!@uncherrr![.]zip

Resubmissions

09/08/2024, 16:45

240809-t9vj2swhrc 10

09/08/2024, 16:16

240809-tq4zdasfmk 10

Sharing

Copy URL Twitter E-mail

General

Target

!@uncherrr!.zip
Size

8.7MB
MD5

9bb52e5c7ed736e4f9a5452c85e08ba9
SHA1

39cc5dd3ce8597a9b774f85f3f23187341fe658a
SHA256

7078f23e3d24f2d72e83bdf10212b2c47ba7d5c5dbe057846ac65d4ff5777e61
SHA512

79210376aa78ed3bda0ea35f0238a51f955aeadefc297eee236daecef1c5ea99968a19f7a199f1e5f85c17189c269d6f1d8cdac304e0fe91469b01311cb05986
SSDEEP

196608:uG2yHo772+hlDcDiJ7KWD8SFbHn2KTNjgKJlo5LZii+iAysbXTjQWx:uGzHorl35QSBHlN9PoFZii+iAysbXwWx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/[email protected]

Files

!@uncherrr!.zip
.zip

Password: 1885
!!Pa$$w0rd - 1885.txt
[email protected]
.rar

Password: 1885
[email protected]
.exe windows:6 windows x64 arch:x64

Password: 1885

5929190c8765f5bc37b052ab5c6c53e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateFileA
CreateIoCompletionPort
CreateMutexA
CreateSemaphoreA
CreateThread
CreateWaitableTimerExW
DeleteAtom
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FindAtomA
FormatMessageA
FreeEnvironmentStringsW
GetAtomNameA
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetErrorMode
GetHandleInformation
GetLastError
GetProcAddress
GetProcessAffinityMask
GetQueuedCompletionStatusEx
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
LocalFree
MultiByteToWideChar
OpenProcess
OutputDebugStringA
PostQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
RaiseFailFastException
ReleaseMutex
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
SetConsoleCtrlHandler
SetErrorMode
SetEvent
SetLastError
SetProcessAffinityMask
SetProcessPriorityBoost
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SuspendThread
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WerGetFlags
WerSetFlags
WideCharToMultiByte
WriteConsoleW
WriteFile
__C_specific_handler

msvcrt

___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthread
_beginthreadex
_cexit
_commode
_endthreadex
_errno
_fmode
_initterm
_lock
_memccpy
_onexit
_setjmp
_strdup
_ultoa
_unlock
abort
calloc
exit
fprintf
fputc
free
fwrite
localeconv
longjmp
malloc
memcpy
memmove
memset
printf
realloc
signal
strerror
strlen
strncmp
vfprintf
wcslen

Exports

Exports

_cgo_dummy_export

Sections

.text
Size: 11.2MB - Virtual size: 11.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 428KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 18.5MB - Virtual size: 18.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 368KB - Virtual size: 367KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 428KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 78B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 219KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I@uncherr/VBoxGuestPropSvc.dll
.dll windows:6 windows x64 arch:x64

Password: 1885

53177fed01c045adb2577e1675017230

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:56:a7:8c:a6:27:da:33:7f:d1:3b:c5:ac:17:2e:34:79:fb:f6:e3:35:c3:29:5c:5f:16:b8:22:6a:fd:d3:92
Signer

Actual PE Digest

0a:56:a7:8c:a6:27:da:33:7f:d1:3b:c5:ac:17:2e:34:79:fb:f6:e3:35:c3:29:5c:5f:16:b8:22:6a:fd:d3:92

Digest Algorithm

sha256

PE Digest Matches

true

1a:05:9d:f8:75:38:56:2d:e3:55:46:41:e9:3d:a5:65:69:54:38:d0
Signer

Actual PE Digest

1a:05:9d:f8:75:38:56:2d:e3:55:46:41:e9:3d:a5:65:69:54:38:d0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\tinderboxa\win-7.0\out\win.amd64\release\obj\VBoxGuestPropSvc\VBoxGuestPropSvc.pdb

Imports

vcruntime140

__std_exception_copy
__std_type_info_destroy_list
memcpy
memchr
_CxxThrowException
__std_exception_destroy
__C_specific_handler
memset

vcruntime140_1

__CxxFrameHandler4

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

vboxrt

RTStrToUInt64
RTStrSpaceInsert
RTStrSpaceRemove
RTStrSpaceGet
RTStrSpaceDestroy
RTStrSpaceEnumerate
RTBldCfgRevisionStr
RTMemAllocTag
RTStrCmp
??0RTCString@@QEAA@XZ
??0RTCString@@QEAA@AEBV0@@Z
??0RTCString@@QEAA@PEBD@Z
??1RTCString@@UEAA@XZ
??4RTCString@@QEAAAEAV0@AEBV0@@Z
?assignNoThrow@RTCString@@QEAAHAEBV1@@Z
RTStrSimplePatternMultiMatch
?c_str@RTCString@@QEBAPEBDXZ
?isEmpty@RTCString@@QEBA_NXZ
RTThreadCreate
RTThreadWait
RTTimeNow
RTReqQueueCreate
RTReqQueueDestroy
RTReqQueueProcess
RTStrPrintf
RTReqQueueCallEx
RTReqRelease
RTStrFormatU64
RTStrFormatNumber
RTStrStartsWith
RTStrValidateEncodingEx
RTLogLoggerEx
RTLogRelGetDefaultInstanceEx
?assignNoThrow@RTCString@@QEAAHPEBD@Z
RTStrNICmpAscii
RTMemFree
RTReqQueueCall

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_execute_onexit_table
_initterm_e
_initterm
_cexit
_seh_filter_dll

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

kernel32

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetSystemTimeAsFileTime

Exports

Exports

VBoxHGCMSvcLoad

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I@uncherr/VBoxHeadless.dll
.dll windows:6 windows x64 arch:x64

Password: 1885

1b02061dd7509ca2db3bb312c5242bce

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b5:51:9f:f5:e6:1e:58:78:ee:4c:f0:f8:59:d2:e4:39:27:aa:50:e3:9d:dd:10:4e:76:2e:74:be:34:50:0a:ae
Signer

Actual PE Digest

b5:51:9f:f5:e6:1e:58:78:ee:4c:f0:f8:59:d2:e4:39:27:aa:50:e3:9d:dd:10:4e:76:2e:74:be:34:50:0a:ae

Digest Algorithm

sha256

PE Digest Matches

true

bb:44:fc:df:8f:8e:f8:fa:7d:2e:4e:70:f6:bc:4d:a1:82:ba:14:86
Signer

Actual PE Digest

bb:44:fc:df:8f:8e:f8:fa:7d:2e:4e:70:f6:bc:4d:a1:82:ba:14:86

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\tinderboxa\win-7.0\out\win.amd64\release\obj\VBoxHeadless\VBoxHeadless.pdb

Imports

vcruntime140

strchr
__std_terminate
_purecall
memset
__std_type_info_destroy_list
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__C_specific_handler

vcruntime140_1

__CxxFrameHandler4

user32

DispatchMessageW
TranslateMessage
PeekMessageW
PostThreadMessageW
PostMessageW
DefWindowProcW
RegisterClassW
UnregisterClassW
CreateWindowExW
DestroyWindow
ShutdownBlockReasonCreate
GetMessageW
MsgWaitForMultipleObjects

ole32

StringFromIID
CoCreateFreeThreadedMarshaler
CoCreateInstance
CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoTaskMemFree

oleaut32

SafeArrayCreate
SafeArrayDestroy
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
SysAllocString
SysAllocStringLen
SysReAllocStringLen
SysFreeString
SysStringLen
SysAllocStringByteLen
SafeArrayRedim
GetErrorInfo

vboxrt

??4RTCString@@QEAAAEAV0@PEBD@Z
RTMsgErrorExit
RTStrmOpen
RTStrmClose
RTStrmInputGetEchoChars
RTStrmInputSetEchoChars
RTStrmReadEx
RTStrmPutStr
RTStrmGetLine
RTStrmPrintfV
g_pStdIn
g_pStdOut
RTErrConvertFromWin32
RTMsgWarning
RTBldCfgRevisionStr
?append@RTCString@@QEAAAEAV1@PEBD@Z
?append@RTCString@@QEAAAEAV1@AEBV1@@Z
?printfV@RTCString@@QEAAAEAV1@PEBDPEAD@Z
??0RTCString@@QEAA@AEBV0@@Z
RTMemReallocTag
RTUuidFromUtf16
RTUuidIsNull
RTPathFilename
RTMemFree
RTLogLoggerEx
RTLogRelGetDefaultInstanceEx
RTUuidClear
?cleanup@RTCString@@IEAAXXZ
??8RTCString@@QEBA_NPEBD@Z
?equals@RTCString@@QEBA_NPEBD@Z
?isEmpty@RTCString@@QEBA_NXZ
?c_str@RTCString@@QEBAPEBDXZ
??1RTCString@@UEAA@XZ
??0RTCString@@QEAA@XZ
RTStrCmp
RTStrPrintf
RTStrDupTag
RTStrFree
RTCritSectDelete
RTCritSectLeave
RTCritSectEnter
RTCritSectInit
RTThreadCreate
g_pStdErr
RTStrConsoleCPToUtf8Tag
RTProcSelf
RTEnvGet
RTGetOptPrintError
RTGetOpt
RTGetOptInit
RTPrintf
RTStrmPrintf
RTStrmFlush
RTSemEventWait
??4RTCString@@QEAAAEAV0@AEBV0@@Z
RTUtf16ToUtf8ExTag
RTUtf16Len
RTSemEventSignal
RTSemEventCreate
RTMsgInfo
RTMsgError
RTStrNLen
RTStrFormatV
RTStrToUtf16ExTag
RTStrCalcUtf16LenEx
RTBldCfgVersion
??H@YA?BVRTCString@@AEBV0@PEBD@Z
RTThreadSelf
RTLdrLoad
RTLdrGetSymbol
RTPathAppend
RTPathAppPrivateArch

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_cexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm
_initterm_e
_execute_onexit_table
_errno

api-ms-win-crt-convert-l1-1-0

strtoul

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

kernel32

UnhandledExceptionFilter
RtlCaptureContext
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
SetConsoleCtrlHandler
SetUnhandledExceptionFilter
GetCurrentProcess
GetCurrentThread
DuplicateHandle
CloseHandle
GetProcAddress
GetModuleHandleExW
VirtualProtect
QueryPerformanceCounter
GetCurrentProcessId
GetModuleHandleW
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
CreateMutexW
SetLastError
GetLastError
InitializeSListHead

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

rpcrt4

CStdStubBuffer_Invoke

Exports

Exports

TrustedMain

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 249KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I@uncherr/VBoxHostChannel.dll
.dll windows:6 windows x64 arch:x64

Password: 1885

e59300b8594c929c5ef32cbc20559c39

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9b:57:b2:88:eb:c3:82:fd:8f:3c:28:9b:89:65:91:77:0f:33:c2:a4:d9:95:3d:95:26:fc:0b:7a:b3:b1:17:f1
Signer

Actual PE Digest

9b:57:b2:88:eb:c3:82:fd:8f:3c:28:9b:89:65:91:77:0f:33:c2:a4:d9:95:3d:95:26:fc:0b:7a:b3:b1:17:f1

Digest Algorithm

sha256

PE Digest Matches

true

da:3f:c6:6f:c2:33:1b:ce:3b:fe:bc:53:90:8d:ec:07:ab:9c:f5:74
Signer

Actual PE Digest

da:3f:c6:6f:c2:33:1b:ce:3b:fe:bc:53:90:8d:ec:07:ab:9c:f5:74

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\tinderboxa\win-7.0\out\win.amd64\release\obj\VBoxHostChannel\VBoxHostChannel.pdb

Imports

vcruntime140

__std_type_info_destroy_list
memset
__C_specific_handler
memcpy

vboxrt

RTCritSectLeave
RTCritSectEnter
RTMemAllocZTag
RTStrCmp
RTStrDupTag
RTStrFree
RTMemFree
RTCritSectInit
RTCritSectDelete
RTMemAllocTag
RTLogLoggerEx
RTLogRelGetDefaultInstanceEx

api-ms-win-crt-runtime-l1-1-0

_cexit
_execute_onexit_table
_initialize_onexit_table
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_initialize_narrow_environment

kernel32

RtlCaptureContext
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead

Exports

Exports

VBoxHGCMSvcLoad

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I@uncherr/VBoxLibSsh.dll
.dll windows:6 windows x64 arch:x64

Password: 1885

af55d8aa9ce15317d8fe791c3c8bb200

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f9:b1:00:06:0c:12:c1:59:ae:4b:e0:24:91:1c:f7:c5:eb:03:73:da:94:3f:51:12:df:a5:52:97:6e:19:ef:da
Signer

Actual PE Digest

f9:b1:00:06:0c:12:c1:59:ae:4b:e0:24:91:1c:f7:c5:eb:03:73:da:94:3f:51:12:df:a5:52:97:6e:19:ef:da

Digest Algorithm

sha256

PE Digest Matches

true

87:9a:c9:84:d9:d6:96:b7:6b:c3:e4:43:b2:75:e8:82:9b:d9:4f:b2
Signer

Actual PE Digest

87:9a:c9:84:d9:d6:96:b7:6b:c3:e4:43:b2:75:e8:82:9b:d9:4f:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\tinderboxa\win-7.0\out\win.amd64\release\obj\VBoxLibSsh\VBoxLibSsh.pdb

Imports

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
strrchr
memcmp
memmove
memcpy
strchr
strstr
memset

vboxrt

BIO_ctrl
BIO_s_mem
BIO_new_mem_buf
BN_free
OSSL_PARAM_locate_const
OSSL_PARAM_construct_int
OSSL_PARAM_construct_uint
OSSL_PARAM_construct_end
OSSL_PARAM_get_BN
OSSL_PARAM_free
EVP_DigestSignInit
EVP_DigestSignUpdate
EVP_DigestSignFinal
EVP_DigestVerifyInit
EVP_DigestVerifyUpdate
EVP_DigestVerifyFinal
EVP_aes_128_cbc
EVP_PKEY_get_base_id
EVP_PKEY_get_bits
EVP_PKEY_get_size
EVP_PKEY_set1_EC_KEY
EVP_PKEY_get1_EC_KEY
EVP_PKEY_new
EVP_PKEY_up_ref
EVP_PKEY_eq
EVP_PKEY_CTX_new_from_name
EVP_PKEY_CTX_new_from_pkey
EVP_PKEY_CTX_free
EVP_PKEY_CTX_set_params
EVP_PKEY_todata
EVP_PKEY_set_bn_param
EVP_PKEY_paramgen_init
EVP_PKEY_keygen_init
EVP_PKEY_generate
EC_GROUP_get_curve_name
EC_GROUP_cmp
EC_POINT_new
EC_POINT_free
EC_POINT_point2oct
EC_POINT_oct2point
EC_POINT_cmp
EC_KEY_new_by_curve_name
EC_KEY_up_ref
EC_KEY_get0_group
EC_KEY_get0_private_key
EC_KEY_set_private_key
EC_KEY_get0_public_key
EC_KEY_set_public_key
EC_KEY_set_asn1_flag
EC_KEY_generate_key
EVP_sha512
ECDSA_SIG_free
d2i_ECDSA_SIG
i2d_ECDSA_SIG
ECDSA_SIG_get0
BIO_new
DSA_SIG_new
DSA_SIG_free
d2i_DSA_SIG
i2d_DSA_SIG
DSA_SIG_get0
DSA_SIG_set0
PEM_read_bio_PrivateKey
PEM_write_bio_PrivateKey
ERR_get_error
ERR_error_string
OSSL_PARAM_BLD_new
OSSL_PARAM_BLD_free
OSSL_PARAM_BLD_push_BN
BN_CTX_new
BN_CTX_free
EC_GROUP_get_degree
EC_POINT_clear_free
ECDH_compute_key
OpenSSL_version_num
OpenSSL_version
EVP_EncryptInit_ex
EVP_EncryptUpdate
EVP_EncryptFinal
EVP_DecryptInit_ex
EVP_DecryptUpdate
EVP_DecryptFinal
EVP_CIPHER_CTX_new
EVP_CIPHER_CTX_reset
EVP_CIPHER_CTX_free
EVP_CIPHER_CTX_set_padding
EVP_CIPHER_CTX_ctrl
EVP_aes_128_ctr
EVP_aes_128_gcm
EVP_aes_192_cbc
EVP_aes_192_ctr
EVP_aes_256_cbc
EVP_aes_256_ctr
EVP_aes_256_gcm
EVP_PKEY_new_mac_key
EVP_PKEY_fromdata_init
EVP_PKEY_fromdata
OSSL_PARAM_BLD_to_param
OSSL_PARAM_merge
EVP_PKEY_derive_init
EVP_PKEY_derive_set_peer
EVP_PKEY_derive
EVP_PKEY_get_bn_param
EVP_sha384
EVP_sha256
EVP_sha1
EVP_md5
BIO_free
ECDSA_SIG_set0
EVP_DigestFinal
EVP_DigestUpdate
EC_KEY_free
EVP_DigestInit_ex
EVP_MD_CTX_free
EVP_MD_CTX_new
EVP_PKEY_free
EVP_default_properties_is_fips_enabled
RAND_bytes
BN_cmp
BN_set_word
BN_clear_free
BN_is_bit_set
BN_bn2bin
BN_bin2bn
BN_new
BN_num_bits
ECDSA_SIG_new

api-ms-win-crt-heap-l1-1-0

realloc
free
calloc
malloc

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
strerror
_wassert
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_execute_onexit_table
exit
abort
_cexit
strerror_s
_errno

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-stdio-l1-1-0

fopen
__stdio_common_vsprintf_s
_close
__stdio_common_vsnprintf_s
_read
fgets
__stdio_common_vfprintf
clearerr
fflush
ferror
fwrite
feof
__acrt_iob_func
_fileno
_write
__stdio_common_vsprintf
fread
fclose

api-ms-win-crt-string-l1-1-0

strncmp
isspace
_stricmp
strcpy_s
strcat_s
strncpy_s
strncpy
strtok_s
strcspn
strncat
isupper
tolower
isblank
strcmp
_strdup
_strnicmp

api-ms-win-crt-convert-l1-1-0

strtoll
atoi
strtoull
strtoul
strtol

api-ms-win-crt-time-l1-1-0

strftime
_localtime64

api-ms-win-crt-filesystem-l1-1-0

_mkdir
_unlink
_access
_fstat64i32

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
FormatMessageA
GetStdHandle
GetConsoleMode
LeaveCriticalSection
GetCurrentThreadId
RtlCaptureContext
RtlLookupFunctionEntry
GetSystemDirectoryA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
RtlVirtualUnwind
Sleep
InitializeCriticalSection
GetSystemTimeAsFileTime
DeleteCriticalSection
SetConsoleMode
EnterCriticalSection

advapi32

GetUserNameA

shell32

SHGetSpecialFolderPathA

ws2_32

setsockopt
gethostbyaddr
socket
getservbyport
getservbyname
WSASetLastError
WSAGetLastError
htonl
inet_ntoa
ntohl
recv
send
inet_addr
getsockname
connect
htons
ntohs
__WSAFDIsSet
gethostname
WSAStringToAddressA
getpeername
select
ioctlsocket
getsockopt
WSAStartup
WSACleanup
bind
closesocket
inet_pton
gethostbyname

Exports

Exports

_ssh_log
buffer_free
buffer_get
buffer_get_len
buffer_new
channel_accept_x11
channel_change_pty_size
channel_close
channel_forward_accept
channel_forward_cancel
channel_forward_listen
channel_free
channel_get_exit_status
channel_get_session
channel_is_closed
channel_is_eof
channel_is_open
channel_new
channel_open_forward
channel_open_session
channel_poll
channel_read
channel_read_buffer
channel_read_nonblocking
channel_request_env
channel_request_exec
channel_request_pty
channel_request_pty_size
channel_request_send_signal
channel_request_sftp
channel_request_shell
channel_request_subsystem
channel_request_x11
channel_select
channel_send_eof
channel_set_blocking
channel_write
privatekey_free
privatekey_from_file
publickey_free
publickey_from_file
publickey_from_privatekey
publickey_to_string
ssh_add_channel_callbacks
ssh_auth_list
ssh_basename
ssh_blocking_flush
ssh_buffer_add_data
ssh_buffer_free
ssh_buffer_get
ssh_buffer_get_data
ssh_buffer_get_len
ssh_buffer_new
ssh_buffer_reinit
ssh_channel_accept_forward
ssh_channel_accept_x11
ssh_channel_cancel_forward
ssh_channel_change_pty_size
ssh_channel_close
ssh_channel_free
ssh_channel_get_exit_status
ssh_channel_get_session
ssh_channel_is_closed
ssh_channel_is_eof
ssh_channel_is_open
ssh_channel_listen_forward
ssh_channel_new
ssh_channel_open_auth_agent
ssh_channel_open_forward
ssh_channel_open_forward_port
ssh_channel_open_forward_unix
ssh_channel_open_session
ssh_channel_open_tunnel
ssh_channel_poll
ssh_channel_poll_timeout
ssh_channel_read
ssh_channel_read_nonblocking
ssh_channel_read_timeout
ssh_channel_request_auth_agent
ssh_channel_request_env
ssh_channel_request_exec
ssh_channel_request_pty
ssh_channel_request_pty_size
ssh_channel_request_send_break
ssh_channel_request_send_signal
ssh_channel_request_sftp
ssh_channel_request_shell
ssh_channel_request_subsystem
ssh_channel_request_x11
ssh_channel_select
ssh_channel_send_eof
ssh_channel_set_blocking
ssh_channel_set_counter
ssh_channel_window_size
ssh_channel_write
ssh_channel_write_stderr
ssh_clean_pubkey_hash
ssh_connect
ssh_connector_free
ssh_connector_new
ssh_connector_set_in_channel
ssh_connector_set_in_fd
ssh_connector_set_out_channel
ssh_connector_set_out_fd
ssh_copyright
ssh_dirname
ssh_disconnect
ssh_dump_knownhost
ssh_event_add_connector
ssh_event_add_fd
ssh_event_add_session
ssh_event_dopoll
ssh_event_free
ssh_event_new
ssh_event_remove_connector
ssh_event_remove_fd
ssh_event_remove_session
ssh_finalize
ssh_forward_accept
ssh_forward_cancel
ssh_forward_listen
ssh_free
ssh_get_cipher_in
ssh_get_cipher_out
ssh_get_clientbanner
ssh_get_disconnect_message
ssh_get_error
ssh_get_error_code
ssh_get_fd
ssh_get_fingerprint_hash
ssh_get_hexa
ssh_get_hmac_in
ssh_get_hmac_out
ssh_get_issue_banner
ssh_get_kex_algo
ssh_get_log_callback
ssh_get_log_level
ssh_get_log_userdata
ssh_get_openssh_version
ssh_get_poll_flags
ssh_get_pubkey
ssh_get_pubkey_hash
ssh_get_publickey
ssh_get_publickey_hash
ssh_get_random
ssh_get_server_publickey
ssh_get_serverbanner
ssh_get_status
ssh_get_version
ssh_getpass
ssh_init
ssh_is_blocking
ssh_is_connected
ssh_is_server_known
ssh_key_cmp
ssh_key_dup
ssh_key_free
ssh_key_is_private
ssh_key_is_public
ssh_key_new
ssh_key_type
ssh_key_type_from_name
ssh_key_type_to_char
ssh_known_hosts_parse_line
ssh_knownhosts_entry_free
ssh_log
ssh_message_channel_request_open_reply_accept
ssh_message_channel_request_open_reply_accept_channel
ssh_message_channel_request_reply_success
ssh_message_free
ssh_message_get
ssh_message_subtype
ssh_message_type
ssh_mkdir
ssh_new
ssh_options_copy
ssh_options_get
ssh_options_get_port
ssh_options_getopt
ssh_options_parse_config
ssh_options_set
ssh_pcap_file_close
ssh_pcap_file_free
ssh_pcap_file_new
ssh_pcap_file_open
ssh_pki_copy_cert_to_privkey
ssh_pki_export_privkey_base64
ssh_pki_export_privkey_file
ssh_pki_export_privkey_to_pubkey
ssh_pki_export_pubkey_base64
ssh_pki_export_pubkey_file
ssh_pki_generate
ssh_pki_import_cert_base64
ssh_pki_import_cert_file
ssh_pki_import_privkey_base64
ssh_pki_import_privkey_file
ssh_pki_import_pubkey_base64
ssh_pki_import_pubkey_file
ssh_pki_key_ecdsa_name
ssh_print_hash
ssh_print_hexa
ssh_privatekey_type
ssh_publickey_to_file
ssh_remove_channel_callbacks
ssh_scp_accept_request
ssh_scp_close
ssh_scp_deny_request
ssh_scp_free
ssh_scp_init
ssh_scp_leave_directory
ssh_scp_new
ssh_scp_pull_request
ssh_scp_push_directory
ssh_scp_push_file
ssh_scp_push_file64
ssh_scp_read
ssh_scp_request_get_filename
ssh_scp_request_get_permissions
ssh_scp_request_get_size
ssh_scp_request_get_size64
ssh_scp_request_get_warning
ssh_scp_write
ssh_select
ssh_send_debug
ssh_send_ignore
ssh_service_request
ssh_session_export_known_hosts_entry
ssh_session_get_known_hosts_entry
ssh_session_has_known_hosts_entry
ssh_session_is_known_server
ssh_session_set_disconnect_message
ssh_session_update_known_hosts
ssh_set_agent_channel
ssh_set_agent_socket
ssh_set_blocking
ssh_set_callbacks
ssh_set_channel_callbacks
ssh_set_counters
ssh_set_fd_except
ssh_set_fd_toread
ssh_set_fd_towrite
ssh_set_log_callback
ssh_set_log_level
ssh_set_log_userdata
ssh_set_pcap_file
ssh_set_server_callbacks
ssh_silent_disconnect
ssh_string_burn
ssh_string_copy
ssh_string_data
ssh_string_fill
ssh_string_free
ssh_string_free_char
ssh_string_from_char
ssh_string_get_char
ssh_string_len
ssh_string_new
ssh_string_to_char
ssh_threads_get_default
ssh_threads_get_noop
ssh_threads_set_callbacks
ssh_try_publickey_from_file
ssh_userauth_autopubkey
ssh_userauth_gssapi
ssh_userauth_kbdint
ssh_userauth_kbdint_getinstruction
ssh_userauth_kbdint_getname
ssh_userauth_kbdint_getnprompts
ssh_userauth_kbdint_getprompt
ssh_userauth_kbdint_setanswer
ssh_userauth_list
ssh_userauth_none
ssh_userauth_offer_pubkey
ssh_userauth_password
ssh_userauth_privatekey_file
ssh_userauth_pubkey
ssh_userauth_publickey
ssh_userauth_publickey_auto
ssh_userauth_publickey_auto_get_current_identity
ssh_userauth_try_publickey
ssh_version
ssh_vlog
ssh_write_knownhost
string_burn
string_copy
string_data
string_fill
string_free
string_from_char
string_len
string_new
string_to_char

Sections

.text
Size: 251KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I@uncherr/VBoxNetDHCP.dll
.dll windows:6 windows x64 arch:x64

Password: 1885

af376516447efaf199fef40ccfaf08b8

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:1d:18:01:27:37:b4:6c:b7:38:11:50:67:4d:8e:bd:6e:57:ef:d9:ed:16:80:e9:ad:7f:62:92:e0:54:75:ae
Signer

Actual PE Digest

39:1d:18:01:27:37:b4:6c:b7:38:11:50:67:4d:8e:bd:6e:57:ef:d9:ed:16:80:e9:ad:7f:62:92:e0:54:75:ae

Digest Algorithm

sha256

PE Digest Matches

true

15:77:75:f7:11:db:44:76:f4:98:cb:16:33:11:21:ef:6d:6f:7b:b7
Signer

Actual PE Digest

15:77:75:f7:11:db:44:76:f4:98:cb:16:33:11:21:ef:6d:6f:7b:b7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\tinderboxa\win-7.0\out\win.amd64\release\obj\VBoxNetDHCP\VBoxNetDHCP.pdb

Imports

vcruntime140

__C_specific_handler
memset
memmove
memcpy
memcmp
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__std_terminate
_purecall
memchr
__std_type_info_destroy_list

vcruntime140_1

__CxxFrameHandler4

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

vboxrt

RTStrSimplePatternMatch
RTStrToUInt32Full
RTStrToUInt8Full
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogGroupSettings
RTLogFlags
RTLogDestinations
RTLogLoggerEx
RTNetStrToMacAddr
RTNetStrToIPv4Addr
RTNetMaskToPrefixIPv4
RTGetOptInit
RTGetOpt
RTGetOptPrintError
RTPathPurgeFilename
RTPathFilename
RTPathAppend
RTMsgError
RTMsgInfo
RTUuidCreate
??0RTCString@@QEAA@XZ
??0RTCString@@QEAA@AEBV0@@Z
??0RTCString@@QEAA@PEBD@Z
??1RTCString@@UEAA@XZ
?reserveNoThrow@RTCString@@QEAAH_K@Z
??4RTCString@@QEAAAEAV0@PEBD@Z
?assignNoThrow@RTCString@@QEAAHAEBV1@@Z
?assignNoThrow@RTCString@@QEAAHPEBD@Z
?printf@RTCString@@QEAAAEAV1@PEBDZZ
?printfV@RTCString@@QEAAAEAV1@PEBDPEAD@Z
?append@RTCString@@QEAAAEAV1@PEBD@Z
?appendNoThrow@RTCString@@QEAAHPEBD@Z
?append@RTCString@@QEAAAEAV1@D@Z
?appendPrintfV@RTCString@@QEAAAEAV1@PEBDPEAD@Z
?c_str@RTCString@@QEBAPEBDXZ
?mutableRaw@RTCString@@QEAAPEADXZ
?jolt@RTCString@@QEAAXXZ
?isEmpty@RTCString@@QEBA_NXZ
?equals@RTCString@@QEBA_NPEBD@Z
??MRTCString@@QEBA_NAEBV0@@Z
??0RTCError@@QEAA@PEBD@Z
??0RTCError@@QEAA@AEBV0@@Z
??1RTCError@@UEAA@XZ
?what@RTCError@@UEBAPEBDXZ
?getName@Node@xml@@QEBAPEBDXZ
?nameEqualsNS@Node@xml@@QEBA_NPEBD0@Z
?getValue@Node@xml@@QEBAPEBDXZ
?getParent@Node@xml@@QEBAPEBV12@XZ
?findAttribute@ElementNode@xml@@QEBAPEBVAttributeNode@2@PEBD0@Z
?getAttributeValue@ElementNode@xml@@QEBA_NPEBDPEAPEBD0@Z
?getAttributeValue@ElementNode@xml@@QEBA_NPEBDPEAVRTCString@@0@Z
?getAttributeValue@ElementNode@xml@@QEBA_NPEBDPEAI0@Z
?getAttributeValue@ElementNode@xml@@QEBA_NPEBDPEA_N0@Z
??0NodesLoop@xml@@QEAA@AEBVElementNode@1@PEBD@Z
??1NodesLoop@xml@@QEAA@XZ
?forAllNodes@NodesLoop@xml@@QEBAPEBVElementNode@2@XZ
??0Document@xml@@QEAA@XZ
??1Document@xml@@QEAA@XZ
?getRootElement@Document@xml@@QEAAPEAVElementNode@2@XZ
??0XmlFileParser@xml@@QEAA@XZ
??1XmlFileParser@xml@@QEAA@XZ
?read@XmlFileParser@xml@@QEAAXAEBVRTCString@@AEAVDocument@2@@Z
?assignNoThrow@RTCString@@QEAAHPEBD_K@Z
RTStrFormatTypeRegister
RTStrConvertHexBytesEx
?findChildElementNS@ElementNode@xml@@QEBAPEBV12@PEBD0@Z
?getAttributeValue@ElementNode@xml@@QEBA_NPEBDPEA_J0@Z
?createChild@ElementNode@xml@@QEAAPEAV12@PEBD@Z
?setAttribute@ElementNode@xml@@QEAAPEAVAttributeNode@2@PEBD0@Z
?setAttribute@ElementNode@xml@@QEAAPEAVAttributeNode@2@PEBDAEBVRTCString@@@Z
RTStrPrintf2
?setAttribute@ElementNode@xml@@QEAAPEAVAttributeNode@2@PEBD_J@Z
?createRootElement@Document@xml@@QEAAPEAVElementNode@2@PEBD0@Z
??0XmlFileWriter@xml@@QEAA@AEAVDocument@1@@Z
??1XmlFileWriter@xml@@QEAA@XZ
?write@XmlFileWriter@xml@@QEAAXPEBD_N@Z
RTTimeNow
RTStrToUInt16Full
RTCidrStrToIPv4
RTTimeExplode
RTTimeToStringEx
RTLogRelSetDefaultInstance
RTLogCreate
RTStrFormat
RTPathExecDir
RTAssertMsg1Weak
RTAssertShouldPanic
SUPR3Init
SUPR3Term
SUPR3IsDriverless
SUPR3CallVMMR0Ex
SUPR3LoadVMM
RTStrCopy
RTNetIPv4HdrChecksum
RTNetIPv4PseudoChecksum
RTNetIPv6PseudoChecksumEx
RTNetUDPChecksum
RTNetTCPChecksum
RTMemAllocZTag
RTMemFree
RTBldCfgRevision
RTBldCfgTargetDotArch
RTSystemQueryOSInfo
RTSystemQueryTotalRam
RTSystemQueryAvailableRam
RTSystemQueryDmiString
RTSystemQueryFirmwareType
RTSystemFirmwareTypeName
RTSystemQueryFirmwareBoolean
RTProcSelf
RTProcGetExecutablePath
RTTimeSpecToString
RTLogCreateEx
RTLogSetBuffering
RTLogFlush
RTEnvGetEx
RTDirExists
RTDirCreateFullPath
RTPathAbs
RTPathStartsWithRoot
RTPathUserHome
RTAssertMsg2Weak
RTMemAllocTag
RTTimeMilliTS
RTSemEventCreate
RTSemEventSignal
RTSemEventWait
RTSemEventMultiCreate
RTSemEventMultiDestroy
RTSemEventMultiSignal
RTSemEventMultiReset
RTSemEventMultiWait
RTSemMutexCreate
RTSemMutexDestroy
RTSemMutexRequest
RTSemMutexRelease
RTThreadCreateF
RTCritSectInit
RTCritSectEnter
RTCritSectLeave
RTCritSectDelete
RTStrStripL
?setAttribute@ElementNode@xml@@QEAAPEAVAttributeNode@2@PEBDI@Z
RTStrPrintf
RTStrPrintHexBytes
RTPrintf

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_execute_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_cexit
_initterm
_initialize_onexit_table
_initterm_e
_register_onexit_function
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-string-l1-1-0

strpbrk
strcmp

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

kernel32

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
DisableThreadLibraryCalls

Exports

Exports

TrustedMain

Sections

.text
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 249KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I@uncherr/VBoxNetNAT.dll
.dll windows:6 windows x64 arch:x64

Password: 1885

a7237948c9a5b4a8c4d83ab017b31def

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:08:7c:dc:81:a4:45:67:d0:77:32:ed:1c:6a:31:58:2a:de:88:b2:fa:a7:c0:83:89:b5:e9:b8:01:28:21:43
Signer

Actual PE Digest

7b:08:7c:dc:81:a4:45:67:d0:77:32:ed:1c:6a:31:58:2a:de:88:b2:fa:a7:c0:83:89:b5:e9:b8:01:28:21:43

Digest Algorithm

sha256

PE Digest Matches

true

7e:29:0c:cb:ce:1f:59:9c:f2:6a:9a:61:5b:69:24:fb:be:6c:a6:fb
Signer

Actual PE Digest

7e:29:0c:cb:ce:1f:59:9c:f2:6a:9a:61:5b:69:24:fb:be:6c:a6:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\tinderboxa\win-7.0\out\win.amd64\release\obj\VBoxNetNAT\VBoxNetNAT.pdb

Imports

vcruntime140

__std_terminate
__std_exception_copy
__std_exception_destroy
_CxxThrowException
strstr
memcpy
memmove
_purecall
strchr
memset
memchr
__std_type_info_destroy_list
__C_specific_handler
memcmp

vcruntime140_1

__CxxFrameHandler4

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

vboxrt

SUPR3Init
SUPR3Term
SUPR3IsDriverless
SUPR3CallVMMR0Ex
SUPR3LoadVMM
RTNetIPv4HdrChecksum
RTNetIPv4PseudoChecksum
RTNetIPv6PseudoChecksumEx
RTNetUDPChecksum
RTNetTCPChecksum
RTStrNICmp
RTStrStr
RTStrToUInt16Ex
RTAssertMsg2Weak
RTRandU32
RTMemAllocTag
RTTimeMilliTS
RTSemEventCreate
RTSemEventDestroy
RTSemEventSignal
RTSemEventWait
RTSemEventMultiCreate
RTSemEventMultiDestroy
RTSemEventMultiSignal
RTSemEventMultiReset
RTSemEventMultiWait
RTSemMutexCreate
RTSemMutexDestroy
RTSemMutexRequest
RTSemMutexRelease
RTThreadCreateF
RTMemReallocTag
RTReqQueueCreate
RTReqQueueProcess
RTReqQueueCallEx
RTStrFormat
RTStrFormatTypeRegister
RTStrICmp
RTMsgErrorExit
RTUtf16ToUtf8ExTag
RTAssertShouldPanic
RTStrNLen
RTStrFormatV
RTStrToUtf16ExTag
RTStrCalcUtf16LenEx
RTPathAppPrivateArch
RTLdrGetSymbol
RTLdrLoad
RTBldCfgVersion
RTLogFlush
RTLogSetBuffering
RTLogCreateEx
RTLogRelSetDefaultInstance
RTTimeNow
RTTimeSpecToString
RTProcGetExecutablePath
RTProcSelf
RTSystemQueryFirmwareBoolean
RTSystemFirmwareTypeName
RTSystemQueryFirmwareType
RTSystemQueryDmiString
RTMsgError
RTPrintf
RTUuidClear
?cleanup@RTCString@@IEAAXXZ
?isNotEmpty@RTCString@@QEBA_NXZ
?isEmpty@RTCString@@QEBA_NXZ
?c_str@RTCString@@QEBAPEBDXZ
?appendPrintf@RTCString@@QEAAAEAV1@PEBDZZ
?printfV@RTCString@@QEAAAEAV1@PEBDPEAD@Z
??4RTCString@@QEAAAEAV0@PEBD@Z
??1RTCString@@UEAA@XZ
??0RTCString@@QEAA@PEBDPEAD@Z
??0RTCString@@QEAA@PEBD@Z
??0RTCString@@QEAA@XZ
RTUtf16Cmp
RTUtf16Len
RTStrToUInt32Ex
RTStrCopy
RTStrStripL
RTStrPrintf
RTStrDupTag
RTStrFree
RTStrUtf8ToCurrentCPTag
RTCritSectDelete
RTCritSectLeave
RTCritSectEnter
RTCritSectInit
RTThreadWait
RTThreadCreate
RTMemFree
RTAssertMsg1Weak
RTPathExecDir
RTPathAppend
RTProcShortName
RTGetOptPrintError
RTGetOpt
RTMemDupTag
RTMemAllocZTag
RTLogLoggerEx
RTLogRelGetDefaultInstanceEx
RTSystemQueryAvailableRam
RTSystemQueryTotalRam
RTSystemQueryOSInfo
RTBldCfgTargetDotArch
RTPathUserHome
RTPathStartsWithRoot
RTPathAbs
RTDirCreateFullPath
RTDirExists
RTEnvGetEx
RTNetStrToIPv6Cidr
RTNetStrToIPv6Addr
RTNetPrefixToMaskIPv4
RTNetStrToIPv4Cidr
RTNetStrToIPv4Addr
RTNetStrToIPv4AddrEx
RTGetOptInit
RTThreadSelf
RTBldCfgRevision
RTUuidIsNull
RTUuidFromUtf16
RTErrConvertFromWin32

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_crt_atexit
_initialize_narrow_environment
_configure_narrow_argv
perror
_cexit
_initterm
_initterm_e
_execute_onexit_table
_initialize_onexit_table
__sys_nerr
strerror_s
_errno
_seh_filter_dll
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-string-l1-1-0

strncmp
_strdup
strcmp

api-ms-win-crt-stdio-l1-1-0

_read
__stdio_common_vfprintf
_open
__stdio_common_vsprintf
_close
__acrt_iob_func

api-ms-win-crt-heap-l1-1-0

calloc
_callnewh
malloc
free

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-filesystem-l1-1-0

_fstat64i32

kernel32

SetUnhandledExceptionFilter
IsDebuggerPresent
FormatMessageW
GetCurrentProcess
TerminateProcess
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetVersionExW
GetLastError
UnhandledExceptionFilter
FormatMessageA
LocalFree
GetModuleHandleW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThread
DuplicateHandle
CloseHandle
GetProcAddress
GetModuleHandleExW
VirtualProtect
CreateMutexW
SetLastError
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
ExitProcess

user32

PostThreadMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
MsgWaitForMultipleObjects

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

ws2_32

sendto
WSASend
WSARecv
shutdown
getpeername
recvfrom
WSASetLastError
setsockopt
listen
WSACreateEvent
WSAEnumNetworkEvents
freeaddrinfo
WSAResetEvent
getsockopt
ioctlsocket
connect
bind
WSAGetLastError
send
recv
closesocket
WSAStartup
socket
getaddrinfo
WSAEventSelect
WSAWaitForMultipleEvents
getsockname
WSASocketW
accept
WSASendTo

ole32

CoCreateInstance
CoInitializeEx
CoTaskMemFree
StringFromIID
CoInitializeSecurity
CoCreateFreeThreadedMarshaler

oleaut32

SysAllocStringByteLen
SysStringLen
SysFreeString
GetErrorInfo
SysAllocStringLen
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayRedim
SafeArrayDestroy
SysReAllocStringLen
SafeArrayCreate

rpcrt4

CStdStubBuffer_Invoke

iphlpapi

Icmp6ParseReplies
IcmpParseReplies
Icmp6SendEcho2
IcmpSendEcho2
Icmp6CreateFile
IcmpCreateFile

Exports

Exports

TrustedMain

Sections

.text
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 249KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I@uncherr/VBoxProxyStub-x86.dll
.dll regsvr32 windows:6 windows x86 arch:x86

5f1487de10f9996626108322a43376d6

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fd:11:60:c7:e3:f5:60:a0:79:94:bd:48:b0:d8:8a:dc:f4:4e:12:5a:8d:fc:97:0f:b8:84:1e:7f:74:c3:b5:06
Signer

Actual PE Digest

fd:11:60:c7:e3:f5:60:a0:79:94:bd:48:b0:d8:8a:dc:f4:4e:12:5a:8d:fc:97:0f:b8:84:1e:7f:74:c3:b5:06

Digest Algorithm

sha256

PE Digest Matches

true

d3:fb:1d:2a:16:f5:79:f6:88:9d:b8:38:72:d1:db:4a:85:4e:79:d3
Signer

Actual PE Digest

d3:fb:1d:2a:16:f5:79:f6:88:9d:b8:38:72:d1:db:4a:85:4e:79:d3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\tinderboxa\win-7.0\out\win.amd64\release\obj\VBoxProxyStub-x86\VBoxProxyStub-x86.pdb

Imports

vcruntime140

__std_type_info_destroy_list
memset
memcmp
_except_handler4_common

vboxrt-x86

RTLogRelGetDefaultInstanceEx
RTLogLoggerEx
RTStrCopy
RTStrCat
RTUtf16Len
RTUtf16Copy
RTUtf16CopyAscii
RTUtf16Cat
RTUtf16CatAscii
RTUtf16Cmp
RTUtf16ICmp
RTR3InitDll

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll

api-ms-win-crt-string-l1-1-0

_memicmp

kernel32

IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
GetLastError
SetLastError
DisableThreadLibraryCalls
GetModuleFileNameW
UnhandledExceptionFilter

advapi32

RegQueryValueExA
RegCreateKeyExA
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey

shlwapi

SHDeleteKeyA
SHDeleteKeyW

oleaut32

BSTR_UserUnmarshal
BSTR_UserFree
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi
BSTR_UserMarshal
BSTR_UserSize

rpcrt4

NdrDllUnregisterProxy
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
NdrStubForwardingFunction
NdrDllCanUnloadNow
NdrOleFree
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleAllocate
NdrDllRegisterProxy
NdrDllGetClassObject
NdrCStdStubBuffer2_Release
NdrCStdStubBuffer_Release
NdrClientCall2
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Connect
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
NdrStubCall2
CStdStubBuffer_Disconnect

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo
VbpsUpdateRegistrations

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 1024B - Virtual size: 610B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 436KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I@uncherr/VBoxProxyStub.dll
.dll regsvr32 windows:6 windows x64 arch:x64

6a5978d03665528ad707e90ec357d440

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:24:d3:49:ea:b4:dc:6d:41:74:dc:1a:0e:ac:3e:d6:7d:62:1d:38:04:f3:b8:90:ae:b9:6b:2b:38:e4:b7:08
Signer

Actual PE Digest

2d:24:d3:49:ea:b4:dc:6d:41:74:dc:1a:0e:ac:3e:d6:7d:62:1d:38:04:f3:b8:90:ae:b9:6b:2b:38:e4:b7:08

Digest Algorithm

sha256

PE Digest Matches

true

53:93:54:00:b3:6d:52:64:5d:e0:4c:1d:01:40:6d:45:ce:be:e6:a2
Signer

Actual PE Digest

53:93:54:00:b3:6d:52:64:5d:e0:4c:1d:01:40:6d:45:ce:be:e6:a2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\tinderboxa\win-7.0\out\win.amd64\release\obj\VBoxProxyStub\VBoxProxyStub.pdb

Imports

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
memset
memcmp

vboxrt

RTUtf16CatAscii
RTLogLoggerEx
RTR3InitDll
RTStrCopy
RTStrCat
RTUtf16ICmp
RTUtf16Cmp
RTUtf16Len
RTUtf16Cat
RTUtf16CopyAscii
RTUtf16Copy
RTLogRelGetDefaultInstanceEx

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf

api-ms-win-crt-string-l1-1-0

_memicmp
strcmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_seh_filter_dll
_initterm
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_cexit
_execute_onexit_table

kernel32

IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError
DisableThreadLibraryCalls
GetModuleFileNameW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

advapi32

RegQueryValueExW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegCreateKeyExA
RegCloseKey
RegOpenKeyExW
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegSetValueExW
ChangeServiceConfig2W
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
OpenSCManagerW
OpenServiceW
QueryServiceConfigW

shlwapi

SHDeleteKeyW
SHDeleteKeyA

ole32

ObjectStublessClient18
ObjectStublessClient17
ObjectStublessClient16
ObjectStublessClient15
ObjectStublessClient14
ObjectStublessClient13
ObjectStublessClient20
ObjectStublessClient11
ObjectStublessClient10
ObjectStublessClient9
ObjectStublessClient8
ObjectStublessClient7
ObjectStublessClient4
ObjectStublessClient3
ObjectStublessClient21
ObjectStublessClient19
ObjectStublessClient22
ObjectStublessClient23
ObjectStublessClient24
ObjectStublessClient25
ObjectStublessClient26
ObjectStublessClient27
ObjectStublessClient28
ObjectStublessClient29
ObjectStublessClient30
ObjectStublessClient31
NdrProxyForwardingFunction3
NdrProxyForwardingFunction7
NdrProxyForwardingFunction6
NdrProxyForwardingFunction5
ObjectStublessClient12
NdrProxyForwardingFunction4
ObjectStublessClient5

oleaut32

BSTR_UserFree64
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserSize64
LPSAFEARRAY_UserMarshal64
LPSAFEARRAY_UserUnmarshal64
LPSAFEARRAY_UserFree64
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi
BSTR_UserSize
BSTR_UserMarshal64
BSTR_UserSize64
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserUnmarshal64

rpcrt4

CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrDllRegisterProxy
NdrDllUnregisterProxy
CStdStubBuffer_AddRef
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
CStdStubBuffer_QueryInterface
NdrStubForwardingFunction
IUnknown_Release_Proxy
NdrOleFree
NdrOleAllocate
NdrStubCall3

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo
VbpsUpdateRegistrations

Sections

.orpc
Size: 512B - Virtual size: 457B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 305KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 436KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I@uncherr/VBoxRes.dll
.dll windows:6 windows x64 arch:x64

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:33:f3:02:f0:e4:fd:20:a0:2e:5e:79:3a:59:26:22:22:fa:3d:1f:3e:ea:9a:9f:f0:14:f4:dc:2e:60:57:e9
Signer

Actual PE Digest

0a:33:f3:02:f0:e4:fd:20:a0:2e:5e:79:3a:59:26:22:22:fa:3d:1f:3e:ea:9a:9f:f0:14:f4:dc:2e:60:57:e9

Digest Algorithm

sha256

PE Digest Matches

true

2e:33:20:50:87:4f:22:cd:4d:67:35:b7:ea:31:2f:02:79:40:61:d1
Signer

Actual PE Digest

2e:33:20:50:87:4f:22:cd:4d:67:35:b7:ea:31:2f:02:79:40:61:d1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\tinderboxa\win-7.0\out\win.amd64\release\obj\VBoxRes\VBoxRes.pdb

Exports

Exports

VBoxResDummy

Sections

.text
Size: 512B - Virtual size: 3B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 862KB - Virtual size: 861KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
I@uncherr/VBoxSharedClipboard.dll
.dll windows:6 windows x64 arch:x64

9ff9da5b3b4f064a6a0e6d80e25179f2

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:d2:99:36:d4:cd:52:42:24:ab:f7:b8:ac:73:6d:fd:6a:08:ae:8a:35:9f:ec:df:e5:b1:3f:62:47:3d:c9:c2
Signer

Actual PE Digest

1a:d2:99:36:d4:cd:52:42:24:ab:f7:b8:ac:73:6d:fd:6a:08:ae:8a:35:9f:ec:df:e5:b1:3f:62:47:3d:c9:c2

Digest Algorithm

sha256

PE Digest Matches

true

31:3d:06:a4:3b:fc:a8:08:de:25:ac:f9:fb:91:c2:81:06:64:12:62
Signer

Actual PE Digest

31:3d:06:a4:3b:fc:a8:08:de:25:ac:f9:fb:91:c2:81:06:64:12:62

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\tinderboxa\win-7.0\out\win.amd64\release\obj\VBoxSharedClipboard\VBoxSharedClipboard.pdb

Imports

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
memcpy
memset
_CxxThrowException
__std_exception_destroy
__std_exception_copy

vcruntime140_1

__CxxFrameHandler4

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

vboxrt

RTLogRelGetDefaultInstanceEx
RTLogLoggerEx
RTStrToUInt32Ex
RTStrStr
RTStrCmp
RTStrCopyEx
RTCritSectInit
RTStrPrintf
RTStrValidateEncodingEx
RTLdrGetSymbol
RTLdrClose
RTLdrLoadSystem
RTErrConvertFromWin32
RTThreadSleep
RTThreadUserWait
RTThreadUserSignal
RTThreadWait
RTThreadGetNative
RTThreadCreate
RTStrPrintf2
RTRandU32Ex
RTSemEventMultiWait
RTSemEventMultiSignal
RTSemEventMultiDestroy
RTSemEventMultiCreate
RTMemDupTag
RTMemFree
RTMemAllocZTag
RTMemAllocTag
RTCritSectDelete
RTCritSectLeave
RTCritSectEnter

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_cexit
_initterm
_initterm_e
_register_onexit_function

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

kernel32

QueryPerformanceCounter
GlobalSize
GlobalUnlock
GlobalLock
lstrlenW
GetLastError
SetLastError
GlobalAlloc
GlobalFree
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetModuleHandleA
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent

user32

PostMessageA
DefWindowProcA
PostQuitMessage
DispatchMessageA
TranslateMessage
GetMessageA
RegisterClassA
UnregisterClassA
CreateWindowExA
SetWindowPos
GetClipboardOwner
GetClipboardData
GetClipboardFormatNameA
SetTimer
GetWindowLongPtrA
SetWindowLongPtrA
SendMessageTimeoutA
SendMessageCallbackA
OpenClipboard
CloseClipboard
SetClipboardViewer
GetClipboardViewer
KillTimer
EmptyClipboard
RegisterClipboardFormatA
EnumClipboardFormats
SetClipboardData
ChangeClipboardChain

Exports

Exports

VBoxHGCMSvcLoad

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I@uncherr/VBoxSharedFolders.dll
.dll windows:6 windows x64 arch:x64

ca975ac4f367bb5af520cc4b0b459a59

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

87:af:51:e2:57:68:1b:b0:57:31:f3:40:a7:63:cb:34:88:cc:0d:3a:b0:c5:3d:9d:e1:a2:8e:c5:92:51:99:45
Signer

Actual PE Digest

87:af:51:e2:57:68:1b:b0:57:31:f3:40:a7:63:cb:34:88:cc:0d:3a:b0:c5:3d:9d:e1:a2:8e:c5:92:51:99:45

Digest Algorithm

sha256

PE Digest Matches

true

24:10:40:d5:04:f9:b7:0b:e7:0b:f0:27:72:cd:d3:0e:a3:19:e9:ad
Signer

Actual PE Digest

24:10:40:d5:04:f9:b7:0b:e7:0b:f0:27:72:cd:d3:0e:a3:19:e9:ad

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\tinderboxa\win-7.0\out\win.amd64\release\obj\VBoxSharedFolders\VBoxSharedFolders.pdb

Imports

vcruntime140

__std_type_info_destroy_list
memcpy
memcmp
memmove
strchr
__C_specific_handler
memset

vboxrt

RTCritSectDelete
RTStrToUtf16ExTag
RTStrGetCpInternal
RTStrGetCpExInternal
RTMemTmpAllocTag
RTMemTmpFree
RTFsQuerySizes
RTFsQuerySerial
RTFsQueryProperties
RTUtf16Len
RTSymlinkCreate
RTSymlinkDelete
RTSymlinkRead
RTDirCreate
RTDirRemove
RTDirOpenFiltered
RTDirClose
RTDirReadEx
RTDirRewind
RTDirRename
RTDirQueryInfo
RTDirSetTimes
RTDirSetMode
RTSgBufInit
RTSgBufReset
RTCritSectEnter
RTFileClose
RTFileDelete
RTFileSeek
RTFileReadAt
RTFileSgReadAt
RTFileWrite
RTFileWriteAt
RTFileSgWriteAt
RTFileFlush
RTFileSetSize
RTFileCopy
RTFileCopyPart
RTCritSectInit
RTFileLock
RTFileUnlock
RTFileQueryInfo
RTFileSetTimes
RTFileSetMode
RTPathQueryInfoEx
RTPathRename
RTStrICmp
RTUtf16ToUtf8ExTag
RTUtf16CalcUtf8Len
RTPathStartsWith
RTPathJoinEx
RTPathAbsEx
RTStrDupTag
RTStrToUtf16Tag
RTUtf16Free
RTUtf16LocaleICmp
RTUtf16CalcUtf8LenEx
RTMemAllocZTag
RTLogLoggerEx
RTLogRelGetDefaultInstanceEx
RTUtf16ToUtf8Tag
RTCritSectLeave
RTUtf16ValidateEncodingEx
RTMemFree
RTMemAllocTag
RTStrValidateEncodingEx
RTStrAllocTag
RTStrFree
RTFileOpenEx
RTFileMove

api-ms-win-crt-runtime-l1-1-0

_cexit
_execute_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_initialize_onexit_table

kernel32

IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
GetCurrentProcessId
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GetCurrentThreadId

Exports

Exports

VBoxHGCMSvcLoad

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I@uncherr/VBoxSupLib.dll
.dll windows:6 windows x64 arch:x64

890d1ba4282cec03928fce63ca7c3eae

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

98:06:c6:f7:d0:9e:4a:9a:14:e1:b4:dd:8e:be:4c:23:14:21:b3:cd:7c:59:17:26:d5:25:01:1b:d1:61:89:1d
Signer

Actual PE Digest

98:06:c6:f7:d0:9e:4a:9a:14:e1:b4:dd:8e:be:4c:23:14:21:b3:cd:7c:59:17:26:d5:25:01:1b:d1:61:89:1d

Digest Algorithm

sha256

PE Digest Matches

true

c1:ed:d5:d6:ee:54:90:e9:1f:f2:8b:aa:de:e2:8a:38:c6:e7:7e:d5
Signer

Actual PE Digest

c1:ed:d5:d6:ee:54:90:e9:1f:f2:8b:aa:de:e2:8a:38:c6:e7:7e:d5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\tinderboxa\win-7.0\out\win.amd64\release\obj\VBoxSupLib\VBoxSupLib.pdb

Imports

ntdll

RtlGetLastWin32Error
NtSetInformationThread

kernel32

GetModuleFileNameW
GetCurrentThread
SetLastError
LoadLibraryW

Exports

Exports

DllMainEntrypoint

Sections

.text
Size: 512B - Virtual size: 223B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
I@uncherr/vcruntime140.dll
.dll windows:6 windows x86 arch:x86

b06d4116da69a513992d529f84731e6f

Code Sign

33:00:00:01:e2:f1:7d:92:02:0e:49:f8:7f:00:00:00:00:01:e2
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:31

Not After

02/12/2021, 21:31

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

47:b6:66:34:72:e4:e8:cb:d6:2e:04:88:3c:37:90:13:d2:d2:e5:91:62:e4:69:37:c7:65:9e:28:1a:da:2f:9c
Signer

Actual PE Digest

47:b6:66:34:72:e4:e8:cb:d6:2e:04:88:3c:37:90:13:d2:d2:e5:91:62:e4:69:37:c7:65:9e:28:1a:da:2f:9c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\a01\_work\2\s\\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

terminate
abort

api-ms-win-crt-heap-l1-1-0

calloc
malloc
free

api-ms-win-crt-string-l1-1-0

strcpy_s
strncmp
wcsncmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

api-ms-win-crt-convert-l1-1-0

atol

kernel32

DeleteCriticalSection
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
GetProcAddress
FreeLibrary
RtlUnwind
VirtualQuery
EncodePointer
InterlockedPushEntrySList
InterlockedFlushSList
RaiseException
EnterCriticalSection
LeaveCriticalSection
TlsSetValue
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsFree

Exports

Exports

_CreateFrameInfo
_CxxThrowException
_EH_prolog
_FindAndUnlinkFrame
_IsExceptionObjectToBeDestroyed
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_SetWinRTOutOfMemoryExceptionCallback
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
__current_exception
__current_exception_context
__intrinsic_setjmp
__processing_throw
__report_gsfailure
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_InitializeCriticalSectionEx
__vcrt_LoadLibraryExW
_chkesp
_except_handler2
_except_handler3
_except_handler4_common
_get_purecall_handler
_get_unexpected
_global_unwind2
_is_exception_typeof
_local_unwind2
_local_unwind4
_longjmpex
_purecall
_seh_longjmp_unwind
_seh_longjmp_unwind4
_set_purecall_handler
_set_se_translator
_setjmp3
longjmp
memchr
memcmp
memcpy
memmove
memset
set_unexpected
strchr
strrchr
strstr
unexpected
wcschr
wcsrchr
wcsstr

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: 1885

Password: 1885

Password: 1885

5929190c8765f5bc37b052ab5c6c53e7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 11.2MB - Virtual size: 11.2MB

.data Size: 428KB - Virtual size: 428KB

.rdata Size: 18.5MB - Virtual size: 18.5MB

.pdata Size: 368KB - Virtual size: 367KB

.xdata Size: 3KB - Virtual size: 3KB

.bss Size: - Virtual size: 428KB

.edata Size: 512B - Virtual size: 78B

.idata Size: 5KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 133KB - Virtual size: 132KB

.reloc Size: 219KB - Virtual size: 219KB

Password: 1885

53177fed01c045adb2577e1675017230

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3eCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ecCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

0a:56:a7:8c:a6:27:da:33:7f:d1:3b:c5:ac:17:2e:34:79:fb:f6:e3:35:c3:29:5c:5f:16:b8:22:6a:fd:d3:92Signer

1a:05:9d:f8:75:38:56:2d:e3:55:46:41:e9:3d:a5:65:69:54:38:d0Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

vcruntime140

vcruntime140_1

msvcp140

vboxrt

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 9KB - Virtual size: 9KB

.text
Size: 11.2MB - Virtual size: 11.2MB

.data
Size: 428KB - Virtual size: 428KB

.rdata
Size: 18.5MB - Virtual size: 18.5MB

.pdata
Size: 368KB - Virtual size: 367KB

.xdata
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 428KB

.edata
Size: 512B - Virtual size: 78B

.idata
Size: 5KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 133KB - Virtual size: 132KB

.reloc
Size: 219KB - Virtual size: 219KB

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

0a:56:a7:8c:a6:27:da:33:7f:d1:3b:c5:ac:17:2e:34:79:fb:f6:e3:35:c3:29:5c:5f:16:b8:22:6a:fd:d3:92
Signer

1a:05:9d:f8:75:38:56:2d:e3:55:46:41:e9:3d:a5:65:69:54:38:d0
Signer

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 512B - Virtual size: 80B

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

b5:51:9f:f5:e6:1e:58:78:ee:4c:f0:f8:59:d2:e4:39:27:aa:50:e3:9d:dd:10:4e:76:2e:74:be:34:50:0a:ae
Signer

bb:44:fc:df:8f:8e:f8:fa:7d:2e:4e:70:f6:bc:4d:a1:82:ba:14:86
Signer

.text
Size: 41KB - Virtual size: 41KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 249KB - Virtual size: 248KB

.reloc
Size: 512B - Virtual size: 408B

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate