74
Archive installation/0c/0c7bc9616e7cb18b994e01642be868b5e05fd8a3
Archive installation/0c/0c918eebe2806c47fb406527dffdb54939490324
Archive installation/0c/0cb4d27eb86fa2cb33047c3117c82f57ecaa7809
Archive installation/0c/0cb553eb257614ee1a58e57f8d1c292e9cd393c2
Archive installation/0c/0cc576cae7a4c2e2bb969f545ba09a1d4f746e4f
Archive installation/0c/0cd209ea16b052a2f445a275380046615d20775e
Archive installation/0d/0d1862217e8aa9f56768053fa2dabb7956ba9b3a
Archive installation/0d/0d1f43515acec95900f8f63e24181357b1a3913f
Archive installation/0d/0d49fd8c436e66eb5af3a1c0244d20606e4f7716
Archive installation/0d/0d79b43129dc37508ccc97069839667817b406cf
Archive installation/0d/0dc9c8a2206a953c2d3a17ee61c2c676bf92f9eb
Archive installation/0d/0dd9e291f62759f032b893ef5e7b0c22d3345c14
Archive installation/0d/0df757ca882a89072e68a2c71863d97e112b8381
Archive installation/7c/7c0780f28fd89565666f69131e98ca72aa739c05
Archive installation/7c/7c25657256bceffc4832873cbbe75bf445331c72
Archive installation/7c/7c58d79a33c20c776c6f592b80e96305034c6dbe
Archive installation/7c/7c6d3020a1a11e34e722cc7e5283de54ca8cae19
Archive installation/7c/7c7d7bf29ea726cd547bff1e168e6417d62a0bbe
Archive installation/7c/7c8b86a7d33ff1b78bcf6e867386c1e5e047d08e
Archive installation/7c/7c8f2ffac9470cbd75cb668797714c3602bc3ebe
Archive installation/7c/7c913182e2d4ddba07c784252a52c12f6bd9e326
Archive installation/7c/7cad63868714143ffd5c22b70a741dd99ede4959
Archive installation/7c/7caf120473d3407872187d921c9b6309e2a61da1
Archive installation/7c/7ce2d8b2748ebef2e1492e7712631fe6746f2afd
Archive installation/7c/7cebcca3cdbb5d736d2f56e0a0f37537d877d47c
Archive installation/9d/9d0345692ed5e6192fb2ae8463a19cb9ee983a63
Archive installation/9d/9d034bf3ba36b297487b2380b908713982a83a3a
Archive installation/9d/9d08fbffdce80de89f68e58d17b44645cf867e20
Archive installation/9d/9d227a57c026c16a279d9c6a9a6ec5eb37890ba1
Archive installation/9d/9d485556b89bf776042080774679c37300bc744b
Archive installation/9d/9dc2dc677905c29fa35138a3bdaec7dac777c30a
Archive installation/9d/9dd32387135eefa7ab95996d52a5ca4cec8a3b30
.png

Password: crackpass
Archive installation/9d/9de75e25e57b327074f50fefd60bff0589702f19
Archive installation/AavmRpch.dll
.dll windows:5 windows x86 arch:x86

Password: crackpass

7f66b15141d8f2e4679d8b1c52184e46

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:9f:ed:ed:cb:79:5b:8d:ed:32:0c:89:19:f0:36:89
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21/05/2013, 00:00

Not After

04/06/2014, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0e:f5:ec:a7:bd:31:cf:c3:a7:f8:e6:25:9b:42:33:59
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

12/07/2013, 00:00

Not After

14/09/2016, 12:00

Subject

CN=AVAST Software a.s.,O=AVAST Software a.s.,L=Praha 4,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4b:7e:4d:32:be:4f:16:11:d6:ca:a1:e0:3e:8e:b6:a8:ce:3b:27:d5
Signer

Actual PE Digest

4b:7e:4d:32:be:4f:16:11:d6:ca:a1:e0:3e:8e:b6:a8:ce:3b:27:d5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Avast900\src\BUILDS\Release\x86\AavmRpch.pdb

Imports

rpcrt4

RpcBindingFree
RpcStringFreeW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcSsDestroyClientContext
NdrPointerUnmarshall
NdrComplexStructUnmarshall
NdrFullPointerXlatInit
NdrConformantStringMarshall
NdrConvert
NdrClientContextUnmarshall
NdrSendReceive
NdrConformantStringUnmarshall
NDRCContextBinding
NdrFullPointerXlatFree
NdrConformantArrayUnmarshall
NdrConformantVaryingArrayUnmarshall
NdrConformantStringBufferSize
NdrPointerBufferSize
NdrGetBuffer
NdrClientContextMarshall
NdrFreeBuffer
NdrSimpleStructMarshall
NdrSimpleTypeMarshall
NdrConformantArrayBufferSize
NdrPointerMarshall
NdrClientInitializeNew
RpcRaiseException
NdrConformantArrayMarshall

kernel32

OpenFileMappingW
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
CreateFileMappingW
OpenSemaphoreW
CreateSemaphoreW
OpenEventW
CreateEventW
OpenMutexW
CreateMutexW
SetLastError
DeviceIoControl
CloseHandle
CreateFileW
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
HeapFree
HeapAlloc
GetProcessHeap

advapi32

MakeSelfRelativeSD
GetSecurityDescriptorControl

msvcr110

?terminate@@YAXXZ
__clean_type_info_names_internal
__crtTerminateProcess
_amsg_exit
__crtUnhandledException
_crt_debugger_hook
_initterm_e
_malloc_crt
_except_handler4_common
_CxxThrowException
memset
__CxxFrameHandler3
memcpy
_initterm
??3@YAXPAX@Z
memmove
memcpy_s
??2@YAPAXI@Z
memmove_s
_wcsicmp
_purecall
free
swprintf_s
malloc
??1type_info@@UAE@XZ
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
__CppXcptFilter

msvcp110

?_Winerror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z

Exports

Exports

AavmGetInstalledAvastProductMask
AavmRpcAccountPairDevice
AavmRpcAdBlockerInstallPlugin
AavmRpcAdBlockerUninstallPlugin
AavmRpcAddCounter
AavmRpcAswRdrChangePid
AavmRpcBtsSchedule
AavmRpcChangeExcludedHash
AavmRpcCheckBlacklistCustomerNo
AavmRpcCheckBlacklistLicenseId
AavmRpcControlFirewallService
AavmRpcCopyTaskDefinition
AavmRpcCreateBinding
AavmRpcCreateTask
AavmRpcCreateTaskAccordingParam
AavmRpcDeleteCustomSounds
AavmRpcDeleteFile
AavmRpcDeleteResult
AavmRpcDeleteSession
AavmRpcDeleteSessionType
AavmRpcDeleteTask
AavmRpcDestroyBinding
AavmRpcDisableSelfDefense
AavmRpcDiskReadBenchmark
AavmRpcFirewallGetStatus
AavmRpcFirewallStart
AavmRpcFirewallStop
AavmRpcGetATAdiskInfo
AavmRpcGetAtlStringFromCache
AavmRpcGetAvastAccountStatusPackage
AavmRpcGetGlobalState
AavmRpcGetLastScanDate
AavmRpcGetLastScannedItems
AavmRpcGetMailCertificate
AavmRpcGetObjectNamePrefix
AavmRpcGetProductInfo
AavmRpcGetProviderData
AavmRpcGetProviderFromName
AavmRpcGetProviderInfoList
AavmRpcGetProviderList
AavmRpcGetSharedObjectApi
AavmRpcGetStringFromCache
AavmRpcGetVersion
AavmRpcGetVpsInfo
AavmRpcGetVpsProperty
AavmRpcHttpGet
AavmRpcImexExportSettings
AavmRpcImexImportSettings
AavmRpcImexUnpackPackage
AavmRpcInstallSoundPack
AavmRpcIsPasswordEmpty
AavmRpcIsProductExpired
AavmRpcIsValueInCache
AavmRpcJumpshotBoot
AavmRpcJumpshotCreateCD
AavmRpcJumpshotCreateUSB
AavmRpcJumpshotGetCdDevices
AavmRpcJumpshotGetScanFrequency
AavmRpcJumpshotGetUsbDevices
AavmRpcJumpshotRebootCheck
AavmRpcJumpshotRequestToken
AavmRpcJumpshotStartScan
AavmRpcJumpshotStoreToken
AavmRpcJumpshotWindowsUpdatePending
AavmRpcKillSidebar
AavmRpcMailScan
AavmRpcMailScanFree
AavmRpcMailScanInit
AavmRpcMoveFileEx
AavmRpcNetAlert
AavmRpcNgSnxNotificationCallback
AavmRpcOpenClosePwd
AavmRpcPasswordCheck
AavmRpcPauseShields
AavmRpcProcessActivationCode
AavmRpcProviderDataChanged
AavmRpcProviderPause
AavmRpcProviderResume
AavmRpcProviderStart
AavmRpcProviderStop
AavmRpcProviderUpdateConfiguration
AavmRpcQueryThreatObjects
AavmRpcRegisterRestartableProcess
AavmRpcRemoveLicenseFile
AavmRpcRequestARLicense
AavmRpcRequestDemoLicenseFile
AavmRpcRequestUpgradeLicenseFile
AavmRpcResetToFactorySettings
AavmRpcResumeShields
AavmRpcRunComponent
AavmRpcRunSystemComponent
AavmRpcScanFile
AavmRpcSetLicenseFileCommon
AavmRpcSetMirrorInfo
AavmRpcSetProperty
AavmRpcSetPropertyInt
AavmRpcSetProviderProperty
AavmRpcSetProviderPropertyInt
AavmRpcSetProxySettings
AavmRpcSetRegistrationInfo
AavmRpcSetStringInCache
AavmRpcSetTaskProperty
AavmRpcSetTaskPropertyInt
AavmRpcSetUserPublicPropertyInt
AavmRpcShredFileList
AavmRpcShredFreeSpace
AavmRpcShredPartition
AavmRpcSpamChangeEmailsList
AavmRpcSpamCheck
AavmRpcSpamFree
AavmRpcSpamGetEmailsList
AavmRpcSpamInit
AavmRpcStartOfferTool
AavmRpcStartScan
AavmRpcStartShields
AavmRpcStopShields
AavmRpcStopShredder
AavmRpcStringDecrypt
AavmRpcSubmitFile
AavmRpcTransferDataBlock
AavmRpcUnregisterRestartableProcess
AavmRpcUpdateScanFlags
AavmRpcUpdateScanResult
AavmRpcUpdateSessionFlags
AavmRpcUpgradeEdition
AavmRpcWebRepInstallPlugin
AavmRpcWebRepUninstallPlugin
VpnBeginActivateLicense
VpnBeginActivateLicenseUsingLicenseID
VpnBeginConnectToClosestServer
VpnBeginConnectToServer
VpnBeginDisconnectFromServer
VpnBeginPingServer
VpnBeginPingServers
VpnBeginRefreshServerList
VpnGetServerCount
VpnGetServerList
VpnGetStatus
VpnOnInternetConnectivityAvailable
VpnRefreshServerList

Sections

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Archive installation/AhAScr.dll
.dll regsvr32 windows:5 windows x86 arch:x86

Password: crackpass

f7f291b80d7db7994c7e4d25d04561db

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:9f:ed:ed:cb:79:5b:8d:ed:32:0c:89:19:f0:36:89
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21/05/2013, 00:00

Not After

04/06/2014, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0e:f5:ec:a7:bd:31:cf:c3:a7:f8:e6:25:9b:42:33:59
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

12/07/2013, 00:00

Not After

14/09/2016, 12:00

Subject

CN=AVAST Software a.s.,O=AVAST Software a.s.,L=Praha 4,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8b:48:8b:3d:8f:ee:04:ca:28:14:11:40:d7:3d:da:cd:58:88:f1:d7
Signer

Actual PE Digest

8b:48:8b:3d:8f:ee:04:ca:28:14:11:40:d7:3d:da:cd:58:88:f1:d7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Avast900\src\BUILDS\Release\x86\AhAScr.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

LoadLibraryExW
GetModuleFileNameW
InitializeCriticalSection
GetCommandLineW
GetPrivateProfileIntW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetThreadLocale
SetThreadLocale
DecodePointer
EncodePointer
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
InterlockedDecrement
LoadLibraryW
IsBadReadPtr
GetVersionExW
MapViewOfFile
CloseHandle
UnmapViewOfFile
LocalFree
WaitForSingleObject
FindResourceW
CreateFileW
DeviceIoControl
SetLastError
CreateMutexW
CreateFileMappingW
WideCharToMultiByte
GetCurrentProcessId
GetShortPathNameW
lstrcpyW
lstrcatW
GetTempPathW
GetTempFileNameW
WriteFile
DeleteFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
LoadResource
SizeofResource
MultiByteToWideChar
GetLastError
RaiseException
lstrcmpiW
GetModuleHandleW
GetProcAddress
FreeLibrary
GetStringTypeW
SetEndOfFile
ReadFile
ReleaseMutex
ReadConsoleW
SetFilePointerEx
LCMapStringW
OutputDebugStringW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
HeapAlloc
HeapFree
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
GetCurrentThreadId
RtlUnwind
ExitProcess
GetModuleHandleExW
GetStdHandle
GetProcessHeap
HeapReAlloc
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
Sleep
GetConsoleCP
GetConsoleMode
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW

user32

wsprintfW
CharNextW

advapi32

GetSecurityDescriptorControl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyW
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
MakeSelfRelativeSD

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CLSIDFromString
CoCreateInstance
CoCreateFreeThreadedMarshaler
StringFromGUID2
CoTaskMemFree

oleaut32

LoadRegTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
RegisterTypeLi
VarUI4FromStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Archive installation/AhResMai.dll
.dll windows:5 windows x86 arch:x86

Password: crackpass

f92970a5f94c5d5ea1ab52e4781404c1

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:9f:ed:ed:cb:79:5b:8d:ed:32:0c:89:19:f0:36:89
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21/05/2013, 00:00

Not After

04/06/2014, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0e:f5:ec:a7:bd:31:cf:c3:a7:f8:e6:25:9b:42:33:59
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

12/07/2013, 00:00

Not After

14/09/2016, 12:00

Subject

CN=AVAST Software a.s.,O=AVAST Software a.s.,L=Praha 4,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

df:ae:50:d8:29:d5:6f:a0:8b:33:1c:43:0d:6e:7f:7d:09:c5:a4:a8
Signer

Actual PE Digest

df:ae:50:d8:29:d5:6f:a0:8b:33:1c:43:0d:6e:7f:7d:09:c5:a4:a8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Avast900\src\BUILDS\Release\x86\AhResMai.pdb

Imports

kernel32

CreateEventW
CreateThread
GetModuleFileNameW
UnmapViewOfFile
CloseHandle
TerminateThread
GetProcessHeap
HeapFree
GetLastError
LoadLibraryExW
MapViewOfFile
Sleep
FreeLibrary
HeapAlloc
GetFileAttributesW
ReleaseMutex
WaitForSingleObject
IsProcessorFeaturePresent
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
SetEvent
GetThreadLocale
GetDateFormatW
GetProcAddress
FileTimeToSystemTime
QueryPerformanceCounter
IsDebuggerPresent

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

aswcmnbs

secOpenSharedEvent
secCreateSharedEvent
secCreateSharedMutex
secCreateSharedFileMapping
fsGetAvastProgramPath

aavm4h

AavmGetVpsFileTime
AavmProviderStatusChanged
AavmProviderRegister
AavmGetProviderInfoList

ashbase

_basCreatePath@16
_basIsComponentInstalled@4

aswproperty

aswPropertyFreeLibrary
?GetProperty@settings@asw@@YAKPB_WPAH@Z
?GetProviderProperty@settings@asw@@YAKPB_W0PAH@Z
aswPropertyInitLibrary
?GetProperty@settings@asw@@YAKPB_WPA_WI@Z

msvcp110

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z

msvcr110

memset
?terminate@@YAXXZ
__clean_type_info_names_internal
_CxxThrowException
__CxxFrameHandler3
memcpy
_except_handler4_common
??3@YAXPAX@Z
_snwprintf
memmove
_purecall
??2@YAPAXI@Z
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
??1type_info@@UAE@XZ
__CppXcptFilter
_amsg_exit
free
_malloc_crt
_initterm
_initterm_e

Exports

Exports

AvResDeinitialize
AvResGetConfiguration
AvResGetHProvider
AvResGetVersion
AvResInitialize
AvResPause
AvResResume
AvResRun
AvResStop
AvResUpdateConfiguration
GetState
g_hProvider
g_sConfigData
g_szVPSDate
x_GetVPSDate
x_SetServiceStateDirect

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Archive installation/AhResStd.dll
.dll windows:5 windows x86 arch:x86

Password: crackpass

e8a6e3f5c20ee268d17e515f75943aad

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:9f:ed:ed:cb:79:5b:8d:ed:32:0c:89:19:f0:36:89
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21/05/2013, 00:00

Not After

04/06/2014, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0e:f5:ec:a7:bd:31:cf:c3:a7:f8:e6:25:9b:42:33:59
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

12/07/2013, 00:00

Not After

14/09/2016, 12:00

Subject

CN=AVAST Software a.s.,O=AVAST Software a.s.,L=Praha 4,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

85:0a:9b:95:bf:29:9e:e5:06:97:a5:fb:0f:ba:d2:2d:fc:14:49:eb
Signer

Actual PE Digest

85:0a:9b:95:bf:29:9e:e5:06:97:a5:fb:0f:ba:d2:2d:fc:14:49:eb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Avast900\src\BUILDS\Release\x86\AhResStd.pdb

Imports

kernel32

CreateFileW
GetProcAddress
CloseHandle
GetModuleFileNameW
ExpandEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentThreadId
ReadFile
GetFileAttributesW
GetVersionExW
TerminateThread
LoadLibraryW
GetProcessHeap
GetLogicalDrives
WaitForSingleObject
HeapFree
LoadLibraryExW
HeapAlloc
FreeLibrary
GetDriveTypeW
CreateThread
GetFileSize
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer

user32

wsprintfW

advapi32

RegQueryValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCloseKey
RegOpenKeyW

aavm4h

FilterComm_Send
AavmGetDllCachePath
AavmProviderRegister
AavmGetScannerExtensionsDllPath
AavmGetVpsProperty
AavmDecreaseProcessPriority
aavmFltIsPresent
AavmIncreaseProcessPriority
aavmFltCheckMgrService

ashbase

_basGetStringValue@16
_basIsOtherAVInstalled@4
_basGetBaseLang@0
_basLogEvent2@24

aswproperty

?GetProviderProperty@settings@asw@@YAKPB_W0PAH@Z
?ReturnProperty@settings@asw@@YAHW4PropertyStore@12@PB_W1H@Z
aswPropertyFreeLibrary
?GetProperty@settings@asw@@YAKPB_WPA_WI@Z
?GetProperty@settings@asw@@YAKPB_WPAH@Z
aswPropertyInitLibrary

msvcp110

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z

aswcmnbs

DSA_FileVerify
secCreateSharedEvent

msvcr110

__dllonexit
memcpy
_CxxThrowException
__clean_type_info_names_internal
__CxxFrameHandler3
?terminate@@YAXXZ
_except_handler4_common
_initterm_e
??3@YAXPAX@Z
wcschr
_wcsicmp
memmove
free
_swprintf
wcsncpy
wcsrchr
_purecall
_wcsupr
wcstok
_wcsdup
??2@YAPAXI@Z
??_V@YAXPAX@Z
_lock
_unlock
_calloc_crt
memset
_onexit
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
??1type_info@@UAE@XZ
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm

Exports

Exports

AvResDeinitialize
AvResInitialize
AvResPause
AvResResume
AvResRun
AvResStop
AvResUpdateConfiguration

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdata
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Archive installation/Installer.exe
.exe windows:4 windows x86 arch:x86

Password: crackpass

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

MSG.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 370KB - Virtual size: 370KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Archive installation/Newtonsoft.Json.dll
.dll windows:4 windows x86 arch:x86

Password: crackpass

dae02f32a21e03ce65412f6e56942daa

Code Sign

06:ce:e1:31:be:6d:55:c8:07:f7:c0:c7:fb:44:e6:20
Certificate

Issuer

CN=DigiCert CS RSA4096 Root G5,O=DigiCert\, Inc.,C=US

Not Before

15/01/2021, 00:00

Not After

14/01/2046, 23:59

Subject

CN=DigiCert CS RSA4096 Root G5,O=DigiCert\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:de:32:e9:50:9b:44:aa:34:b1:da:f1:bc:0e:c8:73
Certificate

Issuer

CN=DigiCert CS RSA4096 Root G5,O=DigiCert\, Inc.,C=US

Not Before

15/07/2021, 00:00

Not After

14/07/2031, 23:59

Subject

CN=.NET Foundation Projects Code Signing CA2,O=.NET Foundation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:d1:40:7a:5a:bd:ed:43:d5:c1:73:12:1d:38:c5:29
Certificate

Issuer

CN=.NET Foundation Projects Code Signing CA2,O=.NET Foundation,C=US

Not Before

13/08/2021, 00:00

Not After

29/10/2024, 23:59

Subject

SERIALNUMBER=603 389 068,CN=Json.NET (.NET Foundation),O=Json.NET (.NET Foundation),L=Redmond,ST=Washington,C=US,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3a:57:8c:7c:68:8b:18:66:50:3e:ca:01:8e:c9:25:ce:98:4d:c3:92:f9:6d:09:57:64:2e:4c:79:0e:24:5a:52
Signer

Actual PE Digest

3a:57:8c:7c:68:8b:18:66:50:3e:ca:01:8e:c9:25:ce:98:4d:c3:92:f9:6d:09:57:64:2e:4c:79:0e:24:5a:52

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 681KB - Virtual size: 680KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Archive installation/aavm4h.dll
.dll windows:5 windows x86 arch:x86

Password: crackpass

97a0712bc4e921b8bfbd938886d832b9

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:64:01:46:e9:80:e0:0e:60:a1:4d:8f:44:4a:59:58
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20/05/2014, 00:00

Not After

03/06/2015, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0e:f5:ec:a7:bd:31:cf:c3:a7:f8:e6:25:9b:42:33:59
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

12/07/2013, 00:00

Not After

14/09/2016, 12:00

Subject

CN=AVAST Software a.s.,O=AVAST Software a.s.,L=Praha 4,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f0:8a:8d:40:4f:9b:ad:9c:ae:87:1e:72:0e:50:38:2a:52:62:b6:7f
Signer

Actual PE Digest

f0:8a:8d:40:4f:9b:ad:9c:ae:87:1e:72:0e:50:38:2a:52:62:b6:7f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Workspace\Recondition_Avast900\src\BUILDS\Release\x86\Aavm4h.pdb

Imports

psapi

GetModuleFileNameExW
EnumProcessModules

crypt32

CertDeleteCertificateFromStore
CertAddEncodedCertificateToStore
CertCloseStore
CertFreeCertificateContext
CertFindCertificateInStore
CertOpenStore

kernel32

DeleteTimerQueueTimer
TerminateThread
ReleaseSemaphore
TlsFree
GetSystemTimeAsFileTime
Sleep
TlsGetValue
ExpandEnvironmentStringsW
FormatMessageW
CreateEventA
OpenEventW
GetTickCount
GetFileTime
CompareFileTime
FindNextChangeNotification
FindFirstChangeNotificationW
FindCloseChangeNotification
GetSystemTime
SystemTimeToFileTime
GetPriorityClass
SetPriorityClass
lstrcpynW
GetDriveTypeW
GetModuleFileNameW
TerminateProcess
WideCharToMultiByte
WriteFile
GetComputerNameExW
CreateProcessW
GetExitCodeProcess
InterlockedExchange
InterlockedCompareExchange
ProcessIdToSessionId
CreateFileMappingW
OpenFileMappingW
GetCurrentThreadId
GetFileSize
SetFilePointer
GetDateFormatW
GetTimeFormatW
SetEndOfFile
HeapReAlloc
IsBadReadPtr
GetWindowsDirectoryW
QueryPerformanceCounter
MoveFileExW
GetCurrentThread
DuplicateHandle
FlushFileBuffers
GetLocalTime
SetLastError
RaiseException
LoadLibraryExA
MultiByteToWideChar
PulseEvent
MapViewOfFile
lstrlenW
lstrcatW
GetComputerNameW
GetVersionExW
LoadLibraryExW
GetLastError
CreateIoCompletionPort
LockResource
LoadResource
SizeofResource
FindResourceW
GetModuleHandleW
TlsAlloc
GetSystemInfo
GetSystemDirectoryW
SetErrorMode
SetThreadPriority
ReleaseMutex
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetCurrentProcessId
lstrcmpW
CancelWaitableTimer
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerW
GetCurrentProcess
SetProcessWorkingSetSize
lstrcpyW
GetProcessTimes
SetProcessAffinityMask
ResumeThread
CreateDirectoryW
GetTempPathW
OpenProcess
HeapAlloc
HeapFree
GetProcessHeap
ResetEvent
WaitForSingleObject
OutputDebugStringW
GetQueuedCompletionStatus
TlsSetValue
FindClose
FindNextFileW
DeleteFileW
FormatMessageA
OpenEventA
HeapSize
HeapDestroy
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
GetModuleHandleA
GetNativeSystemInfo
CreatePipe
GetFileSizeEx
GetOverlappedResult
GetStdHandle
SetHandleInformation
CreateNamedPipeW
GetStartupInfoW
GetTimeZoneInformation
GetLogicalDrives
GetACP
GetOEMCP
GetSystemDefaultLCID
GetSystemDefaultLangID
GlobalMemoryStatusEx
QueryPerformanceFrequency
LoadLibraryW
GetVolumeInformationW
SetFileTime
ExitThread
VirtualFree
VirtualAlloc
GetVersion
GetDiskFreeSpaceW
MoveFileW
LocalFree
RemoveDirectoryW
GetFileAttributesW
SetFileAttributesW
ReadFile
GetPrivateProfileStringW
GetPrivateProfileIntW
UnmapViewOfFile
CreateThread
FreeLibrary
GetProcAddress
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventW
CloseHandle
TryEnterCriticalSection
CreateFileW
DeviceIoControl
SetEvent
InterlockedIncrement
InterlockedDecrement
FindFirstFileW
SetFilePointerEx

user32

GetMessageTime
GetOpenClipboardWindow
GetProcessWindowStation
GetSysColor
GetDialogBaseUnits
GetKeyboardLayout
GetKeyboardType
GetDoubleClickTime
GetCaretBlinkTime
GetMessagePos
GetInputState
AllowSetForegroundWindow
GetCaretPos
GetCursorPos
GetActiveWindow
GetCapture
GetClipboardOwner
GetForegroundWindow
GetFocus
GetDesktopWindow
CreateDesktopW
OpenDesktopW
GetClipboardViewer
LoadStringW
GetSystemMetrics
FindWindowW
WaitForInputIdle
wsprintfW

advapi32

EnumDependentServicesW
ImpersonateLoggedOnUser
RevertToSelf
OpenProcessToken
DuplicateTokenEx
CreateProcessAsUserW
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
RegOpenKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetTokenInformation
RegOpenKeyW
StartServiceW
ControlService
OpenThreadToken
RegOpenCurrentUser

aswcmnbs

fsGetAvastLogPath
GetHardwareId
secOpenSharedEvent
fsGetAvastProgramPath
fsGetAvastDataPath
ldrIsLoaderLockHeld
usnOpenTracker
usnSaveAll
usnCloseTracker
secCreateSharedEvent
secCreateSharedSemaphore
secCreateSharedFileMapping
secCreateSharedMutex
fsGetAvastLicenseFile
sha256GenerateFromName
secOpenSharedFileMapping
ConvertNtPathToDosPath
usnGetMaskFileCheckpoint
usnDeleteFileCheckpoint
secIsProcessTrusted
DSA_FileVerify
strMatchesWildcards
secOpenSharedSemaphore
usnCreateFileCheckpoint
cmnbInit
cmnbFree
secOpenSharedMutex

aswcmnos

dep_fsRemoveFolderRecursive
dep_secGetPublicSecurity
dep_strUnicodeToNormal
dep_secSetPrivilege
dep_secRestorePrivilege
dep_strNormalToUnicode
dep_osGetSystemDir
dep_fsEnableWow64FsRedirection
dep_fsCreateFromHandle
dep_fsOpenFileX
dep_fsCloseFile
dep_strCurrToNewUtf8
dep_strFreeString
dep_osIsWin64
dep_fsReadFile
dep_fsSeekReadFile
dep_fsExtractDriveRoot

avastip

?fill_adapter@adapter_enumerator@ip@@AAE_NAAU_SFindAdapter@2@@Z
?free@hlpapi@ip@@QAEKXZ
?load@hlpapi@ip@@QAEKXZ
?ping@hlpapi@ip@@SAKABVsaddr@2@KAAU_SPingReply@12@@Z
?free@membuffer@ip@@QAEXXZ
?init@lib@ip@@QAEKXZ
?free@lib@ip@@QAEKXZ
?cleanup@winsock2@ip@@QAEKXZ
?start@winsock2@ip@@QAEKAAUWSAData@@@Z
?getnameinfo@winsock2@ip@@SAKABVsaddr@2@PAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@1H@Z
?getaddrinfo@winsock2@ip@@SAKPB_WAAV?$vector@Vaddr@ip@@V?$allocator@Vaddr@ip@@@std@@@std@@0PAUaddrinfoW@@@Z
?find_first@adapter_enumerator@ip@@QAE_NAAU_SFindAdapter@2@K@Z

aswproperty

?SetProperty@settings@asw@@YAKPB_W_J@Z
?GetProperty@settings@asw@@YAKW4PropertyStore@12@PB_W11AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?GetProperty@settings@asw@@YAKPB_WAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
aswRegisterDataFolderEvent
?GetProperty@settings@asw@@YAKW4PropertyStore@12@PB_W11PA_WI@Z
?SetProperty@settings@asw@@YAKW4PropertyStore@12@PB_W1ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?GetProperty@settings@asw@@YAKW4PropertyStore@12@PB_W1HPAH@Z
aswSetTaskPropertyIntEx
aswSetTaskPropertyEx
aswCopyTaskDefinitionEx
?GetProviderProperty@settings@asw@@YAKPB_W0PAH@Z
?GetProviderProperty@settings@asw@@YAKPB_W0PA_WI@Z
aswPropertyFreeLibrary
?SetProviderProperty@settings@asw@@YAKPB_W00@Z
?SetProviderProperty@settings@asw@@YAKPB_W0H@Z
aswCreateTask
PropertyUsesDefaultValue
aswSetStringInLocalCache
aswGetStringFromLocalCache
aswDeleteTask
aswIsValueInLocalCache
aswPropertyInitLibrary
?GetProperty@settings@asw@@YAKPB_WPA_WI@Z
?ReturnProperty@settings@asw@@YAHW4PropertyStore@12@PB_W1H@Z
aswGetAtlStringFromLocalCache
?GetProperty@settings@asw@@YAKPB_WPAH@Z
?SetProperty@settings@asw@@YAKPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

aswengldr

avscanRepair
avscanScanReal
avscanSetScanFlags
avfilesDeleteS
avfilesPopulateUsn
avscanSetFilePublisherChecking
avscanGetScanFlags
avfilesFreeObjectNameBuffer
avfilesGetObjectNameW
avscanSetHeuristicsCallback
avldrDuplicateHandle
avldrGetDefinitionsFolder
avworkInitialize
avldrPostInstallProcessing
avldrGetHandleVersion
avldrCloseModule
avldrLoadModule
avldrCreateHandle
avscanTransferDataBlock
avupdateAvastAccount2
avscanIsBankingSite
avscanGetSiteCorrectEntry
avscanIsFileTrusted
avldrGetEngineInformation
avscanExtractAutorunTargets
avfilesFreeObjectName
avfilesCreateObjectName
avfilesEncodeObjectName
avfilesScanRealSingle
avscanSetPackersRestriction
avscanIsUntrustedSigPublisher
avscanGetWhitelistRecord
avscanSetSensitivity
avscanReportCertificates
avscanSetScanContext
avscanGetScanContext
avscanIsUrlBlocked
avscanIsTrustedSigPublisher
avscanGetFileSignature
BtsSchedule
avldrGetIniRecord
avscanSetPackerBombRanges
avscanEvalSandboxBinaryData
avscanEvalSandboxLog
avscanSetCrashCallback
avscanSetHashCalc
avscanEnableCloudServices
avscanSetCustomUIPopupCallback
avscanEvalInstrumentationDump
avldrLoadEngineAuxModule
avldrGetEngineModuleName

aavmrpch

AavmRpcScanFile
AavmRpcCreateBinding
AavmRpcDestroyBinding
AavmRpcGetVpsProperty
AavmRpcBtsSchedule
AavmRpcIsProductExpired
AavmRpcGetGlobalState
AavmRpcProviderStart
AavmRpcStartShields
AavmRpcStartScan
AavmRpcQueryThreatObjects
AavmRpcGetLastScanDate
AavmRpcProviderStop
AavmRpcStopShields
AavmRpcProviderPause
AavmRpcProviderResume
AavmRpcPauseShields
AavmRpcResumeShields
AavmRpcProviderDataChanged
AavmRpcProviderUpdateConfiguration
AavmRpcGetProviderList
AavmRpcGetProviderInfoList
AavmRpcCheckBlacklistCustomerNo
AavmRpcCheckBlacklistLicenseId
AavmRpcUpgradeEdition
AavmRpcStringDecrypt
AavmRpcOpenClosePwd

ashbase

_basInstallSoundPack@4
_basGetLicenseFile@8
_basSetRegistrationInfo@28
_basSendAutoRegInfo@8
_basGetRegistrationInfo@20
_basGetLicenseContent@20
_basInitThreadLocale@0
_basSubmitFile@36
_basGetProductMarkType@4
_basProductInfo@0
_basGetBaseLang@0
_notFree@0
_notRemEvent@4
_basResPwdClose@0
_basFreeLibrary@0
_notAddEventId@16
_notInit@0
_basResPwdOpen@0
_basInitThreadLocaleExt@4
_basIsComponentInstalled@4
_basInitLibrary@4
_basIsOtherAVInstalled@4
_basGetLanguage@4
_notEventId@8
_basShouldSubmit@4
_basLogEvent2@24
_basGetErrorType@4
_basCreatePath@16
_basGetDWORDValue@12
_basResetToFactorySettings@8
_basWebRepInstallPlugin@4
_basWebRepUninstallPlugin@4
_basAdBlockerInstallPlugin@4
_basAdBlockerUninstallPlugin@4
_basKillSidebar@8
_basNetAlert@16
_basRequestDemoLicenseFile@12
_basRequestARLicense@8
_basRequestUpgradeLicenseFile@8
_basProcessActivationCode@36
_basHttpGet@12
_basGetLicenseFileCommon@12
_basIsGUIDInFraction@4
_strDecrypt@16
_basGenerateExceptionReport@4
_basResPwdFlagsGet@0
_basResPwdFlagsSet@4
_basResPwdSet@4
_basResPwdDeletePassword@0
_basStoreBinaryValue@16
_strCrypt@20
_basResPwdCheck@4
_basResPwdIsEmpty@0
_basStringToSubmitPropertyArray@16
_basImexExportSettings@12
_basSetLicenseFileCommon@12
_basImexImportSettings@8
_basImexUnpackPackage@16
_basReinitLanguage@4
_basDeleteCustomSounds@0
_basGetCurrentProductLicenseInfoEx@32

ashtask

_tskLaunchRepair@8
_tskGetCrashCallback@0
_tskAllocResultW@28
_tskLogResult@12
_tskFreeResult@8
_tskPackerBits@8
_tskProp2VA@12
_tskProcessShieldNetAlertAndReport@16
_tskLogEvent@20
_tskReleaseReport@4
_tskFreeNetAlert@4
_tskConstructVirusInfoStringW@4
_tskGetResultFileName@20
_tskFreeResultFileName@16
_tskDestructVirusInfoString@4
_tskAllocResultO@28
_tskVirusAction@4
_tskPrepareFalsePositiveSubmit@8
_tskDestructFalsePositiveSubmit@4
_tskLaunchSyncer@20
_tskGetFileUrlAndHash@36
_tskFileTrezor@16
_tskLogSuspiciousAction@32
_tskIsFileHashExcluded@16
_tskChangeExcludedHash@16
_tskInitActionContext@8
_tskFreeActionContext@4
_tskAddNetAlert@8
_tskGetHeurCallback@0

msvcr110

_CxxThrowException
memcpy
strerror
ldiv
realloc
_except_handler3
_local_unwind4
strncmp
_wctime64
memset
__clean_type_info_names_internal
_except_handler4_common
_initterm_e
_initterm
_malloc_crt
_amsg_exit
__CppXcptFilter
__CxxFrameHandler3
??1type_info@@UAE@XZ
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
?terminate@@YAXXZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
wprintf
memchr
??3@YAXPAX@Z
??2@YAPAXI@Z
memmove
??_V@YAXPAX@Z
wcsrchr
_wcsicmp
sprintf
wcsncpy
_wfopen
fwrite
fclose
free
_time64
_vsnwprintf
malloc
strchr
isdigit
wcschr
strncpy
swprintf_s
_wcsnicmp
wcsstr
??_U@YAPAXI@Z
_snwprintf
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABQBDH@Z
iswalpha
wcsncmp
wcscpy_s
_snprintf
??0exception@std@@QAE@ABV01@@Z
_wtoi64
_i64tow
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
srand
rand
wcsncpy_s
wcstoul
_itow
_wcsdup
_wtoi
??0exception@std@@QAE@XZ
__iob_func
fflush
fprintf
vswprintf_s
swscanf
_localtime64
wcsftime
_wcsupr
_vsnwprintf_s
toupper
_memicmp
_wcsrev
_difftime64

msvcp110

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Add_vtordisp1@?$basic_ios@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PBX@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
?endl@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@AAV21@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_K@Z
?wcerr@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
_Mtx_destroy
_Mtx_unlock
_Mtx_lock
_Mtx_init
?_Throw_C_error@std@@YAXH@Z
?_Winerror_map@std@@YAPBDH@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAH@Z
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W00@Z
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W0@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?_Add_vtordisp2@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Add_vtordisp1@?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?_Add_vtordisp2@?$basic_ostream@DU?$char_traits@D@std@@@std@@UAEXXZ
??_7_Facet_base@std@@6B@
??_7facet@locale@std@@6B@
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?_Getcat@?$codecvt@_WDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$codecvt@_WDH@std@@2V0locale@2@A
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
??0?$codecvt@_WDH@std@@QAE@I@Z
?out@?$codecvt@_WDH@std@@QBEHAAHPB_W1AAPB_WPAD3AAPAD@Z
?in@?$codecvt@_WDH@std@@QBEHAAHPBD1AAPBDPA_W3AAPA_W@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??_7?$codecvt@_WDH@std@@6B@
??_7codecvt_base@std@@6B@
?_BADOFF@std@@3_JB
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
??Bid@locale@std@@QAEIXZ
?id@?$ctype@_W@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE_N_N@Z
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Incref@facet@locale@std@@UAEXXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?uncaught_exception@std@@YA_NXZ
?_Syserror_map@std@@YAPBDH@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Xbad_alloc@std@@YAXXZ

aswcmnis

MD5Update
MD5Init
MD5Final

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

winhttp

WinHttpOpen
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpCloseHandle
WinHttpSetStatusCallback
WinHttpQueryOption
WinHttpConnect

Exports

Exports

?CleanFreeSpace@@YAHPB_WKKHHHH@Z
?DiskReadBenchmark@@YAKPB_WPAMKK@Z
?GetATAdiskInfo@@YAKPB_WPAKPAH@Z
?ShredFileList@@YAHPAPAXPB_WKK1@Z
?ShredPartition@@YAHPAPAXPB_WKK@Z
?StopShredder@@YAHXZ
AavmARCVncServerStarted
AavmARCVncServerStopped
AavmAccounPairDevice
AavmAswRdrChangePid
AavmBootJumpShot
AavmBtsSchedule
AavmCallVirusWarnMessage
AavmCheckBlacklistCustomerNo
AavmCheckBlacklistLicenseId
AavmCheckBoot
AavmCheckBootDlg
AavmCheckExecFile
AavmCheckExecFileDlg
AavmCheckFile
AavmCheckFileDlg
AavmCheckFileDlgSpecifyProcessID
AavmCheckRecvFile
AavmCheckRecvFileDlg
AavmCheckRecvFileDlgSpecifyProcessID
AavmCleanFile
AavmCloseScanEngineHandle
AavmCreateDispBinding
AavmDecreaseDispInitCount
AavmDecreaseProcessPriority
AavmDeleteFile
AavmDestroyDispBinding
AavmDetectionsHaveChanged
AavmDisableSelfDefense
AavmDoKillProcess
AavmDoQuarantineFile
AavmExecuteCommand
AavmFirewallGetStatus
AavmFirewallStart
AavmFirewallStop
AavmFormatError
AavmFormatExResName
AavmFormatExResNameEx
AavmFreeAutorunTargets
AavmGetAutorunTargets
AavmGetAvastAccountStatusPackage
AavmGetBankingSite
AavmGetConnectorSessionId
AavmGetCurrNetAddress
AavmGetDispInitCount
AavmGetDllCachePath
AavmGetEngineHandle
AavmGetExResName
AavmGetExResNameEx
AavmGetGlobalState
AavmGetInteractiveSessionId
AavmGetLastScanDate
AavmGetMetroMode
AavmGetObjectNamePrefix
AavmGetProductInfo
AavmGetProductMarkType
AavmGetProviderFromName
AavmGetProviderInfoList
AavmGetProviderList
AavmGetProviderName
AavmGetProviderStatus
AavmGetScannerExtensionsDllPath
AavmGetSilentMode
AavmGetSiteCorrectEntry
AavmGetUserDefaultLCID
AavmGetVpsFileTime
AavmGetVpsInfo
AavmGetVpsProperty
AavmHasSystemRestoreCorruptedAvast
AavmIncreaseDispInitCount
AavmIncreaseProcessPriority
AavmInfoMessageWindowThread
AavmIsFileSignedByTrustedPublisherW
AavmIsFileTrusted
AavmIsInfectionInsideSandbox
AavmIsProductExpired
AavmIsUrlBlocked
AavmJumpShotCreateCD
AavmJumpShotCreateUSB
AavmJumpShotInfoMessage
AavmJumpshotGetCdDevices
AavmJumpshotGetScanFrequency
AavmJumpshotGetUsbDevices
AavmJumpshotRebootCheck
AavmJumpshotRequestToken
AavmJumpshotStoreToken
AavmJumpshotWindowsUpdatePending
AavmLogReportResult
AavmLogSuspiciousAction
AavmMailCertificateWarning
AavmNotifyInf
AavmOfferAutoSandbox
AavmPauseShields
AavmPlaySound
AavmProcessIdToProcessName
AavmProviderCallGui
AavmProviderDataChanged
AavmProviderDeregister
AavmProviderPause
AavmProviderRegister
AavmProviderResume
AavmProviderStart
AavmProviderStatusChanged
AavmProviderStop
AavmProviderUpdateConfiguration
AavmPurgeOldVpsFolders
AavmQueryInfectedObject
AavmRefreshGlobalSettings
AavmRegisterIniChangeNotification
AavmReleaseScanResult
AavmReportCertificates
AavmReportOffender
AavmResolveAddress
AavmResumeShields
AavmRpcGetInsertLicenseState
AavmRpcInsertLicenseFile
AavmRpcInsertLicenseFileAsync
AavmRunConsentApp
AavmScanFile
AavmSetComponentStateToNotUpToDate
AavmSetConnectorSessionId
AavmSetDataRefreshRate
AavmSetExtendedLoggingStatus
AavmSetGlobalStateChangeNotifyRoutine
AavmSetIniFileChangeCallback
AavmSetSensitivityOnScanHandle
AavmSetShutdownState
AavmSetSilentMode
AavmShowFileRepOnDownloadQuestion
AavmShowHardenedDialog
AavmShowIconBalloonViaDisp
AavmShowInstallLatestAppScreen
AavmShowMessage
AavmShowMetroPopup
AavmShowPopupMessage
AavmShowPopupQuestion
AavmShowPopupScreen
AavmShowRemoteContentScreen
AavmShowSnxInfoPopup
AavmShowSnxScanCompleteClean
AavmShowSnxScanCompleteMalware
AavmShowSnxScanStarted
AavmShowUnsecureWifiNotification
AavmSpamChangeEmailsList
AavmSpamCheck
AavmSpamFree
AavmSpamGetEmailsList
AavmSpamInit
AavmSpamReloadOptions
AavmSpamSetOption
AavmStart
AavmStartJumpShot
AavmStartJumpShotOnDemandScan
AavmStartOfferTool
AavmStartScan
AavmStartShields
AavmStop
AavmStopJumpShot
AavmStopShields
AavmStringDecrypt
AavmSwitchAvastLanguage
AavmSwitchToSafezone
AavmTransferDataBlock
AavmUnregisterIniChangeNotification
AavmUpdateAndShowInfo
AavmUpdateScanEngineHandle
AavmUpdateWscStatus
AavmUpgradeEdition
DoScanDuringAutorun
FilterComm_Send
FilterComm_ThreadReady
MyAavmGuiProviderStateChanged
MyAavmGuiRunningProvidersChanged
WsCallGui
aavmFltCheckMgrService
aavmFltIsPresent
gsh_dwLastScanTick
x_ProviderDataChanged

Sections

.text
Size: 705KB - Virtual size: 705KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 389KB - Virtual size: 389KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Archive installation/aavm4h.dll.sum
Archive installation/config.json
Archive installation/screenhooks32.dll
.dll windows:5 windows x86 arch:x86

a202527818a634ec0bdda1dcdc6899ca

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:9f:ed:ed:cb:79:5b:8d:ed:32:0c:89:19:f0:36:89
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21/05/2013, 00:00

Not After

04/06/2014, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0e:f5:ec:a7:bd:31:cf:c3:a7:f8:e6:25:9b:42:33:59
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

12/07/2013, 00:00

Not After

14/09/2016, 12:00

Subject

CN=AVAST Software a.s.,O=AVAST Software a.s.,L=Praha 4,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8d:45:61:c2:13:2e:99:fc:3d:08:52:bb:9a:41:4a:0e:cc:73:37:95
Signer

Actual PE Digest

8d:45:61:c2:13:2e:99:fc:3d:08:52:bb:9a:41:4a:0e:cc:73:37:95

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Workspace\Dev-RemoteAssistance-A2014\BUILDS\Release\x86\screenhooks32.pdb

Imports

user32

ClientToScreen
GetWindowRect
PostMessageW
CallNextHookEx
GetClientRect
SetWindowsHookExW
RegisterWindowMessageW
UnhookWindowsHookEx
GetSystemMetrics

msvcp110

?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z

msvcr110

??3@YAXPAX@Z
??2@YAPAXI@Z
memmove
free
malloc
realloc
_CxxThrowException
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
__CxxFrameHandler3
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
?terminate@@YAXXZ
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
__clean_type_info_names_internal
_except_handler4_common
??1type_info@@UAE@XZ
_initterm_e

kernel32

DecodePointer
EncodePointer
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent

Exports

Exports

setHook
unsetHook

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Archive installation/snxhk.dll
.dll windows:5 windows x86 arch:x86

79d1bfa0b67873e0e14997c225c863f3

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:9f:ed:ed:cb:79:5b:8d:ed:32:0c:89:19:f0:36:89
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21/05/2013, 00:00

Not After

04/06/2014, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0e:f5:ec:a7:bd:31:cf:c3:a7:f8:e6:25:9b:42:33:59
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

12/07/2013, 00:00

Not After

14/09/2016, 12:00

Subject

CN=AVAST Software a.s.,O=AVAST Software a.s.,L=Praha 4,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:e3:11:82:2e:63:8e:df:d0:ba:cd:d7:17:d3:40:f4:7e:49:2e:8b
Signer

Actual PE Digest

90:e3:11:82:2e:63:8e:df:d0:ba:cd:d7:17:d3:40:f4:7e:49:2e:8b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Avast900\src\BUILDS\Release\x86\snxhk.pdb

Imports

kernel32

InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
VirtualProtect
VirtualAlloc
VirtualFree
GetModuleHandleW
DeviceIoControl
OpenThread
CreateEventW
CreateThread
SetLastError
GetLastError
GetTickCount
GetCurrentProcessId
OutputDebugStringW
OpenProcess
GetProcessTimes
CloseHandle
GetThreadTimes
GlobalAddAtomW
FindResourceW
FindResourceA
LoadResource
LockResource
LoadLibraryW
SetEvent
GetModuleFileNameW
GetSystemTimeAsFileTime
ExpandEnvironmentStringsW
CreateProcessW
Sleep
WaitForSingleObject
GetModuleFileNameA
CreateFileW
SetThreadPriority
GetProcAddress
FreeLibrary
GetEnvironmentVariableW
InitializeCriticalSectionAndSpinCount
GetACP
TerminateProcess
EncodePointer
DecodePointer
HeapAlloc
HeapFree
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
RaiseException
RtlUnwind
InterlockedDecrement
ExitProcess
GetModuleHandleExW
HeapSize
GetStdHandle
WriteFile
GetProcessHeap
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
InterlockedIncrement
IsValidCodePage
GetOEMCP
GetCPInfo
GetStringTypeW
GetFileType
DeleteCriticalSection
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW
HeapReAlloc
LCMapStringW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW

Exports

Exports

SnxHk_InstallHook
SnxHk_UninstallHook

Sections

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Archive installation/ssleay32.dll
.dll windows:6 windows x86 arch:x86

189517c8449cc2ffa8f472ea7708ca1c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

a:\Sources\Playground\SDK\VS 2012\openssl\1.0.1g\vanilla\out32dll\ssleay32.pdb

Imports

libeay32

ord188
ord181
ord52
ord85
ord490
ord252
ord222
ord3873
ord2630
ord2821
ord3109
ord269
ord290
ord281
ord641
ord754
ord857
ord654
ord2206
ord2201
ord911
ord3906
ord493
ord3836
ord289
ord464
ord3245
ord3244
ord3844
ord2936
ord323
ord3841
ord3874
ord1202
ord2894
ord3067
ord961
ord89
ord109
ord3896
ord3879
ord3239
ord170
ord909
ord912
ord66
ord111
ord110
ord151
ord123
ord118
ord120
ord128
ord2760
ord495
ord498
ord4540
ord202
ord203
ord201
ord219
ord3837
ord3899
ord3883
ord276
ord274
ord256
ord3315
ord2927
ord285
ord4119
ord4430
ord4233
ord4474
ord4369
ord4245
ord1070
ord4488
ord3695
ord3570
ord2924
ord2929
ord3010
ord3178
ord2578
ord3663
ord3422
ord3729
ord3575
ord3512
ord3608
ord3459
ord3480
ord3550
ord3666
ord3644
ord866
ord635
ord2747
ord2784
ord2572
ord964
ord965
ord3489
ord907
ord87
ord486
ord497
ord484
ord205
ord206
ord216
ord363
ord2712
ord2925
ord3165
ord268
ord333
ord316
ord282
ord4125
ord4262
ord4164
ord1071
ord2877
ord3711
ord3682
ord3719
ord577
ord763
ord572
ord4046
ord481
ord3528
ord3418
ord1096
ord1097
ord78
ord95
ord3816
ord3888
ord3891
ord2589
ord2915
ord1144
ord1145
ord3823
ord3846
ord2292
ord1081
ord187
ord623
ord622
ord679
ord3857
ord267
ord503
ord1012
ord3631
ord3479
ord3664
ord3737
ord3633
ord3675
ord341
ord176
ord266
ord264
ord3314
ord3312
ord3313
ord541
ord3925
ord3922
ord3124
ord2702
ord2898
ord4144
ord4372
ord3782
ord2400
ord4174
ord3866
ord313
ord3724
ord3767
ord3758
ord3704
ord3647
ord3365
ord3766
ord3460
ord4114
ord3783
ord3454
ord3394
ord3754
ord1655
ord914
ord1041
ord1027
ord1025
ord1004
ord1007
ord1005
ord3826
ord53
ord67
ord65
ord74
ord98
ord58
ord892
ord890
ord897
ord2257
ord248
ord364
ord4331
ord4513
ord1010
ord629
ord626
ord628
ord630
ord3437
ord3527
ord3378
ord3610
ord3414
ord3495
ord3399
ord3559
ord575
ord636
ord2051
ord2478
ord246
ord3657
ord3396
ord93
ord1100
ord1023
ord2524
ord3505
ord3595
ord657
ord401
ord891
ord887
ord889
ord4045
ord2475
ord368
ord370
ord367
ord369
ord1671
ord189
ord1147
ord314
ord315
ord4383
ord4320
ord956
ord750
ord3205
ord279
ord283
ord748
ord280
ord774
ord751
ord2181
ord1959
ord400
ord399
ord3513
ord716
ord822
ord718
ord824
ord8
ord7
ord3700
ord32
ord3623
ord37
ord35
ord703
ord1091
ord88
ord2426
ord86
ord680
ord1101
ord299
ord304
ord329
ord318
ord325
ord959
ord4601
ord3155
ord2996
ord4615
ord4637
ord4656
ord3795
ord3807
ord3914
ord292
ord293
ord2252
ord91
ord955
ord225
ord247
ord125
ord129
ord4572
ord4580
ord4576
ord4570
ord4578
ord4582
ord4573
ord4577
ord4581
ord4575
ord4584
ord903
ord910
ord904
ord901
ord905
ord2411
ord1653
ord1654
ord168
ord167
ord1011
ord169

msvcr110

__CppXcptFilter
_amsg_exit
free
_malloc_crt
_initterm
_initterm_e
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
__clean_type_info_names_internal
_except_handler4_common
_errno
strchr
_ftime64
strncmp
strncpy
fprintf
__iob_func
memmove
memset
memcpy
_time64
abort

kernel32

GetLastError
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
SetLastError

Exports

Exports

BIO_f_ssl
BIO_new_buffer_ssl_connect
BIO_new_ssl
BIO_new_ssl_connect
BIO_ssl_copy_session_id
BIO_ssl_shutdown
DTLSv1_client_method
DTLSv1_method
DTLSv1_server_method
ERR_load_SSL_strings
PEM_read_SSL_SESSION
PEM_read_bio_SSL_SESSION
PEM_write_SSL_SESSION
PEM_write_bio_SSL_SESSION
SRP_Calc_A_param
SRP_generate_client_master_secret
SRP_generate_server_master_secret
SSL_CIPHER_description
SSL_CIPHER_get_bits
SSL_CIPHER_get_id
SSL_CIPHER_get_name
SSL_CIPHER_get_version
SSL_COMP_add_compression_method
SSL_COMP_get_compression_methods
SSL_COMP_get_name
SSL_CTX_SRP_CTX_free
SSL_CTX_SRP_CTX_init
SSL_CTX_add_client_CA
SSL_CTX_add_session
SSL_CTX_callback_ctrl
SSL_CTX_check_private_key
SSL_CTX_ctrl
SSL_CTX_flush_sessions
SSL_CTX_free
SSL_CTX_get_cert_store
SSL_CTX_get_client_CA_list
SSL_CTX_get_client_cert_cb
SSL_CTX_get_ex_data
SSL_CTX_get_ex_new_index
SSL_CTX_get_info_callback
SSL_CTX_get_quiet_shutdown
SSL_CTX_get_timeout
SSL_CTX_get_verify_callback
SSL_CTX_get_verify_depth
SSL_CTX_get_verify_mode
SSL_CTX_load_verify_locations
SSL_CTX_new
SSL_CTX_remove_session
SSL_CTX_sess_get_get_cb
SSL_CTX_sess_get_new_cb
SSL_CTX_sess_get_remove_cb
SSL_CTX_sess_set_get_cb
SSL_CTX_sess_set_new_cb
SSL_CTX_sess_set_remove_cb
SSL_CTX_sessions
SSL_CTX_set1_param
SSL_CTX_set_cert_store
SSL_CTX_set_cert_verify_callback
SSL_CTX_set_cipher_list
SSL_CTX_set_client_CA_list
SSL_CTX_set_client_cert_cb
SSL_CTX_set_client_cert_engine
SSL_CTX_set_cookie_generate_cb
SSL_CTX_set_cookie_verify_cb
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_set_default_verify_paths
SSL_CTX_set_ex_data
SSL_CTX_set_generate_session_id
SSL_CTX_set_info_callback
SSL_CTX_set_msg_callback
SSL_CTX_set_next_proto_select_cb
SSL_CTX_set_next_protos_advertised_cb
SSL_CTX_set_psk_client_callback
SSL_CTX_set_psk_server_callback
SSL_CTX_set_purpose
SSL_CTX_set_quiet_shutdown
SSL_CTX_set_session_id_context
SSL_CTX_set_srp_cb_arg
SSL_CTX_set_srp_client_pwd_callback
SSL_CTX_set_srp_password
SSL_CTX_set_srp_strength
SSL_CTX_set_srp_username
SSL_CTX_set_srp_username_callback
SSL_CTX_set_srp_verify_param_callback
SSL_CTX_set_ssl_version
SSL_CTX_set_timeout
SSL_CTX_set_tlsext_use_srtp
SSL_CTX_set_tmp_dh_callback
SSL_CTX_set_tmp_ecdh_callback
SSL_CTX_set_tmp_rsa_callback
SSL_CTX_set_trust
SSL_CTX_set_verify
SSL_CTX_set_verify_depth
SSL_CTX_use_PrivateKey
SSL_CTX_use_PrivateKey_ASN1
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_RSAPrivateKey
SSL_CTX_use_RSAPrivateKey_ASN1
SSL_CTX_use_RSAPrivateKey_file
SSL_CTX_use_certificate
SSL_CTX_use_certificate_ASN1
SSL_CTX_use_certificate_chain_file
SSL_CTX_use_certificate_file
SSL_CTX_use_psk_identity_hint
SSL_SESSION_free
SSL_SESSION_get0_peer
SSL_SESSION_get_compress_id
SSL_SESSION_get_ex_data
SSL_SESSION_get_ex_new_index
SSL_SESSION_get_id
SSL_SESSION_get_time
SSL_SESSION_get_timeout
SSL_SESSION_new
SSL_SESSION_print
SSL_SESSION_print_fp
SSL_SESSION_set1_id_context
SSL_SESSION_set_ex_data
SSL_SESSION_set_time
SSL_SESSION_set_timeout
SSL_SRP_CTX_free
SSL_SRP_CTX_init
SSL_accept
SSL_add_client_CA
SSL_add_dir_cert_subjects_to_stack
SSL_add_file_cert_subjects_to_stack
SSL_alert_desc_string
SSL_alert_desc_string_long
SSL_alert_type_string
SSL_alert_type_string_long
SSL_cache_hit
SSL_callback_ctrl
SSL_check_private_key
SSL_clear
SSL_connect
SSL_copy_session_id
SSL_ctrl
SSL_do_handshake
SSL_dup
SSL_dup_CA_list
SSL_export_keying_material
SSL_free
SSL_get0_next_proto_negotiated
SSL_get1_session
SSL_get_SSL_CTX
SSL_get_certificate
SSL_get_cipher_list
SSL_get_ciphers
SSL_get_client_CA_list
SSL_get_current_cipher
SSL_get_current_compression
SSL_get_current_expansion
SSL_get_default_timeout
SSL_get_error
SSL_get_ex_data
SSL_get_ex_data_X509_STORE_CTX_idx
SSL_get_ex_new_index
SSL_get_fd
SSL_get_finished
SSL_get_info_callback
SSL_get_peer_cert_chain
SSL_get_peer_certificate
SSL_get_peer_finished
SSL_get_privatekey
SSL_get_psk_identity
SSL_get_psk_identity_hint
SSL_get_quiet_shutdown
SSL_get_rbio
SSL_get_read_ahead
SSL_get_rfd
SSL_get_selected_srtp_profile
SSL_get_servername
SSL_get_servername_type
SSL_get_session
SSL_get_shared_ciphers
SSL_get_shutdown
SSL_get_srp_N
SSL_get_srp_g
SSL_get_srp_userinfo
SSL_get_srp_username
SSL_get_srtp_profiles
SSL_get_ssl_method
SSL_get_verify_callback
SSL_get_verify_depth
SSL_get_verify_mode
SSL_get_verify_result
SSL_get_version
SSL_get_wbio
SSL_get_wfd
SSL_has_matching_session_id
SSL_library_init
SSL_load_client_CA_file
SSL_load_error_strings
SSL_new
SSL_peek
SSL_pending
SSL_read
SSL_renegotiate
SSL_renegotiate_abbreviated
SSL_renegotiate_pending
SSL_rstate_string
SSL_rstate_string_long
SSL_select_next_proto
SSL_set1_param
SSL_set_SSL_CTX
SSL_set_accept_state
SSL_set_bio
SSL_set_cipher_list
SSL_set_client_CA_list
SSL_set_connect_state
SSL_set_debug
SSL_set_ex_data
SSL_set_fd
SSL_set_generate_session_id
SSL_set_info_callback
SSL_set_msg_callback
SSL_set_psk_client_callback
SSL_set_psk_server_callback
SSL_set_purpose
SSL_set_quiet_shutdown
SSL_set_read_ahead
SSL_set_rfd
SSL_set_session
SSL_set_session_id_context
SSL_set_session_secret_cb
SSL_set_session_ticket_ext
SSL_set_session_ticket_ext_cb
SSL_set_shutdown
SSL_set_srp_server_param
SSL_set_srp_server_param_pw
SSL_set_ssl_method
SSL_set_state
SSL_set_tlsext_use_srtp
SSL_set_tmp_dh_callback
SSL_set_tmp_ecdh_callback
SSL_set_tmp_rsa_callback
SSL_set_trust
SSL_set_verify
SSL_set_verify_depth
SSL_set_verify_result
SSL_set_wfd
SSL_shutdown
SSL_srp_server_param_with_username
SSL_state
SSL_state_string
SSL_state_string_long
SSL_use_PrivateKey
SSL_use_PrivateKey_ASN1
SSL_use_PrivateKey_file
SSL_use_RSAPrivateKey
SSL_use_RSAPrivateKey_ASN1
SSL_use_RSAPrivateKey_file
SSL_use_certificate
SSL_use_certificate_ASN1
SSL_use_certificate_file
SSL_use_psk_identity_hint
SSL_version
SSL_want
SSL_write
SSLv23_client_method
SSLv23_method
SSLv23_server_method
SSLv2_client_method
SSLv2_method
SSLv2_server_method
SSLv3_client_method
SSLv3_method
SSLv3_server_method
TLSv1_1_client_method
TLSv1_1_method
TLSv1_1_server_method
TLSv1_2_client_method
TLSv1_2_method
TLSv1_2_server_method
TLSv1_client_method
TLSv1_method
TLSv1_server_method
d2i_SSL_SESSION
i2d_SSL_SESSION
ssl2_ciphers
ssl3_ciphers

Sections

.text
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Archive installation/version.dll
.dll windows:5 windows x86 arch:x86

07b6fd76ed50a985b01f43df40da82e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
HeapSize
LoadLibraryA
VirtualProtect
ExitProcess
FreeLibrary
HeapCreate
lstrcatA
DisableThreadLibraryCalls
CloseHandle
WriteConsoleW
SetFilePointerEx
HeapFree
GetSystemDirectoryA
HeapAlloc
SetStdHandle
GetConsoleMode
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
GetLastError
SetLastError
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
GetModuleHandleExW
MultiByteToWideChar
GetProcessHeap
GetStdHandle
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
Sleep
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WriteFile
GetModuleFileNameW
LoadLibraryExW
RtlUnwind
HeapReAlloc
GetStringTypeW
OutputDebugStringW
LoadLibraryW
LCMapStringW
FlushFileBuffers
GetConsoleCP
CreateFileW
LoadLibraryA
GetProcAddress
GetLastError
FreeLibrary
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleW
TerminateProcess
GetCurrentProcess
DeleteCriticalSection
LoadLibraryW
CreateEventW
CompareStringW
SetLastError
GetModuleHandleA
VirtualProtect
GetTickCount
EnterCriticalSection
LeaveCriticalSection
VirtualFree
VirtualAlloc
WriteProcessMemory
CreateToolhelp32Snapshot
GetCurrentProcessId
GetCurrentThreadId
Thread32First
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
GetSystemInfo
LoadResource
MultiByteToWideChar
WideCharToMultiByte
FindResourceExW
FindResourceExA
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
GetSystemTime
GetLocalTime
SystemTimeToFileTime
CompareFileTime
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
RaiseException
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RtlUnwind
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
VirtualQuery
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

wsprintfA
MessageBoxA
MessageBoxW
CharUpperBuffW

advapi32

RegOpenKeyExA
RegSetValueExA
RegCloseKey

Exports

Exports

GetFileVersionInfoA
GetFileVersionInfoByHandle
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

HookStub
Size: - Virtual size: 144B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ZeNiX0
Size: - Virtual size: 618KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ZeNiX1
Size: 677KB - Virtual size: 677KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: crackpass

Password: crackpass

Password: crackpass

7f66b15141d8f2e4679d8b1c52184e46

Code Sign

61:20:4d:b4:00:00:00:00:00:27Certificate

Key Usages

03:9f:ed:ed:cb:79:5b:8d:ed:32:0c:89:19:f0:36:89Certificate

Extended Key Usages

Key Usages

0e:f5:ec:a7:bd:31:cf:c3:a7:f8:e6:25:9b:42:33:59Certificate

Extended Key Usages

Key Usages

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5fCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

4b:7e:4d:32:be:4f:16:11:d6:ca:a1:e0:3e:8e:b6:a8:ce:3b:27:d5Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

kernel32

advapi32

msvcr110

msvcp110

Exports

Exports

Sections

.text Size: 119KB - Virtual size: 119KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 11KB

Password: crackpass

f7f291b80d7db7994c7e4d25d04561db

Code Sign

61:20:4d:b4:00:00:00:00:00:27Certificate

Key Usages

03:9f:ed:ed:cb:79:5b:8d:ed:32:0c:89:19:f0:36:89Certificate

Extended Key Usages

Key Usages

0e:f5:ec:a7:bd:31:cf:c3:a7:f8:e6:25:9b:42:33:59Certificate

Extended Key Usages

Key Usages

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5fCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

8b:48:8b:3d:8f:ee:04:ca:28:14:11:40:d7:3d:da:cd:58:88:f1:d7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 85KB - Virtual size: 84KB

.rdata Size: 38KB - Virtual size: 38KB

.data Size: 5KB - Virtual size: 18KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 20KB - Virtual size: 19KB

61:20:4d:b4:00:00:00:00:00:27
Certificate

03:9f:ed:ed:cb:79:5b:8d:ed:32:0c:89:19:f0:36:89
Certificate

0e:f5:ec:a7:bd:31:cf:c3:a7:f8:e6:25:9b:42:33:59
Certificate

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

4b:7e:4d:32:be:4f:16:11:d6:ca:a1:e0:3e:8e:b6:a8:ce:3b:27:d5
Signer

.text
Size: 119KB - Virtual size: 119KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 11KB

61:20:4d:b4:00:00:00:00:00:27
Certificate

03:9f:ed:ed:cb:79:5b:8d:ed:32:0c:89:19:f0:36:89
Certificate

0e:f5:ec:a7:bd:31:cf:c3:a7:f8:e6:25:9b:42:33:59
Certificate

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

8b:48:8b:3d:8f:ee:04:ca:28:14:11:40:d7:3d:da:cd:58:88:f1:d7
Signer

.text
Size: 85KB - Virtual size: 84KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 5KB - Virtual size: 18KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 20KB - Virtual size: 19KB

61:20:4d:b4:00:00:00:00:00:27
Certificate

03:9f:ed:ed:cb:79:5b:8d:ed:32:0c:89:19:f0:36:89
Certificate

0e:f5:ec:a7:bd:31:cf:c3:a7:f8:e6:25:9b:42:33:59
Certificate

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

df:ae:50:d8:29:d5:6f:a0:8b:33:1c:43:0d:6e:7f:7d:09:c5:a4:a8
Signer

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 1024B - Virtual size: 8KB

.sdata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 2KB - Virtual size: 2KB

61:20:4d:b4:00:00:00:00:00:27
Certificate

03:9f:ed:ed:cb:79:5b:8d:ed:32:0c:89:19:f0:36:89
Certificate

0e:f5:ec:a7:bd:31:cf:c3:a7:f8:e6:25:9b:42:33:59
Certificate

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

85:0a:9b:95:bf:29:9e:e5:06:97:a5:fb:0f:ba:d2:2d:fc:14:49:eb
Signer