Googles_9EzXrgZ7aSxZV6hHfAoEoocBt2kZzX3sa_[.]exe[.]vir

Sharing

Copy URL Twitter E-mail

General

Target

Googles_9EzXrgZ7aSxZV6hHfAoEoocBt2kZzX3sa_.exe.vir
Size

16.5MB
MD5

16da934d14a46050fc55a1a015154991
SHA1

0d7d45560f2472cdcc46736783ce6990bc0200dd
SHA256

776016643948a3aaef888b93ed96aab26129a4738fc1604682ff62c7565e5865
SHA512

0e1430f84df42b70a0f2b8f5f6f661c7e352845bb0d124b0b87c23979bee229e31445901c87a7a9edb11aa76e35f4277f82d065e6cbadf1af61b0ea99ea03139
SSDEEP

393216:iKqfEsg5/dG/Xa2IqHFr/cGW+PF62v2Uo+dxiLblUUG:iKqtgrDVwFTc6dU+SlUX

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack003/$PLUGINSDIR/InstallOptions.dll
unpack003/$SYSDIR/pthreadVC.dll

NSIS installer 10 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/$TEMP/npcap_inst.exe	nsis_installer_1
static1/unpack001/$TEMP/npcap_inst.exe	nsis_installer_2
static1/unpack001/$TEMP/winpcap_inst.exe	nsis_installer_1
static1/unpack001/$TEMP/winpcap_inst.exe	nsis_installer_2
static1/unpack001/npcap_inst.exe	nsis_installer_1
static1/unpack001/npcap_inst.exe	nsis_installer_2
static1/unpack001/winpcap_inst.exe	nsis_installer_1
static1/unpack001/winpcap_inst.exe	nsis_installer_2

Files

Googles_9EzXrgZ7aSxZV6hHfAoEoocBt2kZzX3sa_.exe.vir
.exe windows:4 windows x86 arch:x86

57e98d9a5a72c8d7ad8fb7a6a58b3daf

Code Sign

0f:2d:cc:39:18:5a:9c:0b:9a:4e:98:4b:ba:9b:8e:e3
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:5b:05:21:b0:1f:8f:a1:fd:1e:2a:e0:34:06:d6:ef
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

19/08/2022, 00:00

Not After

20/08/2025, 23:59

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,L=济南市,ST=山东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7a:f4:2d:de:0a:23:51:1f:1d:fa:d2:ae:7b:6d:e3:85:f5:ba:d0:35:11:7f:1e:f6:7a:b5:2c:83:c7:fe:ed:02
Signer

Actual PE Digest

7a:f4:2d:de:0a:23:51:1f:1d:fa:d2:ae:7b:6d:e3:85:f5:ba:d0:35:11:7f:1e:f6:7a:b5:2c:83:c7:fe:ed:02

Digest Algorithm

sha256

PE Digest Matches

true

43:1a:4d:2d:8a:5b:6d:f8:b8:58:ee:ea:0e:6e:2f:8b:d6:c2:54:44
Signer

Actual PE Digest

43:1a:4d:2d:8a:5b:6d:f8:b8:58:ee:ea:0e:6e:2f:8b:d6:c2:54:44

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
CreateFileA
GetFileSize
GetModuleFileNameA
ReadFile
GetCurrentProcess
CopyFileA
Sleep
GetTickCount
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
ExitProcess
SetCurrentDirectoryA
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
CompareFileTime
SetFileAttributesA
GetFileAttributesA
GetShortPathNameA
MoveFileA
GetFullPathNameA
SetFileTime
SearchPathA
CloseHandle
lstrcmpiA
GlobalUnlock
GetDiskFreeSpaceA
lstrcmpA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

ebc2d915841be8afc8fa1ee9f6850960

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
lstrcpyA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
lstrcmpiA
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
SetCurrentDirectoryA
HeapAlloc

user32

DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
GetPropA
CharPrevA
DrawFocusRect
GetWindowLongA
DrawTextA
GetClientRect
SetWindowLongA
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamA
MapDialogRect
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
CharNextA
SendMessageA
MapWindowPoints
RemovePropA
GetWindowTextA

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/npcap_inst.exe
.exe windows:4 windows x86 arch:x86

16cdca0a54bf8076dc7e57fab55dbc5b

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:25:63:14:06:9e:7e:6a:88:cb:82:30:75:c0:d9:c9
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/05/2020, 00:00

Not After

07/05/2021, 12:00

Subject

SERIALNUMBER=200010310013,CN=Insecure.Com LLC,O=Insecure.Com LLC,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

80:33:52:e4:67:8a:3f:cd:44:36:99:0d:5f:46:e6:18:26:d1:1b:68:37:71:35:be:c6:85:e9:f2:6a:58:12:39
Signer

Actual PE Digest

80:33:52:e4:67:8a:3f:cd:44:36:99:0d:5f:46:e6:18:26:d1:1b:68:37:71:35:be:c6:85:e9:f2:6a:58:12:39

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetShortPathNameA
GetFullPathNameA
MoveFileA
GetLastError
SetCurrentDirectoryA
GetFileAttributesA
SearchPathA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
CompareFileTime
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrcatA
GetSystemDirectoryA
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetTempPathA
GetWindowsDirectoryA
GetProcAddress
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
SetFilePointer
ReadFile
WriteFile
GetPrivateProfileStringA
WritePrivateProfileStringA
MultiByteToWideChar
FreeLibrary
MulDiv
LoadLibraryExA
GetModuleHandleA

user32

GetWindowRect
EnableMenuItem
GetSystemMenu
ScreenToClient
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SystemParametersInfoA
RegisterClassA
EndDialog
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
SetTimer
OpenClipboard
SetWindowTextA
GetDC
LoadImageA
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
SetClipboardData
EmptyClipboard
DestroyWindow
ExitWindowsEx
SetForegroundWindow
PostQuitMessage
CreateDialogParamA

gdi32

SelectObject
SetTextColor
SetBkMode
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegDeleteValueA
SetFileSecurityA
RegOpenKeyExA
RegDeleteKeyA
RegEnumValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_Destroy
ord17
ImageList_AddMasked

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

738dc9bb91549f627cf1953c2000e1d6

Code Sign

ee:6d:f2:fc:b5:4a:8b:58:0c:72:af:81:b4:64:47:1a
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

06/11/2019, 00:00

Not After

05/11/2022, 23:59

Subject

SERIALNUMBER=200010310013,CN=Insecure.Com LLC,O=Insecure.Com LLC,POSTALCODE=98104-2205,STREET=113 Cherry St #1337,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/12/2014, 00:00

Not After

02/12/2029, 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:76:e2:23:e1:ed:ec:62:c9:50:78:71:8d:ac:be:b6:44:0c:6f:27:cb:1c:b7:74:f8:f8:fd:7f:d6:c9:8e:e9
Signer

Actual PE Digest

79:76:e2:23:e1:ed:ec:62:c9:50:78:71:8d:ac:be:b6:44:0c:6f:27:cb:1c:b7:74:f8:f8:fd:7f:d6:c9:8e:e9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentDirectoryA
MultiByteToWideChar
SetCurrentDirectoryA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalAlloc
GlobalUnlock
GlobalLock

user32

GetDlgCtrlID
CloseClipboard
GetClipboardData
MapWindowPoints
LoadCursorA
GetClientRect
SetWindowRgn
LoadIconA
GetWindowLongA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
SetCursor
PtInRect
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
EnableMenuItem
DrawTextA
GetSystemMenu
OpenClipboard
LoadImageA

gdi32

SetTextColor
DeleteObject
CombineRgn
CreateRectRgn
GetDIBits
SelectObject
CreateCompatibleDC
GetObjectA

shell32

SHGetPathFromIDListA
ShellExecuteA
SHBrowseForFolderA
SHGetDesktopFolder

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SimpleSC.dll
.dll windows:4 windows x86 arch:x86

Code Sign

ee:6d:f2:fc:b5:4a:8b:58:0c:72:af:81:b4:64:47:1a
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

06/11/2019, 00:00

Not After

05/11/2022, 23:59

Subject

SERIALNUMBER=200010310013,CN=Insecure.Com LLC,O=Insecure.Com LLC,POSTALCODE=98104-2205,STREET=113 Cherry St #1337,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/12/2014, 00:00

Not After

02/12/2029, 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2a:d4:87:31:b0:61:ac:c3:c0:e4:d7:82:5a:1d:cf:7b:ff:ef:be:b6:0d:27:13:35:99:e8:08:73:09:d8:93:72
Signer

Actual PE Digest

2a:d4:87:31:b0:61:ac:c3:c0:e4:d7:82:5a:1d:cf:7b:ff:ef:be:b6:0d:27:13:35:99:e8:08:73:09:d8:93:72

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

ContinueService
ExistsService
GetErrorMessage
GetServiceBinaryPath
GetServiceDelayedAutoStartInfo
GetServiceDescription
GetServiceDisplayName
GetServiceFailure
GetServiceFailureFlag
GetServiceLogon
GetServiceName
GetServiceStartType
GetServiceStatus
GrantServiceLogonPrivilege
InstallService
PauseService
RemoveService
RemoveServiceLogonPrivilege
RestartService
ServiceIsPaused
ServiceIsRunning
ServiceIsStopped
SetServiceBinaryPath
SetServiceDelayedAutoStartInfo
SetServiceDescription
SetServiceFailure
SetServiceFailureFlag
SetServiceLogon
SetServiceStartType
StartService
StopService

Sections

CODE
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 950B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SysRestore.dll
.dll windows:6 windows x86 arch:x86

85e5ccd224baa6cdcd31e3be33a1d2bc

Code Sign

ee:6d:f2:fc:b5:4a:8b:58:0c:72:af:81:b4:64:47:1a
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

06/11/2019, 00:00

Not After

05/11/2022, 23:59

Subject

SERIALNUMBER=200010310013,CN=Insecure.Com LLC,O=Insecure.Com LLC,POSTALCODE=98104-2205,STREET=113 Cherry St #1337,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/12/2014, 00:00

Not After

02/12/2029, 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:6c:36:9c:20:00:fb:a6:94:a3:d8:76:38:34:5d:e6:bc:5a:a3:f2:1e:c4:f8:19:a2:dd:ee:fd:ce:28:1c:c3
Signer

Actual PE Digest

38:6c:36:9c:20:00:fb:a6:94:a3:d8:76:38:34:5d:e6:bc:5a:a3:f2:1e:c4:f8:19:a2:dd:ee:fd:ce:28:1c:c3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
lstrcpyA
lstrcpynA
GetLastError
SetLastError
GetSystemDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryExW
LocalAlloc
LocalFree
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess

user32

wsprintfA

Exports

Exports

FinishRestorePoint
RemoveRestorePoint
StartRestorePoint
StartUnRestorePoint

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 938B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

f2ac1ab587d5531d5f1bf76c094aef4c

Code Sign

ee:6d:f2:fc:b5:4a:8b:58:0c:72:af:81:b4:64:47:1a
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

06/11/2019, 00:00

Not After

05/11/2022, 23:59

Subject

SERIALNUMBER=200010310013,CN=Insecure.Com LLC,O=Insecure.Com LLC,POSTALCODE=98104-2205,STREET=113 Cherry St #1337,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/12/2014, 00:00

Not After

02/12/2029, 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8d:21:79:58:2a:d2:fd:70:ec:a8:a7:c7:8f:49:cc:9b:25:7e:62:da:77:d9:ad:e7:bd:7a:a0:3b:cb:7f:80:9f
Signer

Actual PE Digest

8d:21:79:58:2a:d2:fd:70:ec:a8:a7:c7:8f:49:cc:9b:25:7e:62:da:77:d9:ad:e7:bd:7a:a0:3b:cb:7f:80:9f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
GlobalAlloc
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 510B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/final.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

8abe046ef411de4d3e6e831b6b1ee264

Code Sign

ee:6d:f2:fc:b5:4a:8b:58:0c:72:af:81:b4:64:47:1a
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

06/11/2019, 00:00

Not After

05/11/2022, 23:59

Subject

SERIALNUMBER=200010310013,CN=Insecure.Com LLC,O=Insecure.Com LLC,POSTALCODE=98104-2205,STREET=113 Cherry St #1337,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/12/2014, 00:00

Not After

02/12/2029, 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

dd:bf:5f:d2:36:3b:47:5b:3a:ce:58:90:e6:4e:cd:27:2b:ad:86:df:1a:59:1e:2c:37:11:61:51:6c:28:64:04
Signer

Actual PE Digest

dd:bf:5f:d2:36:3b:47:5b:3a:ce:58:90:e6:4e:cd:27:2b:ad:86:df:1a:59:1e:2c:37:11:61:51:6c:28:64:04

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
Sleep
TerminateProcess
lstrcpyA
lstrcpynA
GlobalReAlloc
GetExitCodeProcess
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
GetProcAddress
GetModuleHandleA
lstrcmpiA
lstrlenA
GetCurrentProcess
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
DeleteFileA
GlobalLock
lstrcatA

user32

SendMessageA
OemToCharBuffA
FindWindowExA
CharNextA
wsprintfA
CharPrevA

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 410B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/options.ini
DiagReport.bat
.bat .vbs
DiagReport.ps1
FixInstall.bat
LICENSE
NpcapHelper.exe
.exe windows:6 windows x86 arch:x86

56a29ee32c45f19895b1e6f87646a0ba

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:25:63:14:06:9e:7e:6a:88:cb:82:30:75:c0:d9:c9
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/05/2020, 00:00

Not After

07/05/2021, 12:00

Subject

SERIALNUMBER=200010310013,CN=Insecure.Com LLC,O=Insecure.Com LLC,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:64:ca:9d:a5:ab:ef:f1:c6:1f:23:ce:ce:b6:18:b0:1a:31:2a:53:77:49:3e:ec:e2:c3:de:5c:4a:03:49:26
Signer

Actual PE Digest

79:64:ca:9d:a5:ab:ef:f1:c6:1f:23:ce:ce:b6:18:b0:1a:31:2a:53:77:49:3e:ec:e2:c3:de:5c:4a:03:49:26

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\nmap\Source\Repos\npcap\packetWin7\vs14\Release\NpcapHelper.pdb

Imports

kernel32

GetLastError
CreateFileA
CloseHandle
CreateThread
OpenProcess
GetProcessHeap
ConnectNamedPipe
FlushFileBuffers
CreateFileW
DisconnectNamedPipe
DuplicateHandle
TerminateProcess
WriteFile
GetCurrentProcess
HeapFree
CreateNamedPipeA
HeapAlloc
ReadFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
GetStdHandle
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
CompareStringW
LCMapStringW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
HeapSize
HeapReAlloc
GetConsoleOutputCP
DecodePointer
WriteConsoleW

advapi32

IsValidSid
OpenProcessToken
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
AddAccessAllowedAce
GetTokenInformation
SetSecurityDescriptorDacl

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Packet.dll
.dll windows:6 windows x86 arch:x86

c32f23f62c3e927bb603b2fec6e876ed

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:25:63:14:06:9e:7e:6a:88:cb:82:30:75:c0:d9:c9
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/05/2020, 00:00

Not After

07/05/2021, 12:00

Subject

SERIALNUMBER=200010310013,CN=Insecure.Com LLC,O=Insecure.Com LLC,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bd:11:9e:5a:4c:81:db:77:d5:ca:e0:28:bf:5a:01:a7:7a:12:85:75:5a:89:90:ae:b7:25:e7:91:06:ac:90:6f
Signer

Actual PE Digest

bd:11:9e:5a:4c:81:db:77:d5:ca:e0:28:bf:5a:01:a7:7a:12:85:75:5a:89:90:ae:b7:25:e7:91:06:ac:90:6f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\nmap\Source\Repos\npcap\packetWin7\vs14\Release\Packet.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

inet_pton
InetPtonW

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo

kernel32

GlobalReAlloc
InitializeCriticalSectionEx
GetLastError
RaiseException
DecodePointer
DeleteCriticalSection
ReadFile
GetModuleFileNameA
SetNamedPipeHandleState
SetLastError
GetFullPathNameW
WriteFile
DeviceIoControl
GetModuleFileNameW
CreateMutexW
GlobalAlloc
CreateEventW
MultiByteToWideChar
GlobalLock
CreateFileA
SetEvent
QueryPerformanceFrequency
CloseHandle
LoadLibraryW
GetProcAddress
GetCurrentProcessId
FreeLibrary
WideCharToMultiByte
QueryPerformanceCounter
ReleaseMutex
WaitForSingleObject
GlobalHandle
GlobalUnlock
Sleep
GlobalFree
GetConsoleOutputCP
GetConsoleMode
GetProcessHeap
CreateFileW
HeapSize
WriteConsoleW
GetSystemDirectoryW
LCMapStringW
FlushFileBuffers
SetStdHandle
GetStringTypeW
SetFilePointerEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
InterlockedFlushSList
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc

advapi32

QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
AllocateAndInitializeSid
ControlService
FreeSid
StartServiceW
CheckTokenMembership
RegOpenKeyExA
OpenServiceA
RegCloseKey
RegEnumKeyW
RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW

shell32

ShellExecuteExA

shlwapi

PathFileExistsA

Exports

Exports

PacketAllocatePacket
PacketCloseAdapter
PacketFreePacket
PacketGetAdapterNames
PacketGetAirPcapHandle
PacketGetDriverName
PacketGetDriverVersion
PacketGetMonitorMode
PacketGetNetInfoEx
PacketGetNetType
PacketGetReadEvent
PacketGetStats
PacketGetStatsEx
PacketGetTimestampModes
PacketGetVersion
PacketInitPacket
PacketIsDumpEnded
PacketIsLoopbackAdapter
PacketIsMonitorModeSupported
PacketLibraryVersion
PacketOpenAdapter
PacketReceivePacket
PacketRequest
PacketSendPacket
PacketSendPackets
PacketSetBpf
PacketSetBuff
PacketSetDumpLimits
PacketSetDumpName
PacketSetHwFilter
PacketSetLoopbackBehavior
PacketSetMinToCopy
PacketSetMode
PacketSetMonitorMode
PacketSetNumWrites
PacketSetReadTimeout
PacketSetSnapLen
PacketSetTimestampMode
PacketStopDriver

Sections

.text
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WlanHelper.exe
.exe windows:6 windows x86 arch:x86

f80d7719c04f12a0b7416e5c7e5c32e0

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:25:63:14:06:9e:7e:6a:88:cb:82:30:75:c0:d9:c9
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/05/2020, 00:00

Not After

07/05/2021, 12:00

Subject

SERIALNUMBER=200010310013,CN=Insecure.Com LLC,O=Insecure.Com LLC,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

25:76:0c:c0:ac:80:0f:9e:5a:d3:1e:59:bc:bd:b0:8d:46:f8:a6:3e:2c:72:85:37:19:68:73:c6:32:33:03:02
Signer

Actual PE Digest

25:76:0c:c0:ac:80:0f:9e:5a:d3:1e:59:bc:bd:b0:8d:46:f8:a6:3e:2c:72:85:37:19:68:73:c6:32:33:03:02

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\nmap\Source\Repos\npcap\packetWin7\vs14\Release\WlanHelper.pdb

Imports

rpcrt4

RpcStringFreeW
UuidToStringW

wlanapi

WlanFreeMemory
WlanEnumInterfaces
WlanQueryInterface
WlanOpenHandle
WlanSetInterface
WlanCloseHandle

kernel32

GetStdHandle
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
GlobalHandle
FormatMessageW
GetLastError
GlobalAlloc
GlobalFree
LoadLibraryW
GetProcAddress
GlobalLock
LocalFree
FreeLibrary
WideCharToMultiByte
GlobalUnlock
UnhandledExceptionFilter
ReadConsoleW
SetConsoleTitleW
IsProcessorFeaturePresent
IsDebuggerPresent

msvcp140

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

vcruntime140

__current_exception
__current_exception_context
_except_handler4_common
__std_exception_copy
__std_exception_destroy
memcpy
_CxxThrowException
__CxxFrameHandler3
memset
memmove

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__stdio_common_vsprintf_s
__acrt_iob_func
_pclose
__stdio_common_vswprintf_s
feof
fgetws
_wpopen
__p__commode
__stdio_common_vfwprintf
__stdio_common_vswscanf
_putws

api-ms-win-crt-convert-l1-1-0

_wtoi
_itow_s

api-ms-win-crt-string-l1-1-0

tolower

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_crt_atexit
_invalid_parameter_noinfo_noreturn
_seh_filter_exe
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_initterm
_initterm_e
exit
_exit
_set_app_type
__p___argc
_controlfp_s
_c_exit
_register_thread_local_exe_atexit_callback
_wsystem
_cexit
terminate
__p___wargv

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
npcap.cat
npcap.inf
npcap.sys
.sys windows:10 windows x86 arch:x86

ad78d21533b3b7883dfc743e073ef782

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:25:63:14:06:9e:7e:6a:88:cb:82:30:75:c0:d9:c9
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/05/2020, 00:00

Not After

07/05/2021, 12:00

Subject

SERIALNUMBER=200010310013,CN=Insecure.Com LLC,O=Insecure.Com LLC,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:3a:6a:e3:33:70:8f:da:7a:7b:00:00:00:00:00:3a
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/03/2020, 17:31

Not After

05/03/2021, 17:31

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f6:dd:7b:72:24:ec:c0:8d:43:fd:b3:1d:9c:4d:f9:e0:88:d8:92:83:01:dc:8b:89:29:81:77:4a:94:81:8a:ea
Signer

Actual PE Digest

f6:dd:7b:72:24:ec:c0:8d:43:fd:b3:1d:9c:4d:f9:e0:88:d8:92:83:01:dc:8b:89:29:81:77:4a:94:81:8a:ea

Digest Algorithm

sha256

PE Digest Matches

true

f6:dd:7b:72:24:ec:c0:8d:43:fd:b3:1d:9c:4d:f9:e0:88:d8:92:83:01:dc:8b:89:29:81:77:4a:94:81:8a:ea
Signer

Actual PE Digest

f6:dd:7b:72:24:ec:c0:8d:43:fd:b3:1d:9c:4d:f9:e0:88:d8:92:83:01:dc:8b:89:29:81:77:4a:94:81:8a:ea

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\nmap\Source\Repos\npcap\packetWin7\vs14\Win10 Release\npcap.pdb

Imports

ntoskrnl.exe

RtlSetDaclSecurityDescriptor
memcpy
IoDeviceObjectType
ZwSetValueKey
ZwCreateKey
RtlFreeUnicodeString
ZwSetSecurityObject
RtlUnwind
_allmul
MmBuildMdlForNonPagedPool
ExfInterlockedInsertTailList
KeClearEvent
ExfInterlockedRemoveHeadList
ExfInterlockedInsertHeadList
ZwOpenKey
InterlockedPopEntrySList
KeResetEvent
ZwClose
IoCreateSymbolicLink
ExEventObjectType
ExInitializeLookasideListEx
KeQuerySystemTime
IoIsWdmVersionAvailable
MmGetSystemRoutineAddress
RtlGetVersion
ObReferenceObjectByHandle
IoDeleteSymbolicLink
RtlCopyUnicodeString
IoDeleteDevice
RtlInitUnicodeString
RtlCheckRegistryKey
RtlAppendUnicodeStringToString
ExDeleteLookasideListEx
KeDelayExecutionThread
RtlCompareMemory
InterlockedPushEntrySList
IofCompleteRequest
ExFreePoolWithTag
KefAcquireSpinLockAtDpcLevel
ExAllocatePoolWithTag
KefReleaseSpinLockFromDpcLevel
KeInitializeSpinLock
ObfDereferenceObject
RtlAppendUnicodeToString
IoGetRequestorProcessId
RtlLengthSid
RtlAddAccessAllowedAce
RtlAbsoluteToSelfRelativeSD
wcschr
_wcsnicmp
RtlCreateSecurityDescriptor
SeExports
RtlLengthSecurityDescriptor
_snwprintf
SeCaptureSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetDaclSecurityDescriptor
ObOpenObjectByPointer
ZwQueryValueKey
IoCreateDevice
KeWaitForSingleObject
KeInitializeEvent
IoAllocateIrp
IoFreeIrp
KeSetEvent
MmProbeAndLockPages
MmUnlockPages
memset
MmMapLockedPagesSpecifyCache
_alldiv
_allrem

ndis.sys

NdisInitializeEvent
NdisFreeNetBufferList
NdisRetreatNetBufferListDataStart
NdisFreeMdl
NdisAllocateMdl
NdisFSendNetBufferListsComplete
NdisFIndicateReceiveNetBufferLists
NdisFSendNetBufferLists
NdisFDeregisterFilterDriver
NdisFRegisterFilterDriver
NdisFIndicateStatus
NdisReleaseRWLock
NdisFreeNetBufferListPool
NdisAcquireRWLockRead
NdisAcquireRWLockWrite
NdisSetEvent
NdisWaitEvent
NdisFCancelOidRequest
NdisFOidRequest
NdisFreeRWLock
NdisFOidRequestComplete
NdisAdvanceNetBufferListDataStart
NdisFCancelSendNetBufferLists
NdisFDevicePnPEventNotify
NdisResetEvent
NdisAllocateNetBufferListPool
NdisAllocateCloneOidRequest
NdisFNetPnPEvent
NdisAllocateRWLock
NdisFReturnNetBufferLists
NdisFSetAttributes
NdisFreeCloneOidRequest
NdisFreeNetBuffer
NdisAllocateMemoryWithTagPriority
NdisFreeMemory
NdisAllocateNetBuffer
NdisGetDataBuffer
NdisAllocateNetBufferAndNetBufferList

fwpkclnt.sys

FwpsAllocateCloneNetBufferList0
FwpmEngineClose0
FwpmFilterAdd0
FwpmCalloutAdd0
FwpsFreeCloneNetBufferList0
FwpsCalloutRegister2
FwpmTransactionAbort0
FwpmTransactionBegin0
FwpsInjectionHandleCreate0
FwpmEngineOpen0
FwpsInjectNetworkSendAsync0
FwpsInjectionHandleDestroy0
FwpmSubLayerAdd0
FwpmTransactionCommit0
FwpsQueryPacketInjectionState0
FwpsCalloutUnregisterById0

netio.sys

WskCaptureProviderNPI
WskReleaseProviderNPI
WskDeregister
WskRegister

hal

KeQueryPerformanceCounter
KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wpcap.dll
.dll windows:6 windows x86 arch:x86

0eea9165117f4b0b41ada88aaa4d34ad

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:25:63:14:06:9e:7e:6a:88:cb:82:30:75:c0:d9:c9
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/05/2020, 00:00

Not After

07/05/2021, 12:00

Subject

SERIALNUMBER=200010310013,CN=Insecure.Com LLC,O=Insecure.Com LLC,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5a:31:ad:38:ad:de:88:9e:db:45:85:ac:df:86:32:40:f0:69:a2:da:c5:1f:3f:9d:83:77:80:6d:7f:3f:11:ad
Signer

Actual PE Digest

5a:31:ad:38:ad:de:88:9e:db:45:85:ac:df:86:32:40:f0:69:a2:da:c5:1f:3f:9d:83:77:80:6d:7f:3f:11:ad

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\nmap\Source\Repos\npcap\wpcap\build-win32\run\Release\wpcap.pdb

Imports

packet

PacketSetMinToCopy
PacketCloseAdapter
PacketIsDumpEnded
PacketSetDumpLimits
PacketSetDumpName
PacketGetReadEvent
PacketRequest
PacketGetNetInfoEx
PacketGetAdapterNames
PacketSetHwFilter
PacketReceivePacket
PacketInitPacket
PacketSendPackets
PacketSendPacket
PacketOpenAdapter
PacketGetMonitorMode
PacketSetMonitorMode
PacketIsMonitorModeSupported
PacketIsLoopbackAdapter
PacketGetNetType
PacketSetBuff
PacketGetStatsEx
PacketGetStats
PacketSetLoopbackBehavior
PacketSetBpf
PacketSetReadTimeout
PacketSetMode
PacketGetVersion

ws2_32

ntohl
socket
shutdown
send
recv
listen
connect
bind
getnameinfo
getaddrinfo
setsockopt
select
getsockopt
getsockname
getpeername
closesocket
accept
WSACleanup
WSAStartup
WSAGetLastError
WSASetLastError
getprotobyname
getservbyname
getservbyport
gethostbyname
gethostbyaddr
inet_ntoa
inet_addr
htons
freeaddrinfo
htonl
ntohs

kernel32

GetCurrentProcess
WriteConsoleW
SetEndOfFile
HeapSize
CreateFileW
GetStringTypeW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetFileSizeEx
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
ReadConsoleW
GetConsoleMode
WriteFile
SetFilePointerEx
GetStdHandle
LCMapStringW
HeapFree
HeapAlloc
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
ReadFile
GetFileType
SetStdHandle
CloseHandle
RaiseException
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
RtlUnwind
FormatMessageA
GetSystemDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
GetLastError
GetVersion
FindClose
FindFirstFileA
FindNextFileA
InterlockedFlushSList
UnhandledExceptionFilter
SetUnhandledExceptionFilter
DecodePointer
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead

Exports

Exports

bpf_dump
bpf_filter
bpf_image
bpf_validate
eproto_db
pcap_activate
pcap_breakloop
pcap_bufsize
pcap_can_set_rfmon
pcap_close
pcap_compile
pcap_compile_nopcap
pcap_create
pcap_createsrcstr
pcap_datalink
pcap_datalink_ext
pcap_datalink_name_to_val
pcap_datalink_val_to_description
pcap_datalink_val_to_description_or_dlt
pcap_datalink_val_to_name
pcap_dispatch
pcap_dump
pcap_dump_close
pcap_dump_file
pcap_dump_flush
pcap_dump_ftell
pcap_dump_ftell64
pcap_dump_hopen
pcap_dump_open
pcap_dump_open_append
pcap_ether_aton
pcap_ether_hostton
pcap_file
pcap_fileno
pcap_findalldevs
pcap_findalldevs_ex
pcap_free_datalinks
pcap_free_tstamp_types
pcap_freealldevs
pcap_freecode
pcap_get_airpcap_handle
pcap_get_tstamp_precision
pcap_geterr
pcap_getevent
pcap_getnonblock
pcap_hopen_offline
pcap_hopen_offline_with_tstamp_precision
pcap_inject
pcap_is_swapped
pcap_lib_version
pcap_list_datalinks
pcap_list_tstamp_types
pcap_live_dump
pcap_live_dump_ended
pcap_lookupdev
pcap_lookupnet
pcap_loop
pcap_major_version
pcap_minor_version
pcap_nametoaddr
pcap_nametoaddrinfo
pcap_nametoeproto
pcap_nametollc
pcap_nametonetaddr
pcap_nametoport
pcap_nametoportrange
pcap_nametoproto
pcap_next
pcap_next_etherent
pcap_next_ex
pcap_offline_filter
pcap_oid_get_request
pcap_oid_set_request
pcap_open
pcap_open_dead
pcap_open_dead_with_tstamp_precision
pcap_open_live
pcap_open_offline
pcap_open_offline_with_tstamp_precision
pcap_parsesrcstr
pcap_perror
pcap_remoteact_accept
pcap_remoteact_cleanup
pcap_remoteact_close
pcap_remoteact_list
pcap_sendpacket
pcap_sendqueue_alloc
pcap_sendqueue_destroy
pcap_sendqueue_queue
pcap_sendqueue_transmit
pcap_set_buffer_size
pcap_set_datalink
pcap_set_immediate_mode
pcap_set_promisc
pcap_set_rfmon
pcap_set_snaplen
pcap_set_timeout
pcap_set_tstamp_precision
pcap_set_tstamp_type
pcap_setbuff
pcap_setdirection
pcap_setfilter
pcap_setmintocopy
pcap_setmode
pcap_setnonblock
pcap_setsampling
pcap_setuserbuffer
pcap_snapshot
pcap_stats
pcap_stats_ex
pcap_statustostr
pcap_strerror
pcap_tstamp_type_name_to_val
pcap_tstamp_type_val_to_description
pcap_tstamp_type_val_to_name
pcap_version
pcap_wsockinit

Sections

.text
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/pomqc3.dll
.dll windows:5 windows x86 arch:x86

227910cfacfe1c59467a7fc01c7bdff8

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:e1:2d:af:eb:bc:98:9e:4c:f1:72:a6:43:f4:09:13:e0:67:54:e5:50:5f:41:f9:d1:c4:39:c5:3b:16:f6:5c
Signer

Actual PE Digest

11:e1:2d:af:eb:bc:98:9e:4c:f1:72:a6:43:f4:09:13:e0:67:54:e5:50:5f:41:f9:d1:c4:39:c5:3b:16:f6:5c

Digest Algorithm

sha256

PE Digest Matches

true

23:eb:9d:6a:56:38:0f:ad:b9:48:0d:b1:71:8c:5e:bc:9b:2f:08:1a
Signer

Actual PE Digest

23:eb:9d:6a:56:38:0f:ad:b9:48:0d:b1:71:8c:5e:bc:9b:2f:08:1a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\po\trunk\modules\pomqc3\Release\pomqc3.pdb

Imports

shlwapi

wnsprintfW
wvnsprintfW
wvnsprintfA
SHGetValueA
PathFindFileNameW
StrChrA
SHGetValueW
SHSetValueW
StrCmpNIA
SHSetValueA
wnsprintfA
SHDeleteValueA
PathAppendW
StrStrIA

ws2_32

WSAGetOverlappedResult
setsockopt
WSAGetLastError
htons
WSAWaitForMultipleEvents
send
recv
connect
WSASocketW
WSACreateEvent
WSACloseEvent
closesocket
WSAIoctl
bind
inet_ntoa
inet_addr
WSAStartup
socket

iphlpapi

GetAdaptersInfo

dnsapi

DnsQuery_A
DnsFree

kernel32

VirtualFree
VirtualAlloc
LoadLibraryExW
FreeLibraryAndExitThread
FreeLibrary
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
VirtualProtect
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ReleaseSemaphore
CreateTimerQueueTimer
GetSystemDirectoryW
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
GetProcessAffinityMask
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
InterlockedPopEntrySList
ChangeTimerQueueTimer
InterlockedPushEntrySList
lstrlenW
CreateEventW
GetWindowsDirectoryW
GetCurrentProcessId
lstrcpyA
lstrcpyW
SetLastError
GetModuleFileNameW
GetCurrentThreadId
lstrcmpA
GetModuleHandleA
CreateThread
GetProcAddress
ReadFile
WriteFile
CreateFileW
Sleep
CloseHandle
GetLastError
LoadLibraryW
GetModuleHandleW
CancelIo
HeapFree
EnterCriticalSection
InterlockedFlushSList
GetCurrentProcess
TerminateProcess
LeaveCriticalSection
InitializeCriticalSection
lstrlenA
FindClose
WaitForSingleObject
GetVersionExW
GetACP
CreateToolhelp32Snapshot
MultiByteToWideChar
GetFileAttributesExW
SetEvent
HeapAlloc
Module32FirstW
GetLocalTime
SetFilePointerEx
GetProcessHeap
WideCharToMultiByte
lstrcmpiA
Module32NextW
GetTickCount
DisableThreadLibraryCalls
TerminateThread
DeleteCriticalSection
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DecodePointer
EncodePointer
GetExitCodeThread
GetCurrentThread
WaitForSingleObjectEx
DuplicateHandle
QueryPerformanceCounter
TryEnterCriticalSection
QueryDepthSList
UnregisterWaitEx
RaiseException
RtlUnwind
ExitThread
GetModuleHandleExW
HeapReAlloc
ExitProcess
GetModuleFileNameA
GetStdHandle
GetFileType
GetConsoleMode
ReadConsoleW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
WriteConsoleW
HeapSize
VirtualQuery

user32

MessageBoxA

advapi32

CryptReleaseContext
CryptGenRandom
CryptAcquireContextW

Exports

Exports

InitWinSock22
T
cui_test
mqAlloc
mqClose
mqCreate
mqDel
mqFree
mqGet
mqKeys
mqPublish
mqPublishEx
mqRequest
mqSet
mqSubscribe
mqSupportRequest
mqUnsubscribe
mqUnsupportRequest
mqUnwatch
mqWatch

Sections

.text
Size: 443KB - Virtual size: 442KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/preinst.exe
$TEMP/setuphlpr.dll
.dll windows:5 windows x86 arch:x86

0010c0b64ff91be699a70e82ca44c6c6

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:8d:9d:e5:cb:99:f1:46:4f:8b:0a:ff:3c:73:f7:7d:c2:56:53:4d:a2:b7:a0:6d:1d:c0:64:16:fe:30:db:7d
Signer

Actual PE Digest

58:8d:9d:e5:cb:99:f1:46:4f:8b:0a:ff:3c:73:f7:7d:c2:56:53:4d:a2:b7:a0:6d:1d:c0:64:16:fe:30:db:7d

Digest Algorithm

sha256

PE Digest Matches

true

65:72:fc:ba:59:68:dd:76:a2:2d:fe:d4:e0:8e:f5:79:0b:4d:f9:8d
Signer

Actual PE Digest

65:72:fc:ba:59:68:dd:76:a2:2d:fe:d4:e0:8e:f5:79:0b:4d:f9:8d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\deploy\client\setuphlpr\Release\setuphlpr.pdb

Imports

kernel32

LocalAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateEventW
DeleteFileW
DisableThreadLibraryCalls
MoveFileW
GetModuleFileNameW
lstrcpynW
CloseHandle
lstrcmpiW
Sleep
LoadLibraryW
SetFilePointer
GetCommandLineW
GetWindowsDirectoryW
CreateThread
OutputDebugStringW
GetFileSize
lstrcpyW
LocalFree
Module32NextW
GetModuleHandleW
FreeLibrary
ExitProcess
GetLastError
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetProcAddress
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
InterlockedExchange
LoadLibraryA
GetLocaleInfoW
GetLocaleInfoA
HeapSize
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
CreateFileA
FindFirstFileW
lstrlenA
VirtualQuery
CreateProcessW
GlobalLock
WaitForSingleObject
GetLogicalDrives
InitializeCriticalSection
OpenProcess
GetVersionExW
GetExitCodeProcess
GetFileAttributesW
ReadFile
CreateFileW
lstrcmpW
lstrlenW
GlobalUnlock
GetCurrentDirectoryW
FindClose
GetLocalTime
Process32FirstW
QueryDosDeviceW
Module32FirstW
Process32NextW
GetModuleHandleA
lstrcatW
FindNextFileW
CreateToolhelp32Snapshot
GetFileAttributesExW
OpenEventW
WriteConsoleW

user32

SendDlgItemMessageW
GetDlgItem
SetFocus
DialogBoxIndirectParamW
MessageBoxW
IsWindow
EnumChildWindows
SetDlgItemTextW
GetWindowLongW
GetWindowRect
GetParent
SetWindowLongW
EndDialog
GetDesktopWindow
SendMessageTimeoutW
SendMessageW
MoveWindow
GetForegroundWindow
FindWindowW
LoadIconW
IsWindowEnabled
PostMessageW

iphlpapi

GetAdaptersInfo

shlwapi

wnsprintfW
PathFileExistsW
PathFindFileNameW
StrStrIW
PathAppendW
PathRemoveExtensionW
wvnsprintfW
PathIsDirectoryW
PathRemoveFileSpecW
SHSetValueA
StrChrW
SHGetValueW
StrCmpNIW
SHSetValueW
wnsprintfA
wvnsprintfA
StrRChrW
SHDeleteValueA

ws2_32

ntohl
WSAStartup

psapi

GetProcessImageFileNameW

dnsapi

DnsFree
DnsQuery_A

advapi32

SetSecurityDescriptorDacl
AllocateAndInitializeSid
SetEntriesInAclW
CloseServiceHandle
OpenProcessToken
DeleteService
OpenSCManagerW
OpenServiceW
RegCreateKeyExW
InitializeSecurityDescriptor
LookupPrivilegeValueW
RegCloseKey
AdjustTokenPrivileges
RegEnumKeyExW
RegOpenKeyExW
RegSetKeySecurity
FreeSid

shell32

CommandLineToArgvW
ord165

ole32

CreateStreamOnHGlobal
CoInitializeEx
CoCreateGuid
CoCreateInstance
GetHGlobalFromStream

oleaut32

SysFreeString
VariantChangeType
VariantInit
VariantClear
SysAllocString

Exports

Exports

CheckInstallEnv
CheckInstallEnvSilent
InstallPcap
IsDot1xInstaller
IsPcapInstalled
IsWindow7
OnInstallSuccess
ParseInstallerName
PreInstall
PreStartService

Sections

.text
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/winpcap_inst.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

14:02:ae:ef:0d:31:be:74:3e:73:f6:a7:a9:60:c4:f4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/09/2012, 00:00

Not After

27/10/2015, 23:59

Subject

CN=Riverbed Technology\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Marketing,O=Riverbed Technology\, Inc.,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

be:72:38:f0:32:8c:16:3b:2e:d9:97:ba:f7:42:66:0c:3b:6b:63:df
Signer

Actual PE Digest

be:72:38:f0:32:8c:16:3b:2e:d9:97:ba:f7:42:66:0c:3b:6b:63:df

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/bootOptions.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$SYSDIR/Packet.dll
.dll windows:4 windows x86 arch:x86

19fa7010cacd16ef346ea8bbc2e8b999

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

14:02:ae:ef:0d:31:be:74:3e:73:f6:a7:a9:60:c4:f4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/09/2012, 00:00

Not After

27/10/2015, 23:59

Subject

CN=Riverbed Technology\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Marketing,O=Riverbed Technology\, Inc.,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

86:ca:55:b7:f9:4a:c7:29:69:93:49:93:a7:2a:43:b4:e9:30:f5:a5
Signer

Actual PE Digest

86:ca:55:b7:f9:4a:c7:29:69:93:49:93:a7:2a:43:b4:e9:30:f5:a5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\releases\winpcap_4_1_3\winpcap\packetNtx\Dll\Project\Release\x86\Packet.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

npptools

SetBoolInBlob
DestroyBlob
CreateBlob
CreateNPPInterface
GetNPPBlobTable

ws2_32

inet_addr

iphlpapi

GetAdaptersInfo

kernel32

GlobalFree
GlobalAlloc
GlobalHandle
ReleaseMutex
GlobalLock
WaitForSingleObject
GlobalUnlock
QueryPerformanceCounter
CreateEventW
SetEvent
DeviceIoControl
GetModuleHandleW
WriteFile
QueryPerformanceFrequency
GetSystemDirectoryW
WideCharToMultiByte
CloseHandle
GetVersion
GetStringTypeW
ReadFile
GetFullPathNameW
GetModuleFileNameW
MultiByteToWideChar
CreateFileA
GetLastError
SetLastError
CreateMutexW
GetProcAddress
InitializeCriticalSection
Sleep
GetVersionExW
LeaveCriticalSection
EnterCriticalSection
ResetEvent
DeleteCriticalSection
OutputDebugStringA
GetSystemTimeAsFileTime
GetLocaleInfoA
HeapSize
FlushFileBuffers
LoadLibraryW
GetCurrentThreadId
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
GetTickCount
GetCurrentProcessId
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
VirtualAlloc
HeapReAlloc
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP

advapi32

QueryServiceStatus
StartServiceW
OpenServiceA
RegOpenKeyExA
CreateServiceA
ControlService
OpenSCManagerW
RegEnumKeyW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegQueryValueExA
CloseServiceHandle

ole32

CoUninitialize
CoInitializeEx
CoInitialize

Exports

Exports

PacketAllocatePacket
PacketCloseAdapter
PacketFreePacket
PacketGetAdapterNames
PacketGetAirPcapHandle
PacketGetDriverVersion
PacketGetNetInfoEx
PacketGetNetType
PacketGetReadEvent
PacketGetStats
PacketGetStatsEx
PacketGetVersion
PacketInitPacket
PacketIsDumpEnded
PacketLibraryVersion
PacketOpenAdapter
PacketReceivePacket
PacketRequest
PacketSendPacket
PacketSendPackets
PacketSetBpf
PacketSetBuff
PacketSetDumpLimits
PacketSetDumpName
PacketSetHwFilter
PacketSetLoopbackBehavior
PacketSetMinToCopy
PacketSetMode
PacketSetNumWrites
PacketSetReadTimeout
PacketSetSnapLen
PacketStopDriver

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/pthreadVC.dll
.dll windows:4 windows x86 arch:x86

90ee61357770484e2d085958b94141a3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

calloc
_onexit
__dllonexit
_adjust_fdiv
_initterm
exit
longjmp
_setjmp3
_ftime
_endthreadex
_beginthreadex
_errno
malloc
free

wsock32

WSAGetLastError
WSASetLastError

kernel32

GetThreadPriority
Sleep
EnterCriticalSection
TlsFree
TlsAlloc
GetExitCodeThread
ReleaseSemaphore
CreateSemaphoreA
GetCurrentProcessId
OpenProcess
GetLastError
SetThreadPriority
GetProcessAffinityMask
CloseHandle
TlsSetValue
TlsGetValue
SetLastError
InterlockedDecrement
ResetEvent
WaitForSingleObject
SetEvent
ResumeThread
SetThreadContext
GetThreadContext
SuspendThread
LeaveCriticalSection
LoadLibraryA
GetCurrentThreadId
CreateEventA
InterlockedIncrement
DuplicateHandle
GetCurrentThread
GetCurrentProcess
FreeLibrary
WaitForMultipleObjects
InitializeCriticalSection
DeleteCriticalSection
GetProcAddress

Exports

Exports

pthreadCancelableTimedWait
pthreadCancelableWait
pthread_attr_destroy
pthread_attr_getdetachstate
pthread_attr_getinheritsched
pthread_attr_getschedparam
pthread_attr_getschedpolicy
pthread_attr_getscope
pthread_attr_getstackaddr
pthread_attr_getstacksize
pthread_attr_init
pthread_attr_setdetachstate
pthread_attr_setinheritsched
pthread_attr_setschedparam
pthread_attr_setschedpolicy
pthread_attr_setscope
pthread_attr_setstackaddr
pthread_attr_setstacksize
pthread_barrier_destroy
pthread_barrier_init
pthread_barrier_wait
pthread_barrierattr_destroy
pthread_barrierattr_getpshared
pthread_barrierattr_init
pthread_barrierattr_setpshared
pthread_cancel
pthread_cond_broadcast
pthread_cond_destroy
pthread_cond_init
pthread_cond_signal
pthread_cond_timedwait
pthread_cond_wait
pthread_condattr_destroy
pthread_condattr_getpshared
pthread_condattr_init
pthread_condattr_setpshared
pthread_create
pthread_delay_np
pthread_detach
pthread_equal
pthread_exit
pthread_getconcurrency
pthread_getschedparam
pthread_getspecific
pthread_getw32threadhandle_np
pthread_join
pthread_key_create
pthread_key_delete
pthread_kill
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_timedlock
pthread_mutex_trylock
pthread_mutex_unlock
pthread_mutexattr_destroy
pthread_mutexattr_getkind_np
pthread_mutexattr_getpshared
pthread_mutexattr_gettype
pthread_mutexattr_init
pthread_mutexattr_setkind_np
pthread_mutexattr_setpshared
pthread_mutexattr_settype
pthread_num_processors_np
pthread_once
pthread_rwlock_destroy
pthread_rwlock_init
pthread_rwlock_rdlock
pthread_rwlock_timedrdlock
pthread_rwlock_timedwrlock
pthread_rwlock_tryrdlock
pthread_rwlock_trywrlock
pthread_rwlock_unlock
pthread_rwlock_wrlock
pthread_rwlockattr_destroy
pthread_rwlockattr_getpshared
pthread_rwlockattr_init
pthread_rwlockattr_setpshared
pthread_self
pthread_setcancelstate
pthread_setcanceltype
pthread_setconcurrency
pthread_setschedparam
pthread_setspecific
pthread_spin_destroy
pthread_spin_init
pthread_spin_lock
pthread_spin_trylock
pthread_spin_unlock
pthread_testcancel
pthread_timechange_handler_np
pthread_win32_process_attach_np
pthread_win32_process_detach_np
pthread_win32_thread_attach_np
pthread_win32_thread_detach_np
ptw32_get_exception_services_code
ptw32_pop_cleanup
ptw32_push_cleanup
sched_get_priority_max
sched_get_priority_min
sched_getscheduler
sched_setscheduler
sched_yield
sem_close
sem_destroy
sem_getvalue
sem_init
sem_open
sem_post
sem_post_multiple
sem_timedwait
sem_trywait
sem_unlink
sem_wait

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/wpcap.dll
.dll windows:4 windows x86 arch:x86

10dce091d63eed72dc0010ebc8838f6a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

14:02:ae:ef:0d:31:be:74:3e:73:f6:a7:a9:60:c4:f4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/09/2012, 00:00

Not After

27/10/2015, 23:59

Subject

CN=Riverbed Technology\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Marketing,O=Riverbed Technology\, Inc.,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cf:62:51:f0:27:45:ec:8f:43:5a:c8:f8:39:3a:ab:b8:9f:42:52:b7
Signer

Actual PE Digest

cf:62:51:f0:27:45:ec:8f:43:5a:c8:f8:39:3a:ab:b8:9f:42:52:b7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\releases\winpcap_4_1_3\winpcap\wpcap\PRJ\Release\x86\wpcap.pdb

Imports

ws2_32

WSACleanup
ntohl
gethostbyname
htons
gethostbyaddr
WSAGetLastError
htonl
getservbyname
inet_addr
getservbyport
inet_ntoa
WSASetLastError
getprotobyname
accept
closesocket
getpeername
getsockopt
setsockopt
getsockname
select
WSAStartup
shutdown
connect
listen
send
socket
bind
ntohs
recv

packet

PacketGetNetInfoEx
PacketGetAdapterNames
PacketSetMinToCopy
PacketSetLoopbackBehavior
PacketSetHwFilter
PacketGetStats
PacketSendPacket
PacketSetReadTimeout
PacketReceivePacket
PacketSetMode
PacketOpenAdapter
PacketSetBpf
PacketAllocatePacket
PacketInitPacket
PacketCloseAdapter
PacketFreePacket
PacketGetNetType
PacketSetBuff
PacketGetVersion
PacketSetDumpName
PacketSendPackets
PacketIsDumpEnded
PacketGetReadEvent
PacketSetDumpLimits
PacketGetAirPcapHandle
PacketGetStatsEx

kernel32

SetUnhandledExceptionFilter
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ReadFile
MultiByteToWideChar
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
HeapSize
SetFilePointer
CloseHandle
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetModuleFileNameA
WriteFile
DeleteCriticalSection
GetLastError
GetSystemDirectoryA
FreeLibrary
GetProcAddress
EnterCriticalSection
LoadLibraryA
LeaveCriticalSection
GetVersion
FindNextFileA
FormatMessageA
FindFirstFileA
FindClose
InterlockedExchange
SetLastError
InterlockedCompareExchange
Sleep
InitializeCriticalSection
UnhandledExceptionFilter
HeapFree
HeapAlloc
RtlUnwind
SetStdHandle
GetFileType
HeapReAlloc
GetModuleHandleA
ExitProcess
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetStartupInfoA

Exports

Exports

bpf_dump
bpf_filter
bpf_image
bpf_validate
endservent
eproto_db
getservent
install_bpf_program
pcap_activate
pcap_breakloop
pcap_close
pcap_compile
pcap_compile_nopcap
pcap_create
pcap_createsrcstr
pcap_datalink
pcap_datalink_name_to_val
pcap_datalink_val_to_description
pcap_datalink_val_to_name
pcap_dispatch
pcap_dump
pcap_dump_close
pcap_dump_file
pcap_dump_flush
pcap_dump_ftell
pcap_dump_open
pcap_file
pcap_fileno
pcap_findalldevs
pcap_findalldevs_ex
pcap_free_datalinks
pcap_freealldevs
pcap_freecode
pcap_get_airpcap_handle
pcap_geterr
pcap_getevent
pcap_getnonblock
pcap_hopen_offline
pcap_is_swapped
pcap_lib_version
pcap_list_datalinks
pcap_live_dump
pcap_live_dump_ended
pcap_lookupdev
pcap_lookupnet
pcap_loop
pcap_major_version
pcap_minor_version
pcap_next
pcap_next_etherent
pcap_next_ex
pcap_offline_filter
pcap_offline_read
pcap_open
pcap_open_dead
pcap_open_live
pcap_open_offline
pcap_parsesrcstr
pcap_perror
pcap_read
pcap_remoteact_accept
pcap_remoteact_cleanup
pcap_remoteact_close
pcap_remoteact_list
pcap_sendpacket
pcap_sendqueue_alloc
pcap_sendqueue_destroy
pcap_sendqueue_queue
pcap_sendqueue_transmit
pcap_set_buffer_size
pcap_set_datalink
pcap_set_promisc
pcap_set_snaplen
pcap_set_timeout
pcap_setbuff
pcap_setdirection
pcap_setfilter
pcap_setmintocopy
pcap_setmode
pcap_setnonblock
pcap_setsampling
pcap_setuserbuffer
pcap_snapshot
pcap_stats
pcap_stats_ex
pcap_strerror
wsockinit

Sections

.text
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinPcapInstall.dll
.dll windows:4 windows x86 arch:x86

ad1fff2efc5a1aa2884d5c780a51aa99

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

14:02:ae:ef:0d:31:be:74:3e:73:f6:a7:a9:60:c4:f4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/09/2012, 00:00

Not After

27/10/2015, 23:59

Subject

CN=Riverbed Technology\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Marketing,O=Riverbed Technology\, Inc.,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

26:4b:32:ba:02:ff:cd:d6:6e:bf:35:a6:b9:a2:17:e5:f8:50:5e:5e
Signer

Actual PE Digest

26:4b:32:ba:02:ff:cd:d6:6e:bf:35:a6:b9:a2:17:e5:f8:50:5e:5e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\releases\winpcap_4_1_3\winpcap\install\WinPcap Installer Helper\Release\x86\WinPcapInstall.pdb

Imports

kernel32

LoadLibraryA
GetProcAddress
GetCurrentProcess
LoadLibraryExA
GetLastError
Sleep
FormatMessageA
FreeLibrary
GetModuleHandleA
LocalFree
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
CloseHandle
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
SetStdHandle
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CreateFileA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
SetFilePointer
SetEndOfFile
ReadFile
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize

advapi32

OpenSCManagerA
ChangeServiceConfigA
StartServiceA
CreateServiceA
DeleteService
CloseServiceHandle
OpenServiceA
ControlService

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

Exports

Exports

manage_netmon
manage_npf_driver
manage_rpcapd_service

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rpcapd.exe
.exe windows:4 windows x86 arch:x86

2b9e73ff502840fe6b381682c42d43cf

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

14:02:ae:ef:0d:31:be:74:3e:73:f6:a7:a9:60:c4:f4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/09/2012, 00:00

Not After

27/10/2015, 23:59

Subject

CN=Riverbed Technology\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Marketing,O=Riverbed Technology\, Inc.,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:6f:43:de:5d:fa:a5:33:da:d2:7b:2b:a1:91:56:48:59:00:98:7b
Signer

Actual PE Digest

61:6f:43:de:5d:fa:a5:33:da:d2:7b:2b:a1:91:56:48:59:00:98:7b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\releases\winpcap_4_1_3\winpcap\wpcap\libpcap\rpcapd\Release\x86\rpcapd.pdb

Imports

wpcap

install_bpf_program
pcap_compile
pcap_open_offline
pcap_create
pcap_open_live
bpf_validate
pcap_findalldevs
pcap_strerror
pcap_freealldevs
pcap_geterr
pcap_close
pcap_setfilter
pcap_stats
pcap_next_ex

ws2_32

gethostbyaddr
closesocket
WSASetLastError
getsockname
htonl
inet_addr
getservbyname
ntohl
inet_ntoa
ntohs
accept
htons
connect
WSAStartup
shutdown
WSACleanup
recv
bind
socket
send
listen
getservbyport
select
gethostbyname
getpeername
WSAGetLastError

pthreadvc

pthread_attr_init
pthread_attr_setdetachstate
pthread_exit
pthread_cancel
pthread_attr_destroy
pthread_setcancelstate
pthread_setcanceltype
pthread_create

packet

PacketSetMinToCopy
PacketSetLoopbackBehavior

kernel32

GetConsoleOutputCP
WriteConsoleA
HeapSize
FlushFileBuffers
SetStdHandle
CreateFileA
ReadFile
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSection
WriteConsoleW
RtlUnwind
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
WriteFile
HeapReAlloc
VirtualAlloc
DeleteCriticalSection
VirtualFree
HeapCreate
HeapDestroy
GetCurrentThreadId
SetLastError
TlsFree
GetSystemDirectoryA
FormatMessageA
GetLastError
FreeLibrary
GetProcAddress
CloseHandle
Sleep
LoadLibraryA
TlsSetValue
TlsAlloc
SetEndOfFile
SetConsoleCtrlHandler
HeapFree
HeapAlloc
GetModuleHandleA
ExitProcess
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue

user32

MessageBoxA

advapi32

StartServiceCtrlDispatcherA
SetServiceStatus
LogonUserA
ImpersonateLoggedOnUser
RegisterServiceCtrlHandlerA

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
actmon32.dll
.dll windows:5 windows x86 arch:x86

f10238357c93c9d69e8013a6d247fa08

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7d:f3:f7:d9:72:64:81:18:3b:3b:e4:a6:2f:0c:c3:d9:43:b7:63:8a:17:8b:56:a1:01:1b:54:0f:c1:c2:16:44
Signer

Actual PE Digest

7d:f3:f7:d9:72:64:81:18:3b:3b:e4:a6:2f:0c:c3:d9:43:b7:63:8a:17:8b:56:a1:01:1b:54:0f:c1:c2:16:44

Digest Algorithm

sha256

PE Digest Matches

true

fd:91:ef:48:2a:f6:65:65:06:78:dd:5b:de:4a:1f:be:a7:05:73:0f
Signer

Actual PE Digest

fd:91:ef:48:2a:f6:65:65:06:78:dd:5b:de:4a:1f:be:a7:05:73:0f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\po\trunk\modules\actmon\Release\actmon32.pdb

Imports

kernel32

GetSystemInfo
LoadLibraryExA
lstrcmpW
CopyFileW
lstrcpynA
GetFileAttributesExW
InitializeCriticalSection
LeaveCriticalSection
lstrcpynW
EnterCriticalSection
DisableThreadLibraryCalls
lstrcmpA
GetModuleFileNameW
CreateThread
GetTickCount
lstrcmpiW
CreateEventA
lstrcmpiA
GetProcAddress
GetLocalTime
CloseHandle
DeleteFileW
Sleep
WriteConsoleW
HeapSize
SetStdHandle
GetConsoleCP
FlushFileBuffers
DecodePointer
GetConsoleMode
HeapReAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetFileType
GetStdHandle
GetStringTypeW
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
ExitThread
RtlUnwind
RaiseException
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
LoadLibraryExW
FreeLibraryAndExitThread
FreeLibrary
GetThreadTimes
EncodePointer
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetModuleHandleA
GetVersionExW
lstrlenA
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
DuplicateHandle
WaitForSingleObjectEx
GetCurrentProcess
GetCurrentThread
QueryPerformanceCounter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
ReadFile
QueryDosDeviceW
GetLogicalDrives
FindFirstFileW
HeapFree
FindNextFileW
lstrlenW
WriteFile
FindClose
CreateFileW
GetFileAttributesW
OpenEventW
GetACP
OpenProcess
CreateToolhelp32Snapshot
MultiByteToWideChar
GetLastError
Process32NextW
SetEvent
FileTimeToSystemTime
lstrcatW
lstrcpyA
Process32FirstW
LoadLibraryW
HeapAlloc
Module32FirstW
GetCurrentDirectoryW
SetFilePointerEx
GetProcessHeap
SystemTimeToFileTime
lstrcpyW
Module32NextW
VirtualQuery
GetWindowsDirectoryW
OutputDebugStringW
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority

user32

GetLastInputInfo
IsWindow
CloseDesktop
GetForegroundWindow
OpenInputDesktop
GetUserObjectInformationA
GetWindowThreadProcessId
GetWindowTextW
GetCursorPos
ReleaseDC
InvalidateRect
ReleaseCapture
GetDesktopWindow
MoveWindow
DialogBoxParamW
SendMessageTimeoutW
GetParent
GetDlgItem
GetMessageW
DefWindowProcW
DispatchMessageA
CreateWindowExW
CallNextHookEx
RegisterClassExW
TranslateMessage
LoadIconW
SetWindowsHookExW
UpdateWindow
GetWindowTextLengthW
GetWindowRect
GetDC
SetWindowPos
SendMessageW
EndDialog
SetWindowTextW
WindowFromPoint
RedrawWindow
CreateIconIndirect
LoadBitmapA
LoadCursorW
GetClassNameW
SetCapture
GetWindowDC
SetCursor

gdi32

GetPixel
GetStockObject
SetPixel
DeleteDC
SelectObject
CreateCompatibleBitmap
LineTo
GetObjectW
MoveToEx
SetROP2
CreateCompatibleDC

ole32

CoCreateGuid
CoCreateInstance
CoInitialize

oleaut32

SafeArrayGetVartype
VariantClear
SysAllocString
VariantInit

shlwapi

PathFileExistsW
PathFindFileNameW
wnsprintfW
PathAppendW
StrStrIW
PathIsDirectoryW
StrNCatW
wvnsprintfA
wnsprintfA
StrCmpNIA
SHSetValueW
wvnsprintfW
StrChrW
SHGetValueW
StrChrA
PathRemoveFileSpecW
StrCmpNW
StrCmpNIW
SHDeleteKeyW

version

VerQueryValueW
GetFileVersionInfoW

psapi

GetProcessImageFileNameW

advapi32

RegCreateKeyExW
RegOpenKeyW
RegOpenKeyExW
GetUserNameW
RegCloseKey

shell32

ord165

Exports

Exports

Test

Sections

.text
Size: 438KB - Virtual size: 437KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
actmon64.dll
.dll windows:5 windows x64 arch:x64

aee46c65a29bc0e9b22bf8cf952d72b4

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c5:24:bd:5f:d9:65:8c:d9:e3:8d:d2:79:96:8d:78:68:db:8c:4d:75:ec:ac:85:29:fd:a9:1b:b5:0b:14:16:6b
Signer

Actual PE Digest

c5:24:bd:5f:d9:65:8c:d9:e3:8d:d2:79:96:8d:78:68:db:8c:4d:75:ec:ac:85:29:fd:a9:1b:b5:0b:14:16:6b

Digest Algorithm

sha256

PE Digest Matches

true

f1:3b:37:31:38:07:ee:51:6b:40:d0:d8:6e:f1:7f:29:f8:01:5f:c9
Signer

Actual PE Digest

f1:3b:37:31:38:07:ee:51:6b:40:d0:d8:6e:f1:7f:29:f8:01:5f:c9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\po\trunk\modules\actmon\Release\actmon64.pdb

Imports

kernel32

GetSystemInfo
LoadLibraryExA
DecodePointer
lstrcmpW
CopyFileW
lstrcpynA
GetFileAttributesExW
InitializeCriticalSection
LeaveCriticalSection
lstrcpynW
EnterCriticalSection
DisableThreadLibraryCalls
lstrcmpA
GetModuleFileNameW
CreateThread
GetTickCount
lstrcmpiW
CreateEventA
lstrcmpiA
GetProcAddress
GetLocalTime
CloseHandle
DeleteFileW
Sleep
WriteConsoleW
HeapSize
SetStdHandle
GetConsoleCP
FlushFileBuffers
GetConsoleMode
HeapReAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetFileType
GetStdHandle
GetStringTypeW
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
ExitThread
RtlUnwindEx
RaiseException
RtlPcToFileHeader
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
LoadLibraryExW
FreeLibraryAndExitThread
FreeLibrary
GetThreadTimes
EncodePointer
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
GetModuleHandleA
GetVersionExW
lstrlenA
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
DuplicateHandle
WaitForSingleObjectEx
GetCurrentProcess
GetCurrentThread
QueryPerformanceCounter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
WideCharToMultiByte
SetEvent
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
ReadFile
QueryDosDeviceW
GetLogicalDrives
FindFirstFileW
HeapFree
FindNextFileW
lstrlenW
WriteFile
FindClose
CreateFileW
GetFileAttributesW
OpenEventW
K32GetProcessImageFileNameW
GetACP
OpenProcess
CreateToolhelp32Snapshot
MultiByteToWideChar
GetLastError
Process32NextW
FileTimeToSystemTime
lstrcatW
lstrcpyA
Process32FirstW
LoadLibraryW
HeapAlloc
Module32FirstW
GetCurrentDirectoryW
SetFilePointerEx
GetProcessHeap
SystemTimeToFileTime
lstrcpyW
Module32NextW
VirtualQuery
GetWindowsDirectoryW
OutputDebugStringW
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer

user32

InvalidateRect
ReleaseDC
GetCursorPos
GetWindowTextW
GetWindowThreadProcessId
GetUserObjectInformationA
GetLastInputInfo
IsWindow
CloseDesktop
GetForegroundWindow
OpenInputDesktop
ReleaseCapture
GetDesktopWindow
MoveWindow
SendMessageTimeoutW
DialogBoxParamW
GetParent
GetDlgItem
GetMessageW
DefWindowProcW
DispatchMessageA
CreateWindowExW
CallNextHookEx
RegisterClassExW
TranslateMessage
LoadIconW
SetWindowsHookExW
UpdateWindow
GetWindowTextLengthW
GetWindowRect
GetDC
SetWindowPos
SendMessageW
EndDialog
SetWindowTextW
WindowFromPoint
RedrawWindow
CreateIconIndirect
LoadBitmapA
LoadCursorW
GetClassNameW
SetCapture
GetWindowDC
SetCursor

gdi32

GetStockObject
SetPixel
GetPixel
SelectObject
CreateCompatibleBitmap
DeleteDC
LineTo
GetObjectW
MoveToEx
CreateCompatibleDC
SetROP2

ole32

CoCreateGuid
CoCreateInstance
CoInitialize

oleaut32

SysAllocString
VariantInit
SafeArrayGetVartype
VariantClear

shlwapi

PathFindFileNameW
PathFileExistsW
wnsprintfW
wnsprintfA
StrStrIW
PathIsDirectoryW
StrNCatW
wvnsprintfA
PathAppendW
StrCmpNIA
SHSetValueW
wvnsprintfW
StrChrW
SHGetValueW
StrChrA
PathRemoveFileSpecW
StrCmpNW
StrCmpNIW
SHDeleteKeyW

version

VerQueryValueW
GetFileVersionInfoW

advapi32

RegCreateKeyExW
RegCloseKey
RegOpenKeyW
RegOpenKeyExW
GetUserNameW

shell32

ord165

Exports

Exports

Test

Sections

.text
Size: 572KB - Virtual size: 572KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
anyconn32.dll
.dll windows:5 windows x86 arch:x86

6f8dd307be6757235bd2bd8c9b0cf822

Code Sign

0f:2d:cc:39:18:5a:9c:0b:9a:4e:98:4b:ba:9b:8e:e3
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:2d:8c:51:24:3c:49:35:1a:b9:89:cc:ef:19:b5:29
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

8e:a4:ed:ab:38:8e:52:d6:22:dc:45:41:17:56:20:4c:f5:13:b0:b3:3b:80:78:25:78:8a:26:09:e2:9b:1f:22
Signer

Actual PE Digest

8e:a4:ed:ab:38:8e:52:d6:22:dc:45:41:17:56:20:4c:f5:13:b0:b3:3b:80:78:25:78:8a:26:09:e2:9b:1f:22

Digest Algorithm

sha256

PE Digest Matches

true

a1:66:86:99:08:92:52:2f:c3:ec:4d:34:77:83:26:79:3d:4f:fc:98
Signer

Actual PE Digest

a1:66:86:99:08:92:52:2f:c3:ec:4d:34:77:83:26:79:3d:4f:fc:98

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\Release\anyconn32.pdb

Imports

kernel32

GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateThread
WaitForMultipleObjects
DisableThreadLibraryCalls
Sleep
lstrcmpA
lstrcpyA
CloseHandle
CancelIo
EnterCriticalSection
lstrcmpiA
CreateFileW
LeaveCriticalSection
CreateEventA
InitializeCriticalSection
SetFilePointer
CreateFileA
OutputDebugStringA
WriteFile
WaitForSingleObject
lstrlenA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
HeapAlloc
GetLastError
HeapFree
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetLocaleInfoA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
VirtualQuery
ReadFile
GetModuleFileNameW
Module32FirstW
GetModuleHandleA
CreateToolhelp32Snapshot
Module32NextW
lstrcpyW
WriteConsoleW

wininet

InternetCrackUrlA

shlwapi

wvnsprintfW
SHGetValueW
wnsprintfA
StrCmpNIA
wvnsprintfA
PathFindFileNameW

ws2_32

recv
WSARecv
WSAGetOverlappedResult
WSAWaitForMultipleEvents
WSACreateEvent
bind
setsockopt
htons
WSASocketW
send
inet_addr
connect
WSAIoctl
WSACloseEvent
WSAGetLastError
closesocket

dnsapi

DnsFree
DnsQuery_A

ole32

CoCreateGuid

Exports

Exports

AnyconnConnect
AnyconnHttpDownload
AnyconnSetHandshakeServer

Sections

.text
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
anyconn64.dll
.dll windows:5 windows x64 arch:x64

8c8fd4fa57d8a1a6576d3713ea350f73

Code Sign

0f:2d:cc:39:18:5a:9c:0b:9a:4e:98:4b:ba:9b:8e:e3
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:2d:8c:51:24:3c:49:35:1a:b9:89:cc:ef:19:b5:29
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

de:3b:1f:ea:90:56:4e:4b:55:a8:31:ae:74:81:1e:c1:ff:b0:4e:79:9e:47:3e:4c:6a:67:bf:7a:48:97:90:f0
Signer

Actual PE Digest

de:3b:1f:ea:90:56:4e:4b:55:a8:31:ae:74:81:1e:c1:ff:b0:4e:79:9e:47:3e:4c:6a:67:bf:7a:48:97:90:f0

Digest Algorithm

sha256

PE Digest Matches

true

18:15:6d:5d:d7:a9:43:17:52:46:a4:46:19:f4:17:47:2b:ce:f7:85
Signer

Actual PE Digest

18:15:6d:5d:d7:a9:43:17:52:46:a4:46:19:f4:17:47:2b:ce:f7:85

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\po\trunk\modules\Release\anyconn64.pdb

Imports

kernel32

GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateThread
WaitForMultipleObjects
DisableThreadLibraryCalls
Sleep
lstrcmpA
lstrcpyA
CloseHandle
CancelIo
EnterCriticalSection
lstrcmpiA
CreateFileW
LeaveCriticalSection
CreateEventA
InitializeCriticalSection
SetFilePointer
CreateFileA
OutputDebugStringA
WriteFile
WaitForSingleObject
lstrlenA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
HeapAlloc
GetLastError
HeapFree
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
HeapSize
GetModuleHandleW
GetProcAddress
ExitProcess
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetLocaleInfoA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
VirtualQuery
ReadFile
GetModuleFileNameW
Module32FirstW
GetModuleHandleA
CreateToolhelp32Snapshot
Module32NextW
lstrcpyW
WriteConsoleW

wininet

InternetCrackUrlA

shlwapi

wvnsprintfW
SHGetValueW
wnsprintfA
StrCmpNIA
wvnsprintfA
PathFindFileNameW

ws2_32

recv
WSARecv
inet_addr
WSAGetOverlappedResult
WSACreateEvent
bind
setsockopt
htons
WSASocketW
connect
send
WSAWaitForMultipleEvents
WSAIoctl
WSACloseEvent
WSAGetLastError
closesocket

dnsapi

DnsFree
DnsQuery_A

ole32

CoCreateGuid

Exports

Exports

AnyconnConnect
AnyconnHttpDownload
AnyconnSetHandshakeServer

Sections

.text
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
assistda.exe
.exe windows:6 windows x86 arch:x86

57b975f38dea99918c5dd385ceb33ac3

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:cb:d2:0c:71:a2:0b:62:9d:6d:26:37:30:c5:d4:0a:c6:03:f5:77:ad:f4:f3:d9:e7:77:78:57:0f:8f:97:d1
Signer

Actual PE Digest

19:cb:d2:0c:71:a2:0b:62:9d:6d:26:37:30:c5:d4:0a:c6:03:f5:77:ad:f4:f3:d9:e7:77:78:57:0f:8f:97:d1

Digest Algorithm

sha256

PE Digest Matches

true

64:ae:e9:9b:7a:d5:73:d7:c2:0e:54:59:31:2b:2f:58:6e:1d:7c:f3
Signer

Actual PE Digest

64:ae:e9:9b:7a:d5:73:d7:c2:0e:54:59:31:2b:2f:58:6e:1d:7c:f3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertGetNameStringW
CryptDecodeObjectEx
CertCloseStore
CryptQueryObject
CryptMsgClose
CertEnumCertificatesInStore

kernel32

HeapAlloc
HeapFree
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
CreateEventW
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
VirtualQuery
FreeLibrary
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapSize
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetLastError
HeapReAlloc
GetFileType
GetStdHandle
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
WriteFile
SetFilePointerEx
FindNextFileW
FindClose
lstrlenW
lstrcpynW
lstrcmpiA
LocalFree
LoadLibraryW
GetModuleHandleW
GetModuleFileNameW
GetLocalTime
CloseHandle
OutputDebugStringW
CreateFileW
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetStringTypeW
LCMapStringEx
DecodePointer
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
LoadLibraryExA
VirtualProtect
GetSystemInfo
RaiseException
SetLastError
WriteConsoleW

advapi32

GetUserNameW

imagehlp

ImageGetCertificateData
ImageEnumerateCertificates

shlwapi

PathAppendW
PathAddBackslashW
SHSetValueW
SHDeleteValueW
wnsprintfW

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
assisthost.exe
.exe windows:6 windows x86 arch:x86

57b975f38dea99918c5dd385ceb33ac3

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d2:a1:39:47:60:54:bc:68:0c:cd:4a:34:50:48:46:3c:93:41:23:f8:78:39:5e:37:c9:73:69:e8:c7:ed:1a:40
Signer

Actual PE Digest

d2:a1:39:47:60:54:bc:68:0c:cd:4a:34:50:48:46:3c:93:41:23:f8:78:39:5e:37:c9:73:69:e8:c7:ed:1a:40

Digest Algorithm

sha256

PE Digest Matches

true

57:5a:52:1b:d4:25:d0:fb:92:b9:e3:88:d7:5c:84:bd:c3:87:2c:2c
Signer

Actual PE Digest

57:5a:52:1b:d4:25:d0:fb:92:b9:e3:88:d7:5c:84:bd:c3:87:2c:2c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertGetNameStringW
CryptDecodeObjectEx
CertCloseStore
CryptQueryObject
CryptMsgClose
CertEnumCertificatesInStore

kernel32

HeapAlloc
HeapFree
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
CreateEventW
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
VirtualQuery
FreeLibrary
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapSize
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetLastError
HeapReAlloc
GetFileType
GetStdHandle
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
WriteFile
SetFilePointerEx
FindNextFileW
FindClose
lstrlenW
lstrcpynW
lstrcmpiA
LocalFree
LoadLibraryW
GetModuleHandleW
GetModuleFileNameW
GetLocalTime
CloseHandle
OutputDebugStringW
CreateFileW
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetStringTypeW
LCMapStringEx
DecodePointer
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
LoadLibraryExA
VirtualProtect
GetSystemInfo
RaiseException
SetLastError
WriteConsoleW

advapi32

GetUserNameW

imagehlp

ImageGetCertificateData
ImageEnumerateCertificates

shlwapi

PathAppendW
PathAddBackslashW
SHSetValueW
SHDeleteValueW
wnsprintfW

Sections

.text
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
assisths.exe
.exe windows:6 windows x86 arch:x86

a375ba6efff8379af92867e9f5ad8208

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c1:49:f2:11:0d:cf:5b:9f:8b:60:2f:d9:dd:6d:2c:5b:d7:bf:8b:8f:d8:ad:b2:89:d3:c2:1e:28:3f:98:0d:82
Signer

Actual PE Digest

c1:49:f2:11:0d:cf:5b:9f:8b:60:2f:d9:dd:6d:2c:5b:d7:bf:8b:8f:d8:ad:b2:89:d3:c2:1e:28:3f:98:0d:82

Digest Algorithm

sha256

PE Digest Matches

true

6a:75:2b:2e:ad:f5:98:ae:46:a5:7d:38:b5:1b:7e:2a:ec:7e:f3:54
Signer

Actual PE Digest

6a:75:2b:2e:ad:f5:98:ae:46:a5:7d:38:b5:1b:7e:2a:ec:7e:f3:54

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertGetNameStringW
CryptDecodeObjectEx
CertCloseStore
CryptQueryObject
CryptMsgClose
CertEnumCertificatesInStore

kernel32

HeapAlloc
HeapFree
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
CreateEventW
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
VirtualQuery
FreeLibrary
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapSize
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetLastError
HeapReAlloc
GetFileType
GetCommandLineW
GetCommandLineA
GetStdHandle
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
WriteFile
SetFilePointerEx
FindNextFileW
FindClose
lstrlenW
lstrcpynW
lstrcmpiA
LocalFree
LoadLibraryW
GetModuleHandleW
GetModuleFileNameW
GetLocalTime
CloseHandle
OutputDebugStringW
CreateFileW
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetStringTypeW
LCMapStringEx
DecodePointer
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
LoadLibraryExA
VirtualProtect
GetSystemInfo
RaiseException
SetLastError
WriteConsoleW

advapi32

GetUserNameW

imagehlp

ImageGetCertificateData
ImageEnumerateCertificates

shlwapi

PathAppendW
PathAddBackslashW
SHSetValueW
SHDeleteValueW
wnsprintfW

Sections

.text
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
athens32.dll
athens64.dll
athenw32.dll
.dll windows:5 windows x86 arch:x86

848c7d6427d9b42ef0ae820dba21c542

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bc:0c:fc:59:8e:f6:1b:4d:cf:ea:83:11:6b:59:4d:74:bf:c3:06:b2:ac:62:35:a4:db:e1:95:5a:c3:00:75:08
Signer

Actual PE Digest

bc:0c:fc:59:8e:f6:1b:4d:cf:ea:83:11:6b:59:4d:74:bf:c3:06:b2:ac:62:35:a4:db:e1:95:5a:c3:00:75:08

Digest Algorithm

sha256

PE Digest Matches

true

de:81:a7:09:93:3d:be:35:48:a4:d5:64:bb:13:b3:9e:a4:3c:26:26
Signer

Actual PE Digest

de:81:a7:09:93:3d:be:35:48:a4:d5:64:bb:13:b3:9e:a4:3c:26:26

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\athens\Release\athenw32.pdb

Imports

kernel32

GetProcAddress
LoadLibraryA
QueryDosDeviceW
GetModuleHandleA
lstrcmpW
lstrcpyW
InterlockedIncrement
InterlockedDecrement
CopyFileW
GetDiskFreeSpaceExW
GetQueuedCompletionStatus
ReadDirectoryChangesW
CreateIoCompletionPort
CancelIo
GetModuleHandleW
TerminateThread
FileTimeToSystemTime
GetFileAttributesExW
FileTimeToLocalFileTime
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetLogicalDrives
GetDriveTypeW
VirtualProtectEx
GetCurrentProcess
GetLocalTime
SetFileAttributesW
GetCurrentProcessId
DeleteFileW
GetCurrentThread
MoveFileExW
GetCurrentThreadId
MoveFileW
GetModuleFileNameW
lstrcpynW
Sleep
lstrcmpA
GetTickCount
SetEvent
lstrcatW
GlobalUnlock
lstrlenW
lstrcatA
GlobalAlloc
GlobalLock
lstrlenA
LocalFree
GetModuleFileNameA
CreateThread
CloseHandle
lstrcmpiW
CreateEventW
EnterCriticalSection
SetLastError
GetLastError
GetTempPathW
CreateFileW
ReadFile
GetFileAttributesW
LeaveCriticalSection
InitializeCriticalSection
OutputDebugStringW
LoadLibraryExA
LoadLibraryExW
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
ResumeThread
VirtualProtect
InterlockedCompareExchange
GetSystemDirectoryW
GetWindowsDirectoryW
lstrcpyA
Module32NextW
OpenEventW
CreateToolhelp32Snapshot
FindNextFileW
Process32NextW
Module32FirstW
DeviceIoControl
RemoveDirectoryW
CreateFileMappingW
ProcessIdToSessionId
OpenThread
Process32FirstW
FindClose
GetCurrentDirectoryW
GetFileSizeEx
GetVersionExW
LoadLibraryW
OpenProcess
GetDriveTypeA
IsBadReadPtr
SystemTimeToFileTime
CreateProcessW
SetEndOfFile
lstrcpynA
VirtualQuery
UnmapViewOfFile
MapViewOfFile
FindFirstFileW
CreateFileA
WaitForSingleObject
SetFilePointer
GetFileSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
GetCommandLineA
RaiseException
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
WriteFile
GetStdHandle
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
FreeLibrary
InterlockedExchange
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
WriteConsoleW

user32

LoadCursorW
CallNextHookEx
TranslateMessage
RegisterClassExW
LoadIconW
IsWindow
CreateWindowExW
DispatchMessageA
PostQuitMessage
GetMessageW
GetWindowThreadProcessId
GetCursorPos
WindowFromPoint
SendMessageTimeoutW
MessageBoxW
PostThreadMessageW
GetForegroundWindow
GetClipboardOwner
SetWindowsHookExW
UpdateWindow
DefWindowProcW
RegisterClipboardFormatW
wsprintfA
CloseClipboard
SetTimer
PostMessageW
IsClipboardFormatAvailable
GetClientRect
GetWindowLongW
EmptyClipboard
ChangeClipboardChain
OpenClipboard
GetSystemMetrics
SendMessageW
SetClipboardViewer

advapi32

RegSetValueExW
RegEnumKeyExW
CreateServiceW
CloseServiceHandle
OpenProcessToken
DeleteService
ImpersonateLoggedOnUser
RegCloseKey
RegNotifyChangeKeyValue
RegCreateKeyExW
OpenSCManagerW
OpenServiceW
CreateProcessAsUserW
RegOpenKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
StartServiceW
QueryServiceStatus
SetFileSecurityW
AllocateAndInitializeSid
SetEntriesInAclW
RegEnumValueW
FreeSid
RegSetKeySecurity
GetUserNameW

shell32

CommandLineToArgvW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
ord190
ord155
ord165
SHGetSpecialFolderLocation

ole32

CoCreateGuid
CoInitialize
CoCreateInstance
CoTaskMemFree
ReleaseStgMedium

wtsapi32

WTSQueryUserToken

shlwapi

PathIsDirectoryW
PathFindFileNameW
StrStrIW
SHDeleteValueW
PathFileExistsW
PathAppendW
PathMatchSpecW
wnsprintfW
StrCatBuffW
StrRChrW
StrCatW
wvnsprintfA
wnsprintfA
StrChrA
StrCmpNIW
SHGetValueW
StrChrW
PathRemoveFileSpecW
StrNCatW
SHGetValueA
wvnsprintfW
PathRemoveExtensionW
SHSetValueW
PathRemoveBackslashW
StrCmpNW
PathAddBackslashW
ord219
StrStrW
SHDeleteKeyW
PathFindExtensionW

ws2_32

sendto
WSAStartup
socket

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

psapi

GetProcessImageFileNameW

Sections

.text
Size: 511KB - Virtual size: 511KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
athenw64.dll
.dll windows:5 windows x64 arch:x64

5830c434b55def5795524566836a5ecf

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:53:94:41:68:05:ae:6c:70:59:54:17:33:13:01:c1:e3:a0:a8:4e:50:4c:74:d0:1a:cd:57:8a:6a:50:2d:1d
Signer

Actual PE Digest

5e:53:94:41:68:05:ae:6c:70:59:54:17:33:13:01:c1:e3:a0:a8:4e:50:4c:74:d0:1a:cd:57:8a:6a:50:2d:1d

Digest Algorithm

sha256

PE Digest Matches

true

d8:ec:49:61:8d:2d:1a:3c:dd:a6:68:a9:cd:bf:2f:3d:54:e9:7c:7a
Signer

Actual PE Digest

d8:ec:49:61:8d:2d:1a:3c:dd:a6:68:a9:cd:bf:2f:3d:54:e9:7c:7a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\athens\Release\athenw64.pdb

Imports

kernel32

GetProcAddress
LoadLibraryA
QueryDosDeviceW
GetModuleHandleA
lstrcmpW
lstrcpyW
CopyFileW
GetDiskFreeSpaceExW
GetModuleHandleW
TerminateThread
FileTimeToSystemTime
GetFileAttributesExW
FileTimeToLocalFileTime
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetLogicalDrives
GetDriveTypeW
VirtualProtectEx
GetCurrentProcess
GetLocalTime
SetFileAttributesW
GetCurrentProcessId
DeleteFileW
GetCurrentThread
MoveFileExW
GetCurrentThreadId
MoveFileW
GetModuleFileNameW
lstrcpynW
Sleep
lstrcmpA
GetTickCount
SetEvent
lstrcatW
GlobalUnlock
lstrlenW
lstrcatA
GlobalAlloc
GlobalLock
lstrlenA
LocalFree
GetModuleFileNameA
CreateThread
CloseHandle
lstrcmpiW
CreateEventW
EnterCriticalSection
SetLastError
GetLastError
GetTempPathW
CreateFileW
ReadFile
GetFileAttributesW
LeaveCriticalSection
InitializeCriticalSection
OutputDebugStringW
LoadLibraryExA
LoadLibraryExW
VirtualAlloc
SuspendThread
VirtualFree
GetThreadContext
SetThreadContext
FlushInstructionCache
ResumeThread
VirtualProtect
GetSystemDirectoryW
GetWindowsDirectoryW
lstrcpyA
Module32NextW
OpenEventW
CreateToolhelp32Snapshot
FindNextFileW
Process32NextW
Module32FirstW
DeviceIoControl
RemoveDirectoryW
CreateFileMappingW
ProcessIdToSessionId
OpenThread
Process32FirstW
FindClose
GetCurrentDirectoryW
GetFileSizeEx
GetVersionExW
LoadLibraryW
OpenProcess
GetDriveTypeA
IsBadReadPtr
SystemTimeToFileTime
CreateProcessW
SetEndOfFile
lstrcpynA
VirtualQuery
UnmapViewOfFile
MapViewOfFile
FindFirstFileW
CreateFileA
WaitForSingleObject
SetFilePointer
GetFileSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapFree
HeapAlloc
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
WriteFile
GetStdHandle
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapReAlloc
FreeLibrary
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
WriteConsoleW

user32

LoadCursorW
CallNextHookEx
TranslateMessage
RegisterClassExW
LoadIconW
IsWindow
CreateWindowExW
DispatchMessageA
PostQuitMessage
GetMessageW
GetWindowThreadProcessId
GetCursorPos
WindowFromPoint
MessageBoxW
PostThreadMessageW
GetForegroundWindow
SetWindowsHookExW
UpdateWindow
DefWindowProcW
RegisterClipboardFormatW
wsprintfA

advapi32

CreateProcessAsUserW
RegSetValueExW
RegEnumKeyExW
CreateServiceW
CloseServiceHandle
OpenProcessToken
DeleteService
ImpersonateLoggedOnUser
RegCloseKey
RegNotifyChangeKeyValue
RegCreateKeyExW
OpenSCManagerW
OpenServiceW
GetUserNameW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
StartServiceW
QueryServiceStatus
SetFileSecurityW
AllocateAndInitializeSid
SetEntriesInAclW
RegEnumValueW
FreeSid
RegSetKeySecurity
RegOpenKeyExW

shell32

CommandLineToArgvW
SHGetPathFromIDListW
ord190
ord155
ord165
SHGetSpecialFolderLocation

ole32

CoCreateGuid
CoInitialize
CoCreateInstance
CoTaskMemFree
ReleaseStgMedium

wtsapi32

WTSQueryUserToken

shlwapi

PathIsDirectoryW
PathFindFileNameW
StrStrIW
SHDeleteValueW
PathFileExistsW
PathAppendW
PathMatchSpecW
wnsprintfW
StrCatBuffW
StrCatW
wvnsprintfA
wnsprintfA
StrChrA
StrCmpNIW
SHGetValueW
StrChrW
PathRemoveFileSpecW
StrNCatW
SHGetValueA
wvnsprintfW
SHSetValueW
StrCmpNW
PathAddBackslashW
ord219
StrStrW
SHDeleteKeyW
PathFindExtensionW

ws2_32

sendto
WSAStartup
socket

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

psapi

GetProcessImageFileNameW

Sections

.text
Size: 662KB - Virtual size: 661KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 179KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
athenx32.dll
athenx64.dll
backup32.dll
.dll windows:5 windows x86 arch:x86

764e911557ba0cab90f0e29d3acc3a65

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c6:46:bc:a6:6e:14:fb:0d:8a:3d:a0:2e:55:e6:d6:d3:4f:e8:45:62:3f:16:8e:5d:56:cb:7a:3a:8d:44:33:fd
Signer

Actual PE Digest

c6:46:bc:a6:6e:14:fb:0d:8a:3d:a0:2e:55:e6:d6:d3:4f:e8:45:62:3f:16:8e:5d:56:cb:7a:3a:8d:44:33:fd

Digest Algorithm

sha256

PE Digest Matches

true

63:9f:5e:b5:89:52:34:bf:a5:a0:e3:a4:23:c7:f4:ef:78:1e:9d:e2
Signer

Actual PE Digest

63:9f:5e:b5:89:52:34:bf:a5:a0:e3:a4:23:c7:f4:ef:78:1e:9d:e2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\backup\Release\backup32.pdb

Imports

kernel32

FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
DeleteFileA
GetTempPathA
GetModuleFileNameA
GetVolumeInformationW
DebugBreak
TlsAlloc
TlsSetValue
GetTickCount
TlsGetValue
DisableThreadLibraryCalls
lstrcmpA
ReadFile
GetDriveTypeA
SetFilePointer
GetFileSize
CreateThread
lstrcpyW
DeleteFileW
CloseHandle
GetDiskFreeSpaceExW
DeleteCriticalSection
CreateIoCompletionPort
lstrcmpiW
GetLocalTime
EnterCriticalSection
lstrlenW
CreateFileW
lstrcpynW
LeaveCriticalSection
CreateEventA
CopyFileW
Sleep
InitializeCriticalSection
GetWindowsDirectoryA
ReadDirectoryChangesW
GetLogicalDrives
SetEvent
OutputDebugStringW
GetWindowsDirectoryW
lstrcpyA
Module32NextW
OpenEventW
GetFileAttributesExW
CreateToolhelp32Snapshot
FindNextFileW
WaitForSingleObject
GetQueuedCompletionStatus
GetDriveTypeW
GetModuleHandleA
Module32FirstW
DeviceIoControl
FindClose
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
GetModuleHandleW
GetProcAddress
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
WriteFile
GetStdHandle
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
CreateFileA
FindFirstFileW
lstrlenA
VirtualQuery
lstrcpynA
SetEndOfFile
SystemTimeToFileTime
GetFileAttributesW
GetModuleFileNameW
lstrcmpW
GetCurrentDirectoryW
WriteConsoleW

shell32

SHGetSpecialFolderPathW
ord165
SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

CoInitialize
CoTaskMemFree
CoCreateGuid

shlwapi

wnsprintfW
PathIsDirectoryW
PathFindExtensionW
PathFindFileNameW
PathAddBackslashW
StrStrIW
SHDeleteValueW
PathFileExistsW
PathAppendW
StrCmpNW
PathMatchSpecW
PathRemoveBackslashW
PathFileExistsA
PathAppendA
wvnsprintfW
SHGetValueA
StrCmpNIW
SHSetValueW
StrChrA
wnsprintfA
wvnsprintfA
SHCreateStreamOnFileW
StrChrW
SHGetValueW
PathRemoveFileSpecW

libcurl32

curl_slist_append
curl_free
curl_easy_setopt
curl_easy_perform
curl_easy_strerror
curl_easy_cleanup
curl_global_init
curl_easy_escape
curl_easy_getinfo
curl_easy_reset
curl_easy_init
curl_slist_free_all
curl_formfree
curl_formadd

advapi32

GetUserNameW
RegEnumValueW
RegOpenKeyExW
RegCloseKey

Sections

.text
Size: 281KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
backup64.dll
.dll windows:5 windows x64 arch:x64

051c1eae66593fdcbbbc6988512a3ca0

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9e:69:f4:4d:b7:2d:db:52:94:23:5b:ad:33:70:86:31:d8:fe:7d:50:81:fd:20:d1:98:27:36:ce:25:42:3a:cb
Signer

Actual PE Digest

9e:69:f4:4d:b7:2d:db:52:94:23:5b:ad:33:70:86:31:d8:fe:7d:50:81:fd:20:d1:98:27:36:ce:25:42:3a:cb

Digest Algorithm

sha256

PE Digest Matches

true

5c:33:b6:b8:1e:24:e0:04:02:d6:93:06:15:80:1f:14:fa:33:7b:e2
Signer

Actual PE Digest

5c:33:b6:b8:1e:24:e0:04:02:d6:93:06:15:80:1f:14:fa:33:7b:e2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\backup\Release\backup64.pdb

Imports

kernel32

FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
DeleteFileA
GetTempPathA
GetModuleFileNameA
GetVolumeInformationW
DebugBreak
TlsAlloc
TlsSetValue
GetTickCount
TlsGetValue
DisableThreadLibraryCalls
lstrcmpA
ReadFile
GetDriveTypeA
SetFilePointer
GetFileSize
CreateThread
lstrcpyW
DeleteFileW
CloseHandle
GetDiskFreeSpaceExW
DeleteCriticalSection
CreateIoCompletionPort
lstrcmpiW
GetLocalTime
EnterCriticalSection
lstrlenW
CreateFileW
lstrcpynW
LeaveCriticalSection
CreateEventA
CopyFileW
Sleep
InitializeCriticalSection
GetWindowsDirectoryA
ReadDirectoryChangesW
GetLogicalDrives
SetEvent
OutputDebugStringW
GetWindowsDirectoryW
lstrcpyA
Module32NextW
OpenEventW
GetFileAttributesExW
CreateToolhelp32Snapshot
FindNextFileW
GetModuleHandleA
WaitForSingleObject
GetQueuedCompletionStatus
GetDriveTypeW
Module32FirstW
DeviceIoControl
FindClose
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetLastError
HeapFree
HeapAlloc
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
HeapSize
GetModuleHandleW
GetProcAddress
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
WriteFile
GetStdHandle
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
CreateFileA
FindFirstFileW
lstrlenA
VirtualQuery
lstrcpynA
SetEndOfFile
SystemTimeToFileTime
GetFileAttributesW
GetModuleFileNameW
lstrcmpW
GetCurrentDirectoryW
WriteConsoleW

shell32

SHGetSpecialFolderPathW
ord165
SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CoInitialize
CoTaskMemFree
CoCreateGuid

shlwapi

wnsprintfW
PathIsDirectoryW
PathFindExtensionW
PathFindFileNameW
PathAddBackslashW
StrStrIW
SHDeleteValueW
PathFileExistsW
PathAppendW
StrCmpNW
PathMatchSpecW
PathRemoveBackslashW
PathFileExistsA
PathAppendA
wvnsprintfW
SHGetValueA
StrCmpNIW
SHSetValueW
StrChrA
wnsprintfA
wvnsprintfA
SHCreateStreamOnFileW
StrChrW
SHGetValueW
PathRemoveFileSpecW

libcurl64

curl_slist_append
curl_free
curl_easy_setopt
curl_easy_perform
curl_easy_strerror
curl_easy_cleanup
curl_global_init
curl_easy_escape
curl_easy_getinfo
curl_formadd
curl_easy_reset
curl_easy_init
curl_slist_free_all
curl_formfree

advapi32

GetUserNameW
RegEnumValueW
RegOpenKeyExW
RegCloseKey

Sections

.text
Size: 405KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
clientbase32.dll
.dll windows:5 windows x86 arch:x86

b09c607d6a34b6758bcc525b26d67722

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a6:14:45:ce:a1:ba:19:8a:2e:74:4e:7c:c2:35:06:85:dc:27:e2:06:57:c7:d2:e1:7d:d4:a0:33:04:3c:cf:85
Signer

Actual PE Digest

a6:14:45:ce:a1:ba:19:8a:2e:74:4e:7c:c2:35:06:85:dc:27:e2:06:57:c7:d2:e1:7d:d4:a0:33:04:3c:cf:85

Digest Algorithm

sha256

PE Digest Matches

true

03:00:46:d2:05:0a:d4:b1:f9:3b:2f:c1:ab:f5:9a:25:e2:4a:69:ac
Signer

Actual PE Digest

03:00:46:d2:05:0a:d4:b1:f9:3b:2f:c1:ab:f5:9a:25:e2:4a:69:ac

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\clientbase\Release\clientbase32.pdb

Imports

kernel32

GetModuleHandleA
TerminateProcess
OpenProcess
lstrcpyW
GetModuleFileNameW
MoveFileExW
FileTimeToLocalFileTime
GetFileTime
lstrlenW
FileTimeToSystemTime
GetSystemDirectoryW
lstrcmpiW
GetLocalTime
GetFileAttributesW
CopyFileW
CreateEventW
GetDiskFreeSpaceExW
GetProcAddress
LoadLibraryW
GetModuleHandleW
GetLogicalDrives
GetDriveTypeW
DeleteFileW
DisableThreadLibraryCalls
ReadFile
SetFilePointer
MoveFileW
LocalFree
lstrcmpA
lstrcpynW
GetVersionExW
CreateThread
ResetEvent
GetComputerNameExW
SetLastError
GetLastError
GetTempPathW
GetExitCodeProcess
OutputDebugStringW
SetEvent
GetComputerNameW
SetFileAttributesW
CreateFileW
WaitForSingleObject
CloseHandle
Module32NextW
OpenEventW
GetFileAttributesExW
CreateToolhelp32Snapshot
FindNextFileW
lstrcatW
CancelIo
Process32NextW
Module32FirstW
DeviceIoControl
QueryDosDeviceW
RemoveDirectoryW
CreateFileMappingW
ProcessIdToSessionId
Process32FirstW
FindClose
GetCurrentDirectoryW
GetFileSizeEx
lstrcmpW
InitializeCriticalSection
GetDriveTypeA
IsBadReadPtr
SystemTimeToFileTime
CreateProcessW
lstrcpynA
VirtualQuery
UnmapViewOfFile
MapViewOfFile
FindFirstFileW
GetWindowsDirectoryW
lstrcpyA
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
InterlockedExchange
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
lstrcmpiA
Sleep
lstrlenA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA

user32

IsWindow
LoadIconW
GetCursorPos
ShowWindow
IsDialogMessageW
GetForegroundWindow
TranslateMessage
SetPropW
FindWindowW
SetForegroundWindow
RegisterWindowMessageW
PostQuitMessage
GetMessageW
RemovePropW
SetTimer
DestroyWindow
DestroyIcon
GetIconInfo
LoadImageW
MessageBoxW
GetWindowThreadProcessId
DefWindowProcW
DispatchMessageA
CreateWindowExW
RegisterClassExW
GetSystemMetrics
IsWindowVisible
UpdateWindow
GetPropW
DispatchMessageW
CreateDialogParamW
LoadCursorW
SetWindowPos
GetWindowRect

gdi32

DeleteObject
GetObjectW

advapi32

RegSetValueExW
EnumServicesStatusExW
RegEnumKeyExW
ControlService
LookupAccountSidW
GetTokenInformation
OpenProcessToken
RevertToSelf
ImpersonateLoggedOnUser
RegCloseKey
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyExW
FreeSid
RegEnumValueW
CreateServiceW
CloseServiceHandle
CreateProcessWithLogonW
DeleteService
OpenSCManagerW
OpenServiceW
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
StartServiceW
QueryServiceStatus
SetFileSecurityW
AllocateAndInitializeSid
SetEntriesInAclW
GetUserNameW

shell32

SHGetFileInfoW
ord165
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHAppBarMessage
ord727
ExtractIconExW
ShellExecuteExW
SHGetSpecialFolderPathW
Shell_NotifyIconW

iphlpapi

GetAdaptersInfo

comctl32

ord17

gdiplus

GdiplusStartup
GdipGetImageWidth
GdipCloneImage
GdipBitmapLockBits
GdipSaveImageToFile
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipAlloc
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImageEncodersSize
GdipFree
GdipGetImageHeight
GdipCreateBitmapFromHICON

wtsapi32

WTSQuerySessionInformationW
WTSRegisterSessionNotification
WTSUnRegisterSessionNotification
WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

shlwapi

SHDeleteValueW
wnsprintfW
StrStrIA
PathRemoveBackslashW
StrCatW
StrCmpNIA
StrChrA
SHSetValueW
StrCmpNIW
SHGetValueW
StrChrW
SHSetValueA
PathRemoveFileSpecW
SHGetValueA
SHDeleteValueA
PathFindExtensionW
PathIsDirectoryW
wvnsprintfA
wnsprintfA
wvnsprintfW
PathFileExistsW
StrStrW
SHDeleteKeyW
PathFindFileNameW
StrStrIW
PathAppendW
StrStrA

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ws2_32

bind
WSAGetOverlappedResult
WSACreateEvent
WSAWaitForMultipleEvents
htons
setsockopt
inet_ntoa
ntohl
getsockname
closesocket
WSAGetLastError
WSAIoctl
WSASocketW
WSACloseEvent
connect

psapi

GetProcessImageFileNameW

dnsapi

DnsFree
DnsQuery_A

ole32

CoSetProxyBlanket
CoInitializeEx
CoTaskMemFree
CoCreateGuid
CoInitialize
CoCreateInstance

oleaut32

VariantInit
VariantClear

Exports

Exports

GetSoftwareArray
RtGetSoftwareJson
RtUnInstall
RunInstaller
TCT
TestProc

Sections

.text
Size: 336KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
clientbase64.dll
.dll windows:5 windows x64 arch:x64

b5708a954d92e3e89cfa88a3f76bbe23

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

85:ef:82:d2:20:47:cd:73:f6:9c:83:65:4b:a1:bb:48:fa:36:f7:91:05:2b:d7:0f:c8:5a:63:9a:c6:57:f1:99
Signer

Actual PE Digest

85:ef:82:d2:20:47:cd:73:f6:9c:83:65:4b:a1:bb:48:fa:36:f7:91:05:2b:d7:0f:c8:5a:63:9a:c6:57:f1:99

Digest Algorithm

sha256

PE Digest Matches

true

60:3e:a2:79:9b:fe:29:f6:48:81:17:97:13:ba:c8:d8:00:0a:69:3c
Signer

Actual PE Digest

60:3e:a2:79:9b:fe:29:f6:48:81:17:97:13:ba:c8:d8:00:0a:69:3c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\clientbase\Release\clientbase64.pdb

Imports

kernel32

GetModuleHandleA
TerminateProcess
OpenProcess
lstrcpyW
GetModuleFileNameW
MoveFileExW
FileTimeToLocalFileTime
GetFileTime
lstrlenW
FileTimeToSystemTime
GetSystemDirectoryW
lstrcpynW
lstrcmpiW
GetLocalTime
GetFileAttributesW
GetVersionExW
CopyFileW
CreateEventW
GetDiskFreeSpaceExW
GetProcAddress
LoadLibraryW
GetModuleHandleW
GetLogicalDrives
GetDriveTypeW
DeleteFileW
DisableThreadLibraryCalls
CreateFileW
ReadFile
SetFilePointer
lstrcmpA
CreateThread
ResetEvent
GetComputerNameExW
SetLastError
GetLastError
GetTempPathW
LocalFree
GetExitCodeProcess
OutputDebugStringW
SetEvent
GetComputerNameW
WaitForSingleObject
CloseHandle
SetFileAttributesW
Module32NextW
OpenEventW
GetFileAttributesExW
CreateToolhelp32Snapshot
FindNextFileW
lstrcatW
CancelIo
Process32NextW
Module32FirstW
DeviceIoControl
QueryDosDeviceW
RemoveDirectoryW
CreateFileMappingW
ProcessIdToSessionId
Process32FirstW
FindClose
GetCurrentDirectoryW
GetFileSizeEx
lstrcmpW
InitializeCriticalSection
GetDriveTypeA
IsBadReadPtr
SystemTimeToFileTime
CreateProcessW
lstrcpynA
VirtualQuery
UnmapViewOfFile
MapViewOfFile
FindFirstFileW
GetWindowsDirectoryW
lstrcpyA
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
lstrcmpiA
Sleep
lstrlenA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapFree
HeapAlloc
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
HeapSetInformation
HeapCreate
HeapDestroy
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetLocaleInfoA
GetStringTypeA

user32

CreateWindowExW
DispatchMessageA
UpdateWindow
DefWindowProcW
GetWindowThreadProcessId
GetForegroundWindow
IsWindow
LoadIconW
RegisterClassExW
TranslateMessage
FindWindowW
LoadCursorW
PostQuitMessage
GetMessageW
MessageBoxW
LoadImageW
GetIconInfo
DestroyIcon

gdi32

GetObjectW
DeleteObject

advapi32

OpenSCManagerW
RegSetValueExW
EnumServicesStatusExW
RegEnumKeyExW
ControlService
CloseServiceHandle
CreateProcessWithLogonW
DeleteService
OpenServiceW
CreateProcessAsUserW
LookupAccountSidW
GetTokenInformation
OpenProcessToken
RevertToSelf
ImpersonateLoggedOnUser
RegCloseKey
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
QueryServiceStatus
SetFileSecurityW
AllocateAndInitializeSid
SetEntriesInAclW
RegEnumValueW
FreeSid
GetUserNameW

shell32

ord165
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
ShellExecuteExW
ExtractIconExW
SHGetFileInfoW
ord727

iphlpapi

GetAdaptersInfo

gdiplus

GdiplusStartup
GdipGetImageWidth
GdipCloneImage
GdipBitmapLockBits
GdipFree
GdipGetImageHeight
GdipCreateBitmapFromHICON
GdipGetImagePixelFormat
GdipAlloc
GdipSaveImageToFile
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipDisposeImage
GdipCreateBitmapFromScan0

wtsapi32

WTSQuerySessionInformationW
WTSRegisterSessionNotification
WTSUnRegisterSessionNotification
WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

shlwapi

wnsprintfW
StrStrIA
SHDeleteValueW
PathFileExistsW
StrStrA
PathAppendW
StrCatW
StrCmpNIA
StrChrA
SHSetValueW
StrCmpNIW
SHGetValueW
StrChrW
SHSetValueA
PathRemoveFileSpecW
SHGetValueA
SHDeleteValueA
PathFindExtensionW
PathIsDirectoryW
wvnsprintfA
wnsprintfA
wvnsprintfW
PathRemoveBackslashW
StrStrW
SHDeleteKeyW
PathFindFileNameW
StrStrIW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ws2_32

bind
WSAGetOverlappedResult
WSACreateEvent
WSAWaitForMultipleEvents
htons
setsockopt
inet_ntoa
ntohl
getsockname
closesocket
WSAGetLastError
WSACloseEvent
WSASocketW
connect
WSAIoctl

psapi

GetProcessImageFileNameW

dnsapi

DnsFree
DnsQuery_A

ole32

CoTaskMemFree
CoSetProxyBlanket
CoInitializeEx
CoInitialize
CoCreateInstance
CoCreateGuid

oleaut32

VariantClear
VariantInit

Exports

Exports

GetSoftwareArray
RtGetSoftwareJson
RtUnInstall
RunInstaller
TCT
TestProc

Sections

.text
Size: 462KB - Virtual size: 461KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
clientstat.exe
.exe windows:5 windows x86 arch:x86

49791113834c56a6ac6f54b82590b4a0

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3c:b9:5d:e6:fa:b5:3c:52:94:85:76:d2:13:b6:cd:d3:f8:2d:3d:5e:b2:2b:bf:ca:77:6d:03:54:c1:df:2c:5c
Signer

Actual PE Digest

3c:b9:5d:e6:fa:b5:3c:52:94:85:76:d2:13:b6:cd:d3:f8:2d:3d:5e:b2:2b:bf:ca:77:6d:03:54:c1:df:2c:5c

Digest Algorithm

sha256

PE Digest Matches

true

18:cc:f9:7c:4c:85:b3:84:2c:58:7c:bf:be:eb:57:ac:73:33:1a:45
Signer

Actual PE Digest

18:cc:f9:7c:4c:85:b3:84:2c:58:7c:bf:be:eb:57:ac:73:33:1a:45

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\po\trunk\modules\clientinfo\Release\clientstat.pdb

Imports

kernel32

LocalAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
MulDiv
DosDateTimeToFileTime
FreeResource
GetFileSize
CreateThread
GetModuleHandleW
OpenEventW
SetEvent
CloseHandle
CancelIo
CreateEventA
WaitForSingleObject
lstrlenA
LocalFree
lstrcmpiW
GetCommandLineW
lstrcatW
GetModuleFileNameW
lstrcpynW
Sleep
GetTickCount
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
HeapAlloc
GetProcAddress
ExitProcess
GetStartupInfoW
RaiseException
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSize
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoW
GetLocaleInfoA
WideCharToMultiByte
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
CreateFileA
lstrcmpA
FindFirstFileW
VirtualQuery
lstrcpynA
FindResourceW
LoadResource
SystemTimeToFileTime
GlobalSize
GlobalLock
InitializeCriticalSection
GlobalAlloc
LoadLibraryW
CopyFileW
SizeofResource
GetFileAttributesW
ReadFile
CreateFileW
lstrcmpW
lstrlenW
GlobalUnlock
GetCurrentDirectoryW
lstrcmpiA
GlobalFree
FindClose
GetLocalTime
LockResource
CreateEventW
Module32FirstW
GetModuleHandleA
FindNextFileW
CreateToolhelp32Snapshot
GetFileAttributesExW
Module32NextW
DeleteFileW
lstrcpyW
lstrcpyA
GetWindowsDirectoryW
OutputDebugStringW
SetFilePointer
WriteConsoleW

user32

GetClassInfoExW
PostMessageW
LoadImageW
IsRectEmpty
GetCaretBlinkTime
GetCaretPos
InvalidateRect
IntersectRect
PtInRect
GetWindowTextLengthW
SetCursor
UnionRect
OffsetRect
wvsprintfW
MapWindowPoints
ReleaseCapture
GetActiveWindow
GetCursorPos
ReleaseDC
GetDC
GetUpdateRect
BeginPaint
TrackMouseEvent
GetFocus
GetKeyState
SetCapture
EndPaint
SetRect
CharPrevW
DrawTextW
FillRect
SetCaretPos
CreateCaret
GetSysColor
ShowCaret
HideCaret
ClientToScreen
GetGUIThreadInfo
CreateAcceleratorTableW
InvalidateRgn
SetWindowTextW
MessageBoxW
IsWindow
SetWindowPos
LoadIconW
GetClientRect
KillTimer
PostQuitMessage
MoveWindow
CallWindowProcW
GetWindowRect
ScreenToClient
SetTimer
GetPropW
EnableWindow
GetParent
DispatchMessageW
wsprintfW
MonitorFromWindow
RegisterClassW
GetMonitorInfoW
CharNextW
DialogBoxIndirectParamW
SetFocus
SendDlgItemMessageW
ShowWindow
SetDlgItemTextW
GetWindow
CallNextHookEx
PeekMessageW
GetDlgItem
SetWindowsHookExW
UnhookWindowsHookEx
CloseClipboard
IsIconic
SetPropW
GetWindowTextW
GetClassNameW
EmptyClipboard
EndDialog
GetDesktopWindow
EnumChildWindows
OpenClipboard
GetSystemMetrics
DefWindowProcW
UpdateWindow
CreateWindowExW
SetWindowLongW
IsWindowVisible
SendMessageW
SetClipboardData
DestroyWindow
GetMessageW
SetForegroundWindow
LoadCursorW
FindWindowW
TranslateMessage
IsDialogMessageW
RegisterClassExW
CreateDialogIndirectParamW
GetWindowLongW
SetClassLongW

shell32

ord165
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
CommandLineToArgvW

ole32

CLSIDFromString
CLSIDFromProgID
CoUninitialize
OleLockRunning
GetHGlobalFromStream
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateGuid
CoCreateInstance
CoInitialize

wininet

InternetCrackUrlA

shlwapi

PathIsDirectoryW
SHDeleteValueW
PathFileExistsW
PathAppendW
StrStrW
StrStrIW
wnsprintfW
wvnsprintfW
SHGetValueA
PathFindFileNameW
PathRemoveFileSpecW
SHSetValueA
StrChrW
SHGetValueW
SHDeleteKeyW
StrCmpNIW
SHSetValueW
StrChrA
wnsprintfA
wvnsprintfA
SHDeleteValueA
PathFileExistsA
SHCreateStreamOnFileW
StrCatBuffW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ws2_32

WSAGetOverlappedResult
recv
WSAGetLastError
WSARecv
send
closesocket
WSAIoctl
WSACloseEvent
htons
setsockopt
bind
WSACreateEvent
WSAWaitForMultipleEvents
WSAStartup
inet_addr
WSASocketW
connect

dnsapi

DnsFree
DnsQuery_A

imagehlp

ImageGetCertificateData
ImageEnumerateCertificates

crypt32

CertEnumCertificatesInStore
CertCloseStore
CryptDecodeObjectEx
CertGetNameStringW
CryptQueryObject
CryptMsgClose

comctl32

ord17

imm32

ImmReleaseContext
ImmSetCompositionFontW
ImmSetCompositionWindow
ImmGetContext

gdi32

GetTextExtentPoint32W
CreateSolidBrush
CreatePatternBrush
DeleteObject
SetBkMode
SetTextColor
RestoreDC
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
Rectangle
GetStockObject
CreatePen
GetObjectW
GetDeviceCaps
MoveToEx
CreateFontIndirectW
LineTo
StretchBlt
SetBkColor
GdiFlush
SelectClipRgn
CreatePenIndirect
CreateRectRgnIndirect
CombineRgn
ExtTextOutW
GetCharABCWidthsW
SetStretchBltMode
CreateRoundRectRgn
GetClipBox
RoundRect
ExtSelectClipRgn
TextOutW
CreateDIBSection
GetObjectA
SetWindowOrgEx
BitBlt
GetTextMetricsW
DeleteDC
SaveDC

comdlg32

GetOpenFileNameW

advapi32

RegCreateKeyExW
RegEnumValueW
GetUserNameW
RegSetValueExW
RegCloseKey
RegOpenKeyExW

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit

gdiplus

GdipCreateBitmapFromScan0
GdipImageGetFrameCount
GdipImageGetFrameDimensionsCount
GdipGetPropertyItemSize
GdiplusShutdown
GdipDeleteBrush
GdipFree
GdipCloneBrush
GdipCreateFontFromLogfontA
GdipSetStringFormatLineAlign
GdipSetTextRenderingHint
GdipDeleteFont
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipSetStringFormatAlign
GdipGraphicsClear
GdipDrawImage
GdipSetSmoothingMode
GdipGetFamily
GdipDeleteFontFamily
GdipAlloc
GdipDisposeImage
GdipDrawString
GdipCreateFromHDC
GdipSetCompositingQuality
GdipCreateLineBrushI
GdipSetInterpolationMode
GdipCloneImage
GdipCreateStringFormat
GdipSetPixelOffsetMode
GdipDeleteStringFormat
GdipCreateFontFromDC
GdiplusStartup
GdipLoadImageFromStream
GdipGetImageHeight
GdipImageGetFrameDimensionsList
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipGetImageWidth

Exports

Exports

B03800A9

Sections

.text
Size: 528KB - Virtual size: 528KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
compress32.dll
.dll windows:5 windows x86 arch:x86

090c20eca173b09606930e908ad6147d

Code Sign

0f:2d:cc:39:18:5a:9c:0b:9a:4e:98:4b:ba:9b:8e:e3
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:2d:8c:51:24:3c:49:35:1a:b9:89:cc:ef:19:b5:29
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c4:8b:79:ae:27:4e:5d:52:f6:f3:e6:24:96:0e:3a:21:3a:e8:f0:53:cf:0a:44:94:65:cf:16:91:7b:7a:99:bd
Signer

Actual PE Digest

c4:8b:79:ae:27:4e:5d:52:f6:f3:e6:24:96:0e:3a:21:3a:e8:f0:53:cf:0a:44:94:65:cf:16:91:7b:7a:99:bd

Digest Algorithm

sha256

PE Digest Matches

true

5b:66:d0:3a:79:13:7b:eb:0d:40:b9:10:49:79:ff:1f:30:6e:7f:f0
Signer

Actual PE Digest

5b:66:d0:3a:79:13:7b:eb:0d:40:b9:10:49:79:ff:1f:30:6e:7f:f0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

R:\po\trunk\libs\7z\project\CPP\7zip\Bundles\Alone7zDll\Release\compress32.pdb

Imports

kernel32

GetProcAddress
GetModuleHandleW
GetProcessTimes
GetCurrentProcess
GetCommandLineW
SetFileApisToOEM
GetVersionExW
GetTickCount
GetConsoleMode
SetConsoleMode
GetStdHandle
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
LocalFree
FormatMessageW
GetWindowsDirectoryW
GetSystemDirectoryW
CloseHandle
SetFileTime
CreateFileW
SetFileAttributesW
RemoveDirectoryW
MoveFileW
CreateDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTempPathW
SetLastError
GetCurrentProcessId
GetCurrentThreadId
FindClose
FindFirstFileW
FindNextFileW
GetModuleHandleA
GetFileAttributesW
FindCloseChangeNotification
FindFirstChangeNotificationW
GetLogicalDriveStringsW
DeviceIoControl
GetFileSize
SetFilePointer
ReadFile
LoadLibraryW
SetEndOfFile
GetFileInformationByHandle
GetVolumeInformationW
GetDriveTypeW
GetDiskFreeSpaceW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetProcessAffinityMask
GetSystemInfo
GlobalMemoryStatus
DosDateTimeToFileTime
FileTimeToDosDateTime
GetSystemTimeAsFileTime
WaitForMultipleObjects
LocalFileTimeToFileTime
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
OpenEventW
SetProcessAffinityMask
IsProcessorFeaturePresent
QueryPerformanceCounter
VirtualAlloc
VirtualFree
lstrcatW
lstrlenW
InterlockedIncrement
WaitForSingleObject
CreateEventW
SetEvent
ResetEvent
CreateSemaphoreW
ReleaseSemaphore
InitializeCriticalSection
DeleteFileW
Sleep
TerminateThread
VirtualProtect
DisableThreadLibraryCalls
CreateThread
CreatePipe
CompareStringW
CompareStringA
GetTimeZoneInformation
GetLastError
CompareFileTime
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WriteFile
SetConsoleCtrlHandler
GetProcessHeap
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
RaiseException
RtlUnwind
HeapAlloc
HeapFree
HeapReAlloc
ExitThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetStdHandle
GetFileType
GetCommandLineA
SetHandleCount
GetStartupInfoA
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedDecrement
GetCurrentThread
HeapSize
ExitProcess
FatalAppExitA
HeapCreate
HeapDestroy
GetConsoleCP
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoW
GetLocaleInfoA
InterlockedExchange
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetTimeFormatA
SetEnvironmentVariableA

user32

CharUpperW
CharPrevExA

advapi32

GetFileSecurityW
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
SystemFunction036

oleaut32

SysFreeString
VariantCopy
VariantClear
SysAllocStringLen
SysStringLen
SysAllocString

shlwapi

wnsprintfW

Sections

.text
Size: 746KB - Virtual size: 745KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
compress64.dll
.dll windows:5 windows x64 arch:x64

dd424e15339e28d81f474b2a153530a6

Code Sign

0f:2d:cc:39:18:5a:9c:0b:9a:4e:98:4b:ba:9b:8e:e3
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:2d:8c:51:24:3c:49:35:1a:b9:89:cc:ef:19:b5:29
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e4:76:1f:5a:c0:0d:cb:3f:9f:f6:0c:90:56:e7:6e:23:b9:07:80:2e:7f:53:1e:3d:ee:86:f0:a3:28:d9:26:f7
Signer

Actual PE Digest

e4:76:1f:5a:c0:0d:cb:3f:9f:f6:0c:90:56:e7:6e:23:b9:07:80:2e:7f:53:1e:3d:ee:86:f0:a3:28:d9:26:f7

Digest Algorithm

sha256

PE Digest Matches

true

82:fc:3e:6a:77:01:46:4b:f0:9d:58:73:76:f5:61:6c:16:9d:ab:83
Signer

Actual PE Digest

82:fc:3e:6a:77:01:46:4b:f0:9d:58:73:76:f5:61:6c:16:9d:ab:83

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

R:\po\trunk\libs\7z\project\CPP\7zip\Bundles\Alone7zDll\Release\compress64.pdb

Imports

kernel32

GetProcAddress
GetModuleHandleW
GetProcessTimes
GetCurrentProcess
GetCommandLineW
SetFileApisToOEM
GetTickCount
SetConsoleMode
GetConsoleMode
GetStdHandle
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
LocalFree
FormatMessageW
GetWindowsDirectoryW
GetSystemDirectoryW
CloseHandle
SetFileTime
CreateFileW
SetFileAttributesW
RemoveDirectoryW
MoveFileW
CreateDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTempPathW
SetLastError
GetCurrentProcessId
GetCurrentThreadId
FindClose
FindFirstFileW
FindNextFileW
GetModuleHandleA
GetFileAttributesW
FindCloseChangeNotification
FindFirstChangeNotificationW
GetLogicalDriveStringsW
DeviceIoControl
GetFileSize
SetFilePointer
ReadFile
LoadLibraryW
SetEndOfFile
GetFileInformationByHandle
GetVolumeInformationW
GetDriveTypeW
GetDiskFreeSpaceW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetProcessAffinityMask
GetSystemInfo
GlobalMemoryStatusEx
DosDateTimeToFileTime
FileTimeToDosDateTime
GetSystemTimeAsFileTime
WaitForMultipleObjects
LocalFileTimeToFileTime
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
OpenEventW
SetProcessAffinityMask
IsProcessorFeaturePresent
QueryPerformanceCounter
VirtualAlloc
VirtualFree
GetVersionExW
lstrcatW
lstrlenW
WaitForSingleObject
CreateEventW
SetEvent
ResetEvent
CreateSemaphoreW
ReleaseSemaphore
InitializeCriticalSection
DeleteFileW
Sleep
TerminateThread
VirtualProtect
DisableThreadLibraryCalls
CreateThread
CreatePipe
CompareStringW
CompareStringA
GetTimeZoneInformation
GetLastError
CompareFileTime
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WriteFile
SetConsoleCtrlHandler
GetProcessHeap
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetTimeFormatA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapAlloc
HeapFree
HeapReAlloc
ExitThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
SetStdHandle
GetFileType
FlsSetValue
GetCommandLineA
SetHandleCount
GetStartupInfoA
GetModuleFileNameA
EncodePointer
DecodePointer
TlsAlloc
FlsGetValue
FlsFree
GetCurrentThread
FlsAlloc
HeapSize
ExitProcess
HeapSetInformation
HeapCreate
HeapDestroy
FatalAppExitA
GetConsoleCP
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetDateFormatA
SetEnvironmentVariableA

user32

CharUpperW
CharPrevExA

advapi32

GetFileSecurityW
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
SystemFunction036

oleaut32

SysFreeString
VariantCopy
VariantClear
SysAllocStringLen
SysStringLen
SysAllocString

shlwapi

wnsprintfW

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 333KB - Virtual size: 333KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cryptdt.dll
.dll windows:5 windows x86 arch:x86

9e1eee7b1fed8e2191ff082de776d2fa

Code Sign

0f:2d:cc:39:18:5a:9c:0b:9a:4e:98:4b:ba:9b:8e:e3
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:2d:8c:51:24:3c:49:35:1a:b9:89:cc:ef:19:b5:29
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3c:68:9e:36:20:a7:75:91:66:05:c9:00:e7:a9:c9:a7:e3:e4:ef:c1:2f:e8:f2:a2:af:8d:b4:51:80:2b:60:13
Signer

Actual PE Digest

3c:68:9e:36:20:a7:75:91:66:05:c9:00:e7:a9:c9:a7:e3:e4:ef:c1:2f:e8:f2:a2:af:8d:b4:51:80:2b:60:13

Digest Algorithm

sha256

PE Digest Matches

true

b2:a4:ae:41:fc:25:3f:fa:84:79:5a:aa:b4:4a:e5:e8:38:b0:e7:19
Signer

Actual PE Digest

b2:a4:ae:41:fc:25:3f:fa:84:79:5a:aa:b4:4a:e5:e8:38:b0:e7:19

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\nfentry\Release\cryptdt.pdb

Imports

crypt32

CertEnumCertificatesInStore
CertAddEncodedCertificateToStore

kernel32

GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteFile
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize

Exports

Exports

CertAddCertificateContextToStore
CertAddEncodedCertificateToStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateChain
CertFreeCertificateContext
CertGetCertificateChain
CertOpenStore
CertOpenSystemStoreA
CertSetCertificateContextProperty
CertVerifyCertificateChainPolicy
PFXExportCertStoreEx

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ctask32.dll
.dll windows:5 windows x86 arch:x86

f874ff58e45b6fd99e694b422c3632be

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9c:2b:12:2c:c8:4a:60:8c:4b:59:2d:9a:ae:13:19:d3:0c:f4:1d:d9:e8:60:84:c6:c3:7d:77:19:31:ca:76:ed
Signer

Actual PE Digest

9c:2b:12:2c:c8:4a:60:8c:4b:59:2d:9a:ae:13:19:d3:0c:f4:1d:d9:e8:60:84:c6:c3:7d:77:19:31:ca:76:ed

Digest Algorithm

sha256

PE Digest Matches

true

15:f2:83:34:67:77:f6:03:52:8e:f7:2c:cf:99:4f:32:ef:2d:0a:56
Signer

Actual PE Digest

15:f2:83:34:67:77:f6:03:52:8e:f7:2c:cf:99:4f:32:ef:2d:0a:56

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\ctask\Release\ctask32.pdb

Imports

kernel32

GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
DisableThreadLibraryCalls
lstrcmpA
CloseHandle
GetLocalTime
EnterCriticalSection
ReadFile
LeaveCriticalSection
Sleep
InitializeCriticalSection
lstrcpynA
lstrlenA
SetFilePointer
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
HeapAlloc
GetLastError
HeapFree
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
GetModuleFileNameW
lstrlenW
GetModuleHandleA
lstrcpyW
CreateThread
lstrcpyA
CreateFileA
VirtualQuery
SystemTimeToFileTime
Module32FirstW
CreateToolhelp32Snapshot
Module32NextW
WriteConsoleW

shlwapi

SHGetValueA
SHGetValueW
wnsprintfA
SHSetValueW
wvnsprintfA
PathFindFileNameW
wvnsprintfW
SHDeleteValueW
wnsprintfW

advapi32

RegCloseKey
RegOpenKeyExW
RegEnumValueW

Sections

.text
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ctask64.dll
.dll windows:5 windows x64 arch:x64

127407e9351441ce742fa17e3dee0b28

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

88:99:18:56:38:f8:40:61:4b:62:73:9f:dc:07:f8:e1:46:ed:f0:3a:84:bd:5b:68:92:34:ff:2d:13:35:ec:93
Signer

Actual PE Digest

88:99:18:56:38:f8:40:61:4b:62:73:9f:dc:07:f8:e1:46:ed:f0:3a:84:bd:5b:68:92:34:ff:2d:13:35:ec:93

Digest Algorithm

sha256

PE Digest Matches

true

3e:86:0e:d1:ca:57:82:70:b5:f1:29:78:b5:c9:4a:0b:8b:a0:7d:ae
Signer

Actual PE Digest

3e:86:0e:d1:ca:57:82:70:b5:f1:29:78:b5:c9:4a:0b:8b:a0:7d:ae

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\ctask\Release\ctask64.pdb

Imports

kernel32

GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
DisableThreadLibraryCalls
lstrcmpA
CloseHandle
GetLocalTime
EnterCriticalSection
ReadFile
LeaveCriticalSection
Sleep
InitializeCriticalSection
lstrcpynA
Module32NextW
lstrlenA
SetFilePointer
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
HeapAlloc
GetLastError
HeapFree
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
HeapSize
GetModuleHandleW
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
GetModuleFileNameW
lstrlenW
GetModuleHandleA
lstrcpyW
CreateThread
lstrcpyA
CreateFileA
VirtualQuery
SystemTimeToFileTime
Module32FirstW
CreateToolhelp32Snapshot
WriteConsoleW

shlwapi

PathFindFileNameW
SHGetValueA
SHGetValueW
wvnsprintfW
SHSetValueW
wvnsprintfA
wnsprintfA
SHDeleteValueW
wnsprintfW

advapi32

RegCloseKey
RegOpenKeyExW
RegEnumValueW

Sections

.text
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deskmgr32.dll
.dll windows:5 windows x86 arch:x86

77839c6296c9888a14d1ee73bb2d5c53

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:28:83:ce:79:db:3b:57:65:9d:9a:3a:39:a4:f5:43:b4:65:e4:36:7c:94:b5:7f:73:64:08:1a:41:6e:45:47
Signer

Actual PE Digest

08:28:83:ce:79:db:3b:57:65:9d:9a:3a:39:a4:f5:43:b4:65:e4:36:7c:94:b5:7f:73:64:08:1a:41:6e:45:47

Digest Algorithm

sha256

PE Digest Matches

true

5e:70:48:7b:dc:34:71:e2:02:51:18:53:7d:70:77:6e:56:cd:56:72
Signer

Actual PE Digest

5e:70:48:7b:dc:34:71:e2:02:51:18:53:7d:70:77:6e:56:cd:56:72

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\deskmgr\Release\deskmgr32.pdb

Imports

gdiplus

GdipCloneBrush
GdipFree
GdipDeleteBrush
GdipCreateFontFromDC
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCreateLineBrushI
GdipCreateFontFamilyFromName
GdipTranslateWorldTransform
GdipDrawString
GdipDrawImagePointRect
GdipGetGenericFontFamilySansSerif
GdipRotateWorldTransform
GdipCreateFont
GdipDeleteFontFamily
GdipSetStringFormatAlign
GdipDeleteFont
GdipSetTextRenderingHint
GdipSetStringFormatLineAlign
GdipMeasureString
GdipCreateFontFromLogfontA
GdipFillEllipseI
GdipCloneImage
GdipDisposeImage
GdipDrawImageI
GdipCreateSolidFill
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipGetImageWidth
GdipFillRectangleI
GdipCreateFromHDC
GdipAlloc
GdipDrawImageRectI
GdipLoadImageFromFile
GdipSetPageUnit
GdipDrawImageRectRectI
GdipGetImageHeight
GdipDeleteGraphics
GdipGraphicsClear
GdipCreateTexture
GdiplusStartup

kernel32

InitializeCriticalSection
GetVersionExW
LeaveCriticalSection
TerminateProcess
GetProcAddress
EnterCriticalSection
ProcessIdToSessionId
CreateEventW
GetModuleHandleA
GetCurrentProcessId
CreateMutexW
TerminateThread
ReleaseMutex
GetComputerNameW
lstrlenA
DeleteFileW
GetTempPathW
GetExitCodeProcess
Sleep
GetTickCount
OutputDebugStringW
WaitForSingleObject
GetConsoleCP
SetEvent
DisableThreadLibraryCalls
SetFilePointer
lstrcmpA
lstrcpyA
lstrcpyW
LocalFree
Module32NextW
GetConsoleMode
CreateToolhelp32Snapshot
FindNextFileW
lstrcatW
Process32NextW
Module32FirstW
QueryDosDeviceW
Process32FirstW
FindClose
GetCurrentDirectoryW
lstrlenW
lstrcmpW
CreateThread
lstrcmpiW
lstrcmpiA
CloseHandle
GetLocalTime
SetLastError
GetWindowsDirectoryW
GetLastError
FlushFileBuffers
SetStdHandle
WriteConsoleA
CreateFileW
GetModuleFileNameW
ReadFile
FileTimeToSystemTime
GetFileAttributesW
lstrcpynW
LoadLibraryW
OpenProcess
GetProcessHeap
GetLogicalDrives
SystemTimeToFileTime
CreateProcessW
SetEndOfFile
VirtualQuery
FindFirstFileW
CreateFileA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
InterlockedExchange
GetLocaleInfoA
GetLocaleInfoW
LoadLibraryA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapReAlloc
VirtualAlloc
GetConsoleOutputCP
GetFileAttributesExW
GetCurrentThreadId
DeleteCriticalSection
VirtualFree
HeapDestroy
HeapCreate
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
WriteConsoleW
GetCommandLineA
RaiseException
RtlUnwind
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSize

user32

WindowFromPoint
GetUserObjectInformationA
LockWorkStation
OpenInputDesktop
CloseDesktop
GetForegroundWindow
GetClassNameW
IsWindow
GetWindowThreadProcessId
ExitWindowsEx
GetLastInputInfo
ClientToScreen
DestroyWindow
UpdateLayeredWindow
SetTimer
GetTopWindow
PostMessageW
KillTimer
SetParent
GetClientRect
SetPropW
GetDC
GetWindowLongW
PeekMessageW
ReleaseDC
SetWindowLongW
SetWindowPos
ShowWindow
PostThreadMessageW
GetLayeredWindowAttributes
SetWindowTextW
GetPropW
GetWindow
DispatchMessageW
GetWindowRect
FindWindowW
GetSystemMetrics
MessageBoxW
GetMessageW
PostQuitMessage
IsIconic
LoadCursorW
EnumWindows
TranslateMessage
RegisterClassExW
LoadIconW
SystemParametersInfoW
CreateWindowExW
DispatchMessageA
IsWindowVisible
UpdateWindow
DefWindowProcW
FindWindowExW

gdi32

DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetStockObject
GetObjectA

advapi32

ImpersonateLoggedOnUser
GetUserNameW
OpenProcessToken
RegSetValueExW
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyExW
FreeSid
RegEnumValueW
SetEntriesInAclW
AllocateAndInitializeSid
SetFileSecurityW
LookupPrivilegeValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateProcessAsUserW
RegCreateKeyExW

ole32

CoTaskMemFree
CoCreateGuid
CoCreateInstance
CoInitialize

shlwapi

PathAppendW
PathFileExistsW
PathFindFileNameW
StrStrW
StrStrIW
PathIsDirectoryW
wvnsprintfW
SHGetValueA
PathRemoveFileSpecW
StrChrW
SHGetValueW
StrCmpNIW
SHSetValueW
StrChrA
wnsprintfW
wnsprintfA
wvnsprintfA
StrCatW

wtsapi32

WTSRegisterSessionNotification
WTSQueryUserToken
WTSUnRegisterSessionNotification

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

psapi

GetProcessImageFileNameW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
ord165

Exports

Exports

ScreenWatermarkPreviewCloseDots
ScreenWatermarkPreviewClosePicture
ScreenWatermarkPreviewCloseQrcode
ScreenWatermarkPreviewCloseText
ScreenWatermarkPreviewDots
ScreenWatermarkPreviewPicture
ScreenWatermarkPreviewQrcode
ScreenWatermarkPreviewText
Test

Sections

.text
Size: 306KB - Virtual size: 306KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
doced32.dll
.dll windows:5 windows x86 arch:x86

4a050ab1095c2094d5b63bcf81874f85

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

43:49:92:cc:04:d3:ed:3e:34:db:dc:5a:05:da:8d:5c:ac:b4:cf:66:1e:b0:72:47:15:b3:75:44:89:fc:41:0f
Signer

Actual PE Digest

43:49:92:cc:04:d3:ed:3e:34:db:dc:5a:05:da:8d:5c:ac:b4:cf:66:1e:b0:72:47:15:b3:75:44:89:fc:41:0f

Digest Algorithm

sha256

PE Digest Matches

true

37:41:42:2d:63:5a:15:76:0f:5f:67:73:c3:b1:7e:88:b9:2f:bc:b9
Signer

Actual PE Digest

37:41:42:2d:63:5a:15:76:0f:5f:67:73:c3:b1:7e:88:b9:2f:bc:b9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\po\trunk\modules\doced\Release\doced32.pdb

Imports

kernel32

GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
DisableThreadLibraryCalls
lstrcmpA
CreateThread
CloseHandle
GetDiskFreeSpaceExW
lstrcmpiW
GetExitCodeThread
GetLocalTime
SetLastError
GetLastError
CreateFileW
GetModuleFileNameW
ReadFile
GetFileAttributesW
lstrcpynW
Sleep
GetSystemDirectoryW
GetLogicalDrives
WaitForSingleObject
OutputDebugStringW
GetWindowsDirectoryW
MoveFileExW
lstrcpyA
SetFileAttributesW
lstrcpyW
DeleteFileW
GetDriveTypeW
SetFilePointer
GetFileSize
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
HeapAlloc
HeapFree
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
CreateFileA
FindFirstFileW
VirtualQuery
lstrcpynA
SetEndOfFile
SetEvent
GetDriveTypeA
InitializeCriticalSection
OpenProcess
LoadLibraryW
lstrcmpW
lstrlenW
GetTempPathW
GetCurrentDirectoryW
FindClose
Process32FirstW
ProcessIdToSessionId
RemoveDirectoryW
DeviceIoControl
Module32FirstW
Process32NextW
GetModuleHandleA
FindNextFileW
CreateToolhelp32Snapshot
GetFileAttributesExW
OpenEventW
Module32NextW
WriteConsoleW

user32

MessageBoxW

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW
ord165

shlwapi

PathFindExtensionW
wnsprintfW
PathIsDirectoryW
SHGetValueA
PathFindFileNameW
PathRemoveFileSpecW
StrChrW
wvnsprintfW
SHGetValueW
SHSetValueW
StrChrA
wnsprintfA
wvnsprintfA
StrCatW
PathMatchSpecW
PathAppendW
SHDeleteKeyW
PathFileExistsW
StrStrIW
PathAddBackslashW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

advapi32

RegOpenKeyExW
OpenProcessToken
RegCreateKeyExW
CreateProcessAsUserW
RegOpenKeyW
GetUserNameW
RegSetValueExW
RegCloseKey
RegEnumValueW

ole32

CoCreateGuid

Exports

Exports

RunAsUser

Sections

.text
Size: 259KB - Virtual size: 259KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
doced64.dll
.dll windows:5 windows x64 arch:x64

63eaf3c107bfcd395e7b752648c4b154

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:da:5a:a7:a5:4d:ba:22:b4:85:24:7e:ad:f9:65:b0:77:47:bb:39:f7:ea:35:2f:b2:09:d3:1e:f0:03:c8:fb
Signer

Actual PE Digest

0f:da:5a:a7:a5:4d:ba:22:b4:85:24:7e:ad:f9:65:b0:77:47:bb:39:f7:ea:35:2f:b2:09:d3:1e:f0:03:c8:fb

Digest Algorithm

sha256

PE Digest Matches

true

5d:db:1c:dc:67:94:2a:38:11:75:21:6b:db:42:0c:0f:eb:e2:59:d2
Signer

Actual PE Digest

5d:db:1c:dc:67:94:2a:38:11:75:21:6b:db:42:0c:0f:eb:e2:59:d2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\po\trunk\modules\doced\Release\doced64.pdb

Imports

kernel32

GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
DisableThreadLibraryCalls
lstrcmpA
CreateThread
CloseHandle
GetDiskFreeSpaceExW
lstrcmpiW
GetExitCodeThread
GetLocalTime
SetLastError
GetLastError
CreateFileW
GetModuleFileNameW
ReadFile
GetFileAttributesW
lstrcpynW
Sleep
GetSystemDirectoryW
GetLogicalDrives
WaitForSingleObject
OutputDebugStringW
GetWindowsDirectoryW
MoveFileExW
lstrcpyA
SetFileAttributesW
lstrcpyW
DeleteFileW
GetDriveTypeW
SetFilePointer
GetFileSize
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
HeapAlloc
HeapFree
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
HeapSize
GetModuleHandleW
GetProcAddress
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
CreateFileA
FindFirstFileW
VirtualQuery
lstrcpynA
SetEndOfFile
SetEvent
GetDriveTypeA
InitializeCriticalSection
OpenProcess
LoadLibraryW
lstrcmpW
lstrlenW
GetTempPathW
GetCurrentDirectoryW
FindClose
Process32FirstW
ProcessIdToSessionId
RemoveDirectoryW
DeviceIoControl
Module32FirstW
Process32NextW
GetModuleHandleA
FindNextFileW
CreateToolhelp32Snapshot
GetFileAttributesExW
OpenEventW
Module32NextW
WriteConsoleW

user32

MessageBoxW

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW
ord165

shlwapi

wnsprintfW
wvnsprintfW
PathIsDirectoryW
SHGetValueA
PathFindFileNameW
PathRemoveFileSpecW
StrChrW
SHGetValueW
SHSetValueW
StrChrA
wnsprintfA
wvnsprintfA
StrCatW
PathMatchSpecW
PathAppendW
SHDeleteKeyW
PathFileExistsW
StrStrIW
PathAddBackslashW
PathFindExtensionW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

advapi32

RegEnumValueW
RegOpenKeyExW
OpenProcessToken
RegCreateKeyExW
CreateProcessAsUserW
RegOpenKeyW
GetUserNameW
RegSetValueExW
RegCloseKey

ole32

CoCreateGuid

Exports

Exports

RunAsUser

Sections

.text
Size: 367KB - Virtual size: 366KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
docext.dll
.dll windows:5 windows x86 arch:x86

4e533604d563420622f1a0d6da11d6da

Code Sign

0f:2d:cc:39:18:5a:9c:0b:9a:4e:98:4b:ba:9b:8e:e3
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:2d:8c:51:24:3c:49:35:1a:b9:89:cc:ef:19:b5:29
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4d:e5:a0:33:55:bf:16:a6:03:86:0d:2b:12:07:4c:ec:87:8b:86:17:cd:2e:c6:bd:b3:23:21:db:76:b9:56:f6
Signer

Actual PE Digest

4d:e5:a0:33:55:bf:16:a6:03:86:0d:2b:12:07:4c:ec:87:8b:86:17:cd:2e:c6:bd:b3:23:21:db:76:b9:56:f6

Digest Algorithm

sha256

PE Digest Matches

true

72:56:b7:e9:71:a2:7d:1f:df:bb:9b:e4:83:b0:51:05:28:81:c9:3e
Signer

Actual PE Digest

72:56:b7:e9:71:a2:7d:1f:df:bb:9b:e4:83:b0:51:05:28:81:c9:3e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\docscanner\Release\docext.pdb

Imports

kernel32

LocalFree
GetModuleFileNameA
GetFileAttributesW
GetCurrentThread
GetCommandLineW
LoadLibraryExA
LoadLibraryExW
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
ResumeThread
VirtualProtect
InterlockedCompareExchange
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
DisableThreadLibraryCalls
GetModuleFileNameW
ExitProcess
GetCurrentProcessId
OutputDebugStringW
lstrcpyW
VirtualQuery
HeapAlloc
GetCurrentProcess
HeapFree
GetModuleHandleW
GetTickCount
WriteFile
InitializeCriticalSection
WideCharToMultiByte
LeaveCriticalSection
TerminateProcess
GetACP
MultiByteToWideChar
GetLastError
SetLastError
GetProcAddress
EnterCriticalSection
LoadLibraryA
Module32FirstW
GetModuleHandleA
CreateToolhelp32Snapshot
OpenEventW
Module32NextW
CloseHandle
CreateFileA
SetFilePointer
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
Sleep
HeapSize
GetStdHandle
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
VirtualAlloc
FreeLibrary
InterlockedExchange
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle

shell32

CommandLineToArgvW

shlwapi

PathFindFileNameW
wnsprintfA
SHGetValueW
StrCatW
wvnsprintfW
wnsprintfW

Exports

Exports

T1124

Sections

.text
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
docguard32.dll
.dll windows:5 windows x86 arch:x86

06761a50da774bb099353d354bbe643c

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ab:4f:bd:58:66:4c:6e:38:02:5c:33:ee:c6:8e:d2:e0:10:d9:d3:20:26:23:39:dc:7d:11:ef:3e:b3:8a:b0:7a
Signer

Actual PE Digest

ab:4f:bd:58:66:4c:6e:38:02:5c:33:ee:c6:8e:d2:e0:10:d9:d3:20:26:23:39:dc:7d:11:ef:3e:b3:8a:b0:7a

Digest Algorithm

sha256

PE Digest Matches

true

8f:86:25:3a:1b:88:9a:e3:f8:a5:5e:f5:ed:c4:60:74:54:e0:47:77
Signer

Actual PE Digest

8f:86:25:3a:1b:88:9a:e3:f8:a5:5e:f5:ed:c4:60:74:54:e0:47:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\poflt\Release\docguard32.pdb

Imports

kernel32

GetModuleFileNameA
GetLastError
CreateThread
lstrcpynW
Sleep
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
InterlockedExchange
GetLocaleInfoA
GetLocaleInfoW
VirtualAlloc
GetSystemTimeAsFileTime
QueryPerformanceCounter
lstrcpynA
DisableThreadLibraryCalls
lstrcmpiA
CreateFileA
lstrcmpA
FindFirstFileW
VirtualQuery
HeapAlloc
GetCurrentProcess
HeapFree
SetEvent
GetLogicalDrives
GetModuleHandleW
GetTickCount
WriteFile
InitializeCriticalSection
OpenProcess
WideCharToMultiByte
LoadLibraryW
CopyFileW
GetVersionExW
LeaveCriticalSection
TerminateProcess
ReadFile
GetModuleFileNameW
CreateFileW
GetACP
lstrcmpW
MultiByteToWideChar
lstrlenW
GetFileSizeEx
SetLastError
GetProcAddress
EnterCriticalSection
FindClose
GetLocalTime
LoadLibraryA
Process32FirstW
QueryDosDeviceW
DeviceIoControl
Module32FirstW
Process32NextW
lstrcmpiW
GetModuleHandleA
lstrcatW
FindNextFileW
CreateToolhelp32Snapshot
GetFileAttributesExW
OpenEventW
Module32NextW
CloseHandle
DeleteFileW
GetCurrentProcessId
lstrcpyW
lstrcpyA
GetCurrentThreadId
GetSystemDirectoryW
MoveFileW
ExpandEnvironmentStringsW
GetWindowsDirectoryW
OutputDebugStringW
SetFilePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
RaiseException
RtlUnwind
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
GetStdHandle
HeapSize
ExitProcess
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree

user32

GetWindowRect
GetDesktopWindow
IsWindow
MoveWindow
SetTimer
DialogBoxParamW
GetWindowTextA
MessageBoxA
GetDlgItem
EndDialog
SetWindowTextA

shlwapi

StrStrW
wnsprintfW
wvnsprintfW
PathFindExtensionW
PathFindFileNameW
PathFileExistsW
PathAppendW
StrNCatW
StrChrW
SHGetValueW
StrCmpNIW
SHSetValueW
StrChrA
wnsprintfA
wvnsprintfA
PathMatchSpecW
StrCatW
StrStrIA
StrStrIW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

psapi

GetProcessImageFileNameW

advapi32

OpenServiceW
DeleteService
OpenSCManagerW
CreateServiceW
CloseServiceHandle
GetUserNameW
RegCloseKey
RegOpenKeyExW
RegEnumValueW
QueryServiceStatus
StartServiceW

ole32

CoCreateGuid

Exports

Exports

T1

Sections

.text
Size: 268KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
docguard64.dll
.dll windows:5 windows x64 arch:x64

084d0d2d1c9ccc835d6faa1274db0934

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:53:8f:1d:ea:75:17:e4:17:de:d0:cd:f6:6a:69:4d:13:27:1a:66:08:42:86:62:8a:73:74:2a:4c:6f:ba:d4
Signer

Actual PE Digest

19:53:8f:1d:ea:75:17:e4:17:de:d0:cd:f6:6a:69:4d:13:27:1a:66:08:42:86:62:8a:73:74:2a:4c:6f:ba:d4

Digest Algorithm

sha256

PE Digest Matches

true

8c:3c:e1:e9:a5:ec:fb:1e:6c:2d:a6:c5:b5:e8:5a:d7:39:fa:c8:b5
Signer

Actual PE Digest

8c:3c:e1:e9:a5:ec:fb:1e:6c:2d:a6:c5:b5:e8:5a:d7:39:fa:c8:b5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\poflt\Release\docguard64.pdb

Imports

kernel32

GetModuleFileNameA
GetLastError
CreateThread
lstrcpynW
Sleep
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetLocaleInfoW
GetSystemTimeAsFileTime
QueryPerformanceCounter
HeapDestroy
HeapCreate
lstrcpynA
DisableThreadLibraryCalls
lstrcmpiA
CreateFileA
lstrcmpA
FindFirstFileW
VirtualQuery
HeapAlloc
GetCurrentProcess
HeapFree
SetEvent
GetLogicalDrives
GetModuleHandleW
GetTickCount
WriteFile
InitializeCriticalSection
OpenProcess
WideCharToMultiByte
CopyFileW
GetVersionExW
LeaveCriticalSection
TerminateProcess
ReadFile
GetModuleFileNameW
CreateFileW
GetACP
lstrcmpW
MultiByteToWideChar
lstrlenW
GetFileSizeEx
SetLastError
GetProcAddress
EnterCriticalSection
FindClose
GetLocalTime
LoadLibraryA
Process32FirstW
QueryDosDeviceW
DeviceIoControl
Module32FirstW
Process32NextW
lstrcmpiW
GetModuleHandleA
lstrcatW
FindNextFileW
CreateToolhelp32Snapshot
GetFileAttributesExW
OpenEventW
Module32NextW
CloseHandle
DeleteFileW
GetCurrentProcessId
lstrcpyW
lstrcpyA
GetCurrentThreadId
GetSystemDirectoryW
MoveFileW
ExpandEnvironmentStringsW
GetWindowsDirectoryW
OutputDebugStringW
SetFilePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
HeapReAlloc
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
GetStdHandle
HeapSize
ExitProcess
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation

user32

GetWindowRect
GetDesktopWindow
IsWindow
MoveWindow
SetTimer
DialogBoxParamW
GetWindowTextA
MessageBoxA
GetDlgItem
EndDialog
SetWindowTextA

shlwapi

wnsprintfW
wvnsprintfW
PathFindExtensionW
PathFindFileNameW
PathFileExistsW
PathAppendW
StrStrIA
StrStrW
StrNCatW
StrChrW
SHGetValueW
StrCmpNIW
SHSetValueW
StrChrA
wnsprintfA
wvnsprintfA
PathMatchSpecW
StrCatW
StrStrIW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

psapi

GetProcessImageFileNameW

advapi32

OpenServiceW
DeleteService
OpenSCManagerW
CreateServiceW
CloseServiceHandle
GetUserNameW
RegCloseKey
RegOpenKeyExW
RegEnumValueW
QueryServiceStatus
StartServiceW

ole32

CoCreateGuid

Exports

Exports

T1

Sections

.text
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
docscanner32.dll
.dll windows:5 windows x86 arch:x86

a9ba57d3b2d8abf5ba6a7195fa0f2b6a

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:4c:bc:e2:6d:0c:07:40:13:46:7d:d1:09:78:23:95:ef:6e:0e:a9:3f:29:33:01:9a:b4:9e:21:af:e5:98:cc
Signer

Actual PE Digest

31:4c:bc:e2:6d:0c:07:40:13:46:7d:d1:09:78:23:95:ef:6e:0e:a9:3f:29:33:01:9a:b4:9e:21:af:e5:98:cc

Digest Algorithm

sha256

PE Digest Matches

true

8b:0c:91:ed:eb:23:cb:78:8d:65:16:7e:3a:1f:77:c7:e5:13:ba:5c
Signer

Actual PE Digest

8b:0c:91:ed:eb:23:cb:78:8d:65:16:7e:3a:1f:77:c7:e5:13:ba:5c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\po\trunk\modules\docscanner\Release\docscanner32.pdb

Imports

kernel32

lstrcpyW
lstrlenA
GetVolumeInformationW
DebugBreak
TlsAlloc
lstrcpynW
TlsSetValue
TlsGetValue
DisableThreadLibraryCalls
lstrcmpA
DeleteCriticalSection
OpenEventW
SetEvent
DeleteFileW
FileTimeToLocalFileTime
GetFileTime
GetLocalTime
EnterCriticalSection
GetTempPathW
lstrlenW
ReadFile
FileTimeToSystemTime
TerminateProcess
LeaveCriticalSection
WriteFile
SystemTimeToFileTime
SetFilePointer
GetFileSize
Sleep
WaitForSingleObject
CreateThread
CreateIoCompletionPort
lstrcmpiW
CreateEventW
GetLastError
InitializeCriticalSection
ReadDirectoryChangesW
GetQueuedCompletionStatus
GetTickCount
CloseHandle
CreateFileMappingW
GetFileSizeEx
CreateFileW
MoveFileExW
GetWindowsDirectoryW
SetFileAttributesW
Module32NextW
GetFileAttributesExW
CreateToolhelp32Snapshot
FindNextFileW
GetModuleHandleA
Process32NextW
Module32FirstW
DeviceIoControl
QueryDosDeviceW
RemoveDirectoryW
ProcessIdToSessionId
Process32FirstW
FindClose
GetCurrentDirectoryW
lstrcmpW
GetModuleFileNameW
GetFileAttributesW
GetLogicalDrives
GetDriveTypeW
UnmapViewOfFile
MapViewOfFile
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
HeapFree
HeapAlloc
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
HeapReAlloc
GetModuleHandleW
GetProcAddress
ExitProcess
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
LCMapStringW
CompareStringW
LCMapStringA
GetStringTypeW
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
GetStdHandle
GetModuleFileNameA
TlsFree
SetLastError
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
SetEndOfFile
GetProcessHeap
OpenProcess
OutputDebugStringW
lstrcatW
lstrcpyA
FindFirstFileW
VirtualQuery
lstrcpynA
CreateProcessW
GetDriveTypeA
LoadLibraryW

user32

MessageBoxW

advapi32

RegSetValueExW
RegCreateKeyExW
RegCloseKey
OpenProcessToken
CreateProcessAsUserW
RegEnumValueW
RegOpenKeyExW
GetUserNameW

shell32

ord165
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHCreateDirectoryExW

sqlcipher32

sqlite3_close_v2
sqlite3_errcode
sqlite3_open
sqlite3_exec

shlwapi

SHDeleteKeyW
PathIsDirectoryW
StrCmpIW
SHDeleteValueW
PathFindFileNameW
wnsprintfW
PathFileExistsW
PathFindExtensionW
StrStrIW
PathAppendW
StrStrIA
StrChrA
SHSetValueW
StrCmpNIW
PathAddBackslashW
wvnsprintfW
StrNCatW
StrCatW
wnsprintfA
wvnsprintfA
SHGetValueA
PathRemoveFileSpecW
StrChrW
SHGetValueW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

psapi

GetProcessImageFileNameW

iphlpapi

GetExtendedTcpTable

ole32

CoTaskMemFree
CoCreateGuid

Exports

Exports

TestProc

Sections

.text
Size: 477KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
docscanner64.dll
.dll windows:5 windows x64 arch:x64

e3cfc1ac628f2e92deb180c35006e77e

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:8b:cf:4f:39:92:31:d3:23:0d:b0:b9:8c:dd:77:28:b5:27:a8:71:36:65:cc:04:79:6a:cf:94:3e:7d:00:4f
Signer

Actual PE Digest

0c:8b:cf:4f:39:92:31:d3:23:0d:b0:b9:8c:dd:77:28:b5:27:a8:71:36:65:cc:04:79:6a:cf:94:3e:7d:00:4f

Digest Algorithm

sha256

PE Digest Matches

true

5d:5e:75:8e:64:08:29:6d:fe:97:32:83:79:1e:5b:56:ec:87:1c:63
Signer

Actual PE Digest

5d:5e:75:8e:64:08:29:6d:fe:97:32:83:79:1e:5b:56:ec:87:1c:63

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\po\trunk\modules\docscanner\Release\docscanner64.pdb

Imports

kernel32

lstrcpyW
lstrlenA
GetVolumeInformationW
DebugBreak
TlsAlloc
lstrcpynW
TlsSetValue
TlsGetValue
DisableThreadLibraryCalls
lstrcmpA
DeleteCriticalSection
OpenEventW
SetEvent
DeleteFileW
FileTimeToLocalFileTime
GetFileTime
GetLocalTime
EnterCriticalSection
GetTempPathW
lstrlenW
ReadFile
FileTimeToSystemTime
TerminateProcess
LeaveCriticalSection
WriteFile
SystemTimeToFileTime
SetFilePointer
GetFileSize
Sleep
WaitForSingleObject
CreateThread
CreateIoCompletionPort
lstrcmpiW
CreateEventW
GetLastError
InitializeCriticalSection
ReadDirectoryChangesW
GetQueuedCompletionStatus
GetTickCount
CloseHandle
CreateFileMappingW
GetFileSizeEx
CreateFileW
MoveFileExW
GetWindowsDirectoryW
SetFileAttributesW
Module32NextW
GetFileAttributesExW
CreateToolhelp32Snapshot
FindNextFileW
GetModuleHandleA
Process32NextW
Module32FirstW
DeviceIoControl
QueryDosDeviceW
RemoveDirectoryW
ProcessIdToSessionId
Process32FirstW
FindClose
GetCurrentDirectoryW
lstrcmpW
GetModuleFileNameW
GetFileAttributesW
GetLogicalDrives
GetDriveTypeW
UnmapViewOfFile
MapViewOfFile
WideCharToMultiByte
MultiByteToWideChar
HeapFree
HeapAlloc
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
HeapReAlloc
GetModuleHandleW
GetProcAddress
ExitProcess
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
LCMapStringW
CompareStringW
LCMapStringA
GetStringTypeW
HeapSetInformation
HeapCreate
HeapDestroy
GetStdHandle
GetModuleFileNameA
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
SetEndOfFile
GetProcessHeap
OpenProcess
OutputDebugStringW
lstrcatW
lstrcpyA
FindFirstFileW
VirtualQuery
lstrcpynA
CreateProcessW
GetDriveTypeA
LoadLibraryW

user32

MessageBoxW

advapi32

RegSetValueExW
RegCreateKeyExW
RegCloseKey
OpenProcessToken
CreateProcessAsUserW
RegEnumValueW
RegOpenKeyExW
GetUserNameW

shell32

ord165
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHCreateDirectoryExW

sqlcipher64

sqlite3_close_v2
sqlite3_errcode
sqlite3_open
sqlite3_exec

shlwapi

SHDeleteKeyW
PathIsDirectoryW
StrCmpIW
SHDeleteValueW
PathFindFileNameW
wnsprintfW
PathFileExistsW
PathFindExtensionW
StrStrIW
PathAppendW
StrStrIA
StrChrA
SHSetValueW
StrCmpNIW
PathAddBackslashW
wvnsprintfW
StrNCatW
StrCatW
wnsprintfA
wvnsprintfA
SHGetValueA
PathRemoveFileSpecW
StrChrW
SHGetValueW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

psapi

GetProcessImageFileNameW

iphlpapi

GetExtendedTcpTable

ole32

CoTaskMemFree
CoCreateGuid

Exports

Exports

TestProc

Sections

.text
Size: 637KB - Virtual size: 636KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
docwm32.dll
.dll windows:5 windows x86 arch:x86

d8acac33ec0766f7651e94bf011b10ed

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:cb:7a:69:39:83:c5:ae:0f:de:c0:a5:9b:bf:77:6c:3f:e9:a4:a5:65:35:21:d4:0f:9d:13:1e:0f:a9:73:0f
Signer

Actual PE Digest

7c:cb:7a:69:39:83:c5:ae:0f:de:c0:a5:9b:bf:77:6c:3f:e9:a4:a5:65:35:21:d4:0f:9d:13:1e:0f:a9:73:0f

Digest Algorithm

sha256

PE Digest Matches

true

e3:d8:75:9c:2b:37:46:ea:4a:34:ed:9b:e2:21:77:a4:31:15:16:8f
Signer

Actual PE Digest

e3:d8:75:9c:2b:37:46:ea:4a:34:ed:9b:e2:21:77:a4:31:15:16:8f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\docwm\Release\docwm32.pdb

Imports

kernel32

CreateEventW
EnterCriticalSection
GetLastError
LeaveCriticalSection
InitializeCriticalSection
SetEvent
WaitForSingleObject
CreateThread
CloseHandle
RemoveDirectoryW
GetLocalTime
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
DisableThreadLibraryCalls
Sleep
lstrcmpA
CreateFileA
FindFirstFileW
VirtualQuery
CreateProcessW
HeapAlloc
SystemTimeToFileTime
GetCurrentProcess
HeapFree
GetLogicalDrives
GetModuleHandleW
GetTickCount
WriteFile
OpenProcess
WideCharToMultiByte
GetVersionExW
lstrcpynW
GetFileAttributesW
TerminateProcess
FileTimeToSystemTime
ReadFile
GetModuleFileNameW
CreateFileW
GetACP
lstrcmpW
MultiByteToWideChar
lstrlenW
GetCurrentDirectoryW
SetLastError
GetProcAddress
FindClose
LoadLibraryA
Process32FirstW
OpenThread
QueryDosDeviceW
Module32FirstW
Process32NextW
lstrcmpiW
GetModuleHandleA
lstrcatW
FindNextFileW
CreateToolhelp32Snapshot
GetFileAttributesExW
Module32NextW
FileTimeToLocalFileTime
DeleteFileW
GetCurrentProcessId
LocalFree
lstrcpyW
SetFileAttributesW
lstrcpyA
GetCurrentThreadId
GetWindowsDirectoryW
SetFilePointer
InterlockedIncrement
InterlockedExchange
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
RaiseException
RtlUnwind
HeapReAlloc
GetSystemTimeAsFileTime
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedDecrement
HeapSize
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
VirtualAlloc
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetLocaleInfoW
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount

shlwapi

wnsprintfW
PathFileExistsW
StrStrIW
SHDeleteValueW
SHGetValueW
PathAppendW
StrCmpNIW
SHSetValueW
StrChrA
wnsprintfA
wvnsprintfA
PathFindFileNameW
StrStrW
PathIsDirectoryW
wvnsprintfW

psapi

GetProcessImageFileNameW

user32

PostThreadMessageW

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetValueExW
RegCloseKey
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
RegCreateKeyExW

shell32

SHGetSpecialFolderLocation
ord165
SHGetPathFromIDListW

ole32

CoCreateGuid
CoTaskMemFree

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
filedp32.dll
.dll windows:5 windows x86 arch:x86

7b66958a450bc1db41096aa5d3672d3b

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:10:eb:2e:33:c6:44:87:a1:fd:75:2d:6a:c7:4f:bd:d8:2d:97:3a:58:ea:c3:03:39:d1:c5:6c:a9:f2:e1:23
Signer

Actual PE Digest

1a:10:eb:2e:33:c6:44:87:a1:fd:75:2d:6a:c7:4f:bd:d8:2d:97:3a:58:ea:c3:03:39:d1:c5:6c:a9:f2:e1:23

Digest Algorithm

sha256

PE Digest Matches

true

d9:0e:9f:b8:04:f0:53:44:86:91:9f:46:7e:6b:d2:90:7a:37:2c:41
Signer

Actual PE Digest

d9:0e:9f:b8:04:f0:53:44:86:91:9f:46:7e:6b:d2:90:7a:37:2c:41

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\filedp\Release\filedp32.pdb

Imports

kernel32

GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
DisableThreadLibraryCalls
lstrcmpA
CreateThread
lstrcpyW
GetCurrentProcessId
DeleteFileW
CloseHandle
lstrcatW
lstrcmpiW
GetLocalTime
MoveFileW
lstrlenW
CreateFileW
GetModuleFileNameW
ReadFile
GetFileAttributesW
lstrcpynW
CopyFileW
Sleep
GetSystemDirectoryW
GetTickCount
OutputDebugStringW
lstrcpyA
MoveFileExW
SetFilePointer
GetFileSize
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
HeapAlloc
GetLastError
HeapFree
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
CreateFileA
VirtualQuery
CreateProcessW
InitializeCriticalSection
OpenProcess
LoadLibraryW
Process32FirstW
ProcessIdToSessionId
Module32FirstW
Process32NextW
GetModuleHandleA
CreateToolhelp32Snapshot
GetFileAttributesExW
Module32NextW
WriteConsoleW

user32

wsprintfA

shell32

SHCreateDirectoryExW
ShellExecuteW
SHGetSpecialFolderLocation
ord165
SHGetPathFromIDListW

shlwapi

PathIsDirectoryW
PathRemoveFileSpecW
SHGetValueW
wnsprintfW
SHSetValueW
StrChrA
wnsprintfA
wvnsprintfA
StrCatW
PathAppendW
PathFileExistsW
PathFindFileNameW
PathRemoveExtensionW
wvnsprintfW
PathFindExtensionW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

advapi32

OpenProcessToken
CreateProcessAsUserW

ole32

CoCreateGuid
CoTaskMemFree

Exports

Exports

RunAsUser

Sections

.text
Size: 194KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
filedp64.dll
.dll windows:5 windows x64 arch:x64

95434acc44b7a1660cf8164d24086c3c

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:ce:c4:05:64:b5:bf:75:d4:2d:d8:9b:85:54:b7:23:1f:60:b8:30:4d:4a:9b:36:f2:18:b8:c5:e5:1f:f4:46
Signer

Actual PE Digest

70:ce:c4:05:64:b5:bf:75:d4:2d:d8:9b:85:54:b7:23:1f:60:b8:30:4d:4a:9b:36:f2:18:b8:c5:e5:1f:f4:46

Digest Algorithm

sha256

PE Digest Matches

true

ee:73:c0:49:f3:ec:ae:01:8f:55:74:1e:79:e0:52:a5:99:7d:f5:b8
Signer

Actual PE Digest

ee:73:c0:49:f3:ec:ae:01:8f:55:74:1e:79:e0:52:a5:99:7d:f5:b8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\filedp\Release\filedp64.pdb

Imports

kernel32

GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
DisableThreadLibraryCalls
lstrcmpA
CreateThread
lstrcpyW
GetCurrentProcessId
DeleteFileW
CloseHandle
lstrcatW
lstrcmpiW
GetLocalTime
MoveFileW
lstrlenW
CreateFileW
GetModuleFileNameW
ReadFile
GetFileAttributesW
lstrcpynW
CopyFileW
Sleep
GetSystemDirectoryW
GetTickCount
OutputDebugStringW
lstrcpyA
Module32NextW
MoveFileExW
SetFilePointer
GetFileSize
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
HeapAlloc
GetLastError
HeapFree
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
HeapSize
GetModuleHandleW
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
CreateFileA
VirtualQuery
CreateProcessW
InitializeCriticalSection
OpenProcess
LoadLibraryW
Process32FirstW
ProcessIdToSessionId
Module32FirstW
Process32NextW
GetModuleHandleA
CreateToolhelp32Snapshot
GetFileAttributesExW
WriteConsoleW

user32

wsprintfA

shell32

SHCreateDirectoryExW
ShellExecuteW
ord165
SHGetPathFromIDListW
SHGetSpecialFolderLocation

shlwapi

wnsprintfW
PathRemoveFileSpecW
wvnsprintfW
SHGetValueW
SHSetValueW
StrChrA
wnsprintfA
wvnsprintfA
StrCatW
PathAppendW
PathFileExistsW
PathFindFileNameW
PathRemoveExtensionW
PathFindExtensionW
PathIsDirectoryW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

advapi32

OpenProcessToken
CreateProcessAsUserW

ole32

CoTaskMemFree
CoCreateGuid

Exports

Exports

RunAsUser

Sections

.text
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
frcinst32.dll
.dll windows:5 windows x86 arch:x86

559954bbc7aed057a830edd3ce3962db

Code Sign

0f:2d:cc:39:18:5a:9c:0b:9a:4e:98:4b:ba:9b:8e:e3
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:5b:05:21:b0:1f:8f:a1:fd:1e:2a:e0:34:06:d6:ef
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

19/08/2022, 00:00

Not After

20/08/2025, 23:59

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,L=济南市,ST=山东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ef:b0:39:e1:0b:aa:75:26:37:e5:c5:1e:0b:30:8b:91:52:61:1a:ab:f9:e5:61:14:8c:28:39:eb:76:e9:39:d2
Signer

Actual PE Digest

ef:b0:39:e1:0b:aa:75:26:37:e5:c5:1e:0b:30:8b:91:52:61:1a:ab:f9:e5:61:14:8c:28:39:eb:76:e9:39:d2

Digest Algorithm

sha256

PE Digest Matches

true

89:1d:fe:52:29:74:4b:4a:5e:d9:2f:58:bc:f9:3d:a1:3c:72:be:35
Signer

Actual PE Digest

89:1d:fe:52:29:74:4b:4a:5e:d9:2f:58:bc:f9:3d:a1:3c:72:be:35

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\ferryclient\Release\frcinst32.pdb

Imports

kernel32

CloseHandle
DisableThreadLibraryCalls
SetLastError
GetLastError
GetTempPathW
CreateFileW
GetExitCodeProcess
Sleep
WriteFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
OutputDebugStringW
WaitForSingleObject
lstrcmpA
GetStringTypeW
CreateFileA
VirtualQuery
CreateProcessW
HeapAlloc
GetCurrentProcess
HeapFree
GetModuleHandleW
GetTickCount
InitializeCriticalSection
OpenProcess
WideCharToMultiByte
LeaveCriticalSection
lstrcpynW
TerminateProcess
ReadFile
GetModuleFileNameW
GetACP
MultiByteToWideChar
lstrlenW
GetProcAddress
EnterCriticalSection
LoadLibraryA
Process32FirstW
ProcessIdToSessionId
Module32FirstW
Process32NextW
lstrcmpiW
GetModuleHandleA
CreateToolhelp32Snapshot
GetFileAttributesExW
Module32NextW
GetCurrentProcessId
LocalFree
lstrcpyW
lstrcpyA
CreateThread
GetWindowsDirectoryW
SetFilePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
GetStdHandle
GetModuleFileNameA
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
VirtualAlloc
HeapSize
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetLocaleInfoW
GetLocaleInfoA
InterlockedExchange
InitializeCriticalSectionAndSpinCount
GetStringTypeA

shell32

SHGetSpecialFolderPathW

shlwapi

wnsprintfW
wvnsprintfW
PathIsDirectoryW
PathFindFileNameW
SHGetValueW
SHSetValueW
StrChrA
wnsprintfA
wvnsprintfA
PathAppendW
PathFileExistsW
SHDeleteValueW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

advapi32

CreateProcessAsUserW
RegOpenKeyW
OpenProcessToken
RegCloseKey
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
SetFileSecurityW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

ole32

CoCreateGuid

Sections

.text
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
gxdte32.dll
.dll windows:5 windows x86 arch:x86

331c4b81f055c6c65d423e4b26474350

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b9:eb:1e:60:d3:dc:b9:d0:c9:1f:06:85:af:4a:06:50:17:4f:d4:07:ff:1e:0b:31:d4:fa:dc:89:df:1c:23:3a
Signer

Actual PE Digest

b9:eb:1e:60:d3:dc:b9:d0:c9:1f:06:85:af:4a:06:50:17:4f:d4:07:ff:1e:0b:31:d4:fa:dc:89:df:1c:23:3a

Digest Algorithm

sha256

PE Digest Matches

true

8d:9d:75:12:91:9f:52:da:63:23:f5:58:5f:1c:43:a4:f4:cc:de:32
Signer

Actual PE Digest

8d:9d:75:12:91:9f:52:da:63:23:f5:58:5f:1c:43:a4:f4:cc:de:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\gxdte\Release\gxdte32.pdb

Imports

kernel32

FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
RemoveDirectoryW
DisableThreadLibraryCalls
lstrcmpiA
SetLastError
GetTempPathW
OutputDebugStringW
lstrcmpiW
GetLocalTime
Sleep
GetConsoleMode
CreateThread
CloseHandle
CreateEventW
GetFileSize
GetSystemDirectoryW
SetFilePointer
MoveFileW
MoveFileExW
GetWindowsDirectoryW
GetConsoleCP
lstrcmpA
SetFileAttributesW
EnterCriticalSection
GetLastError
lstrcpynW
LeaveCriticalSection
InitializeCriticalSection
SetEvent
WaitForSingleObject
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
HeapAlloc
HeapFree
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
GetModuleFileNameW
lstrlenW
GetModuleHandleA
lstrcpyW
lstrcpyA
CreateFileA
FindFirstFileW
lstrlenA
MapViewOfFile
UnmapViewOfFile
VirtualQuery
lstrcpynA
SetEndOfFile
CreateProcessW
SystemTimeToFileTime
GetLogicalDrives
IsBadReadPtr
OpenProcess
LoadLibraryW
CopyFileW
GetVersionExW
GetFileAttributesW
FileTimeToSystemTime
ReadFile
CreateFileW
lstrcmpW
GetFileSizeEx
GetCurrentDirectoryW
FindClose
Process32FirstW
ProcessIdToSessionId
CreateFileMappingW
QueryDosDeviceW
DeviceIoControl
Module32FirstW
Process32NextW
lstrcatW
FindNextFileW
CreateToolhelp32Snapshot
GetFileAttributesExW
OpenEventW
Module32NextW
FileTimeToLocalFileTime
DeleteFileW
LocalFree
WriteConsoleW

shlwapi

SHDeleteKeyA
SHDeleteValueW
PathFileExistsW
PathFindFileNameW
wnsprintfW
PathAppendW
PathMatchSpecW
StrStrIW
PathIsDirectoryW
wvnsprintfW
wvnsprintfA
PathFindExtensionW
SHGetValueA
StrStrW
PathRemoveFileSpecW
SHSetValueA
StrChrW
SHGetValueW
StrCmpNIW
SHSetValueW
StrChrA
wnsprintfA

version

VerQueryValueW
GetFileVersionInfoW

ws2_32

WSAStartup
sendto
socket

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

psapi

GetProcessImageFileNameW

imagehlp

ImageGetCertificateData
ImageEnumerateCertificates

crypt32

CryptMsgClose
CryptQueryObject
CertGetNameStringW
CryptDecodeObjectEx
CertCloseStore
CertEnumCertificatesInStore

user32

MessageBoxW

advapi32

StartServiceW
QueryServiceStatus
SetFileSecurityW
AllocateAndInitializeSid
SetEntriesInAclW
RegEnumValueW
FreeSid
RegOpenKeyExW
CreateServiceW
CloseServiceHandle
OpenProcessToken
DeleteService
OpenSCManagerW
OpenServiceW
RegCreateKeyExW
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetUserNameW
RegSetValueExW
RegCloseKey

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetSpecialFolderPathW
ord165

ole32

CoCreateGuid
CoTaskMemFree

Sections

.text
Size: 410KB - Virtual size: 409KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
gxdte32.sys
.sys windows:6 windows x86 arch:x86

b54dda27f274df7fcff17a4f3f51d7cb

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b8:72:19:26:90:75:1f:7c:b2:ae:c6:a8:c8:f7:a6:64:17:37:e4:64
Signer

Actual PE Digest

b8:72:19:26:90:75:1f:7c:b2:ae:c6:a8:c8:f7:a6:64:17:37:e4:64

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\po\privates\gxdte\Release\i386\gxdte32.pdb

Imports

ntoskrnl.exe

_allrem
MmForceSectionClosed
CcPurgeCacheSection
MmFlushImageSection
PsTerminateSystemThread
KeSetEvent
KeWaitForSingleObject
ExfInterlockedRemoveHeadList
KeSetPriorityThread
PsCreateSystemThread
KeInitializeEvent
ExfInterlockedInsertTailList
IofCompleteRequest
ExAcquireResourceSharedLite
FsRtlInitializeOplock
FsRtlTeardownPerStreamContexts
_alldiv
PsRevertToSelf
SeImpersonateClient
IoFreeIrp
IofCallDriver
IoAllocateIrp
_allmul
PsDereferenceImpersonationToken
PsDereferencePrimaryToken
SeTokenType
IoQueueWorkItem
SeCreateClientSecurity
IoAllocateWorkItem
sprintf
RtlCopyUnicodeString
MmGetSystemRoutineAddress
ObOpenObjectByPointer
PsLookupProcessByProcessId
IoCreateSymbolicLink
IoCreateDevice
PsSetCreateProcessNotifyRoutine
ExInitializeNPagedLookasideList
ExReinitializeResourceLite
RtlCompareUnicodeString
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
IoGetLowerDeviceObject
KeTickCount
KeBugCheckEx
RtlUnwind
KeDelayExecutionThread
ExSystemTimeToLocalTime
wcsncmp
RtlTimeToTimeFields
RtlUpcaseUnicodeChar
KeQuerySystemTime
MmMapLockedPagesSpecifyCache
IoDriverObjectType
PsGetVersion
ObReferenceObjectByName
InterlockedPushEntrySList
InterlockedPopEntrySList
_wcsicmp
wcsstr
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
ExDeleteResourceLite
ExInitializeResourceLite
CcCanIWrite
CcCopyWrite
ExRaiseStatus
CcInitializeCacheMap
CcSetReadAheadGranularity
CcCopyRead
CcFlushCache
MmCanFileBeTruncated
ExAllocatePoolWithTag
ExFreePoolWithTag
memset
memcpy
PsGetCurrentProcessId
memmove
RtlInitUnicodeString
ZwClose
ObfDereferenceObject
IoCheckShareAccess
IoUpdateShareAccess
IoSetShareAccess
ExIsResourceAcquiredExclusiveLite
KeGetCurrentThread
KeEnterCriticalRegion
KeLeaveCriticalRegion
DbgPrint
CcZeroData
CcSetFileSizes
CcUninitializeCacheMap
IoFreeWorkItem
IoRemoveShareAccess

hal

KeGetCurrentIrql
KeStallExecutionProcessor

fltmgr.sys

FltGetVolumeName
FltGetDeviceObject
FltSetInstanceContext
FltRegisterFilter
FltStartFiltering
FltUnregisterFilter
FltGetFileNameInformation
FltClearCallbackDataDirty
FltGetFileNameInformationUnsafe
FltCheckAndGrowNameControl
FltReleaseFileNameInformation
FltAllocateCallbackData
FltPerformSynchronousIo
FltFreeCallbackData
FltUninitializeOplock
FltUninitializeFileLock
FltInitializeFileLock
FltAcquireResourceShared
FltDecodeParameters
FltAcquireResourceExclusive
FltReleaseResource
FltIsOperationSynchronous
FltCheckLockForWriteAccess
FltSetSecurityObject
FltQuerySecurityObject
FltCheckLockForReadAccess
FltCheckOplock
FltProcessFileLock
FltOplockFsctrl
FltQueryEaFile
FltQueryVolumeInformation
FltQueryVolumeInformationFile
FltDeviceIoControlFile
FltGetVolumeProperties
FltGetRequestorProcessId
FltSetCallbackDataDirty
FltCreateFileEx
FltReadFile
FltClose
FltQueryInformationFile
FltWriteFile
FltSetInformationFile
FltGetInstanceContext
FltReleaseContext
FltAllocateContext

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
gxdte64.dll
.dll windows:5 windows x64 arch:x64

dbda36dbd2ccb9cf8c43c3f43ce776c7

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ec:87:9f:4c:d8:10:e1:96:b7:ed:06:48:1a:d5:d7:3e:13:bf:37:6e:ce:d2:f6:2a:f6:7f:b0:69:7c:93:d4:1d
Signer

Actual PE Digest

ec:87:9f:4c:d8:10:e1:96:b7:ed:06:48:1a:d5:d7:3e:13:bf:37:6e:ce:d2:f6:2a:f6:7f:b0:69:7c:93:d4:1d

Digest Algorithm

sha256

PE Digest Matches

true

ae:0f:94:77:1a:e5:d5:18:a8:d6:23:44:ff:bb:4c:5c:c5:a6:87:58
Signer

Actual PE Digest

ae:0f:94:77:1a:e5:d5:18:a8:d6:23:44:ff:bb:4c:5c:c5:a6:87:58

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\gxdte\Release\gxdte64.pdb

Imports

kernel32

SetStdHandle
WriteConsoleA
GetConsoleOutputCP
RemoveDirectoryW
DisableThreadLibraryCalls
lstrcmpiA
SetLastError
GetTempPathW
OutputDebugStringW
lstrcmpiW
GetLocalTime
Sleep
lstrcmpA
FlushFileBuffers
CloseHandle
CreateEventW
GetFileSize
GetSystemDirectoryW
SetFilePointer
MoveFileW
MoveFileExW
GetWindowsDirectoryW
GetConsoleMode
CreateThread
GetConsoleCP
SetFileAttributesW
LocalFree
EnterCriticalSection
GetLastError
lstrcpynW
LeaveCriticalSection
InitializeCriticalSection
SetEvent
WaitForSingleObject
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
HeapAlloc
HeapFree
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
HeapSize
GetModuleHandleW
GetProcAddress
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
GetModuleFileNameW
lstrlenW
GetModuleHandleA
lstrcpyW
lstrcpyA
CreateFileA
FindFirstFileW
lstrlenA
MapViewOfFile
UnmapViewOfFile
VirtualQuery
lstrcpynA
SetEndOfFile
CreateProcessW
SystemTimeToFileTime
GetLogicalDrives
IsBadReadPtr
OpenProcess
LoadLibraryW
CopyFileW
GetVersionExW
GetFileAttributesW
FileTimeToSystemTime
ReadFile
CreateFileW
lstrcmpW
GetFileSizeEx
GetCurrentDirectoryW
FindClose
Process32FirstW
ProcessIdToSessionId
CreateFileMappingW
QueryDosDeviceW
DeviceIoControl
Module32FirstW
Process32NextW
lstrcatW
FindNextFileW
CreateToolhelp32Snapshot
GetFileAttributesExW
OpenEventW
Module32NextW
FileTimeToLocalFileTime
DeleteFileW
WriteConsoleW

shlwapi

SHDeleteKeyA
PathFileExistsW
PathFindFileNameW
wnsprintfW
PathAppendW
wnsprintfA
PathMatchSpecW
StrStrIW
PathIsDirectoryW
wvnsprintfW
wvnsprintfA
PathFindExtensionW
SHGetValueA
StrStrW
PathRemoveFileSpecW
SHSetValueA
StrChrW
SHGetValueW
StrCmpNIW
SHSetValueW
StrChrA
SHDeleteValueW

version

VerQueryValueW
GetFileVersionInfoW

ws2_32

WSAStartup
sendto
socket

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

psapi

GetProcessImageFileNameW

imagehlp

ImageGetCertificateData
ImageEnumerateCertificates

crypt32

CryptMsgClose
CryptQueryObject
CertGetNameStringW
CryptDecodeObjectEx
CertCloseStore
CertEnumCertificatesInStore

user32

MessageBoxW

advapi32

QueryServiceStatus
SetFileSecurityW
AllocateAndInitializeSid
SetEntriesInAclW
RegEnumValueW
FreeSid
RegOpenKeyExW
CreateServiceW
CloseServiceHandle
OpenProcessToken
DeleteService
OpenSCManagerW
OpenServiceW
RegCreateKeyExW
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetUserNameW
RegSetValueExW
RegCloseKey
StartServiceW

shell32

SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
ord165
SHGetPathFromIDListW

ole32

CoCreateGuid
CoTaskMemFree

Sections

.text
Size: 576KB - Virtual size: 575KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
gxdte64.sys
.sys windows:6 windows x64 arch:x64

7ea2abee883b9e0444b435bc8107407d

Code Sign

33:00:00:00:69:9d:42:c9:76:75:b5:08:82:00:00:00:00:00:69
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/01/2024, 20:09

Not After

10/01/2025, 20:09

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:d4:cd:24:9f:32:43:62:b4:be:19:31:de:28:39:1c:d4:ab:2e:de:09:8f:d5:dc:14:7b:c6:61:1a:51:19:4b
Signer

Actual PE Digest

4e:d4:cd:24:9f:32:43:62:b4:be:19:31:de:28:39:1c:d4:ab:2e:de:09:8f:d5:dc:14:7b:c6:61:1a:51:19:4b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

e:\po\privates\gxdte\Release\amd64\gxdte64.pdb

Imports

ntoskrnl.exe

CcPurgeCacheSection
PsCreateSystemThread
ExInterlockedInsertTailList
PsTerminateSystemThread
KeWaitForSingleObject
ExInterlockedRemoveHeadList
MmForceSectionClosed
IofCompleteRequest
FsRtlTeardownPerStreamContexts
ExAcquireResourceSharedLite
FsRtlInitializeOplock
IoFreeWorkItem
SeCreateClientSecurity
SeImpersonateClient
IoAllocateWorkItem
PsRevertToSelf
PsDereferenceImpersonationToken
KeInitializeEvent
PsDereferencePrimaryToken
SeTokenType
sprintf
RtlCopyUnicodeString
PsLookupProcessByProcessId
MmGetSystemRoutineAddress
ObOpenObjectByPointer
ExInitializeNPagedLookasideList
PsSetCreateProcessNotifyRoutine
IoCreateSymbolicLink
IoCreateDevice
ExReinitializeResourceLite
IoGetLowerDeviceObject
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
RtlCompareUnicodeString
KeBugCheckEx
KeSetEvent
MmFlushImageSection
KeSetPriorityThread
RtlUpcaseUnicodeChar
wcsncmp
PsGetVersion
RtlTimeToTimeFields
ExSystemTimeToLocalTime
MmMapLockedPagesSpecifyCache
KeDelayExecutionThread
ExQueryDepthSList
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExInitializeResourceLite
ExDeleteResourceLite
ExReleaseResourceLite
wcsstr
ExAcquireResourceExclusiveLite
_wcsicmp
CcCanIWrite
CcCopyWrite
CcInitializeCacheMap
CcSetReadAheadGranularity
CcCopyRead
ExRaiseStatus
CcFlushCache
MmCanFileBeTruncated
ExFreePoolWithTag
ExAllocatePoolWithTag
IoSetShareAccess
ObfDereferenceObject
PsGetCurrentProcessId
IoCheckShareAccess
ZwClose
RtlInitUnicodeString
IoUpdateShareAccess
ExIsResourceAcquiredExclusiveLite
CcZeroData
DbgPrint
KeEnterCriticalRegion
IoRemoveShareAccess
CcUninitializeCacheMap
KeLeaveCriticalRegion
IoQueueWorkItem
CcSetFileSizes
__C_specific_handler

hal

KeStallExecutionProcessor

fltmgr.sys

FltAllocateContext
FltSetInstanceContext
FltGetDeviceObject
FltStartFiltering
FltReleaseFileNameInformation
FltRegisterFilter
FltUnregisterFilter
FltGetFileNameInformation
FltGetFileNameInformationUnsafe
FltCheckAndGrowNameControl
FltClearCallbackDataDirty
FltAllocateCallbackData
FltPerformSynchronousIo
FltFreeCallbackData
FltUninitializeFileLock
FltUninitializeOplock
FltInitializeFileLock
FltAcquireResourceShared
FltDecodeParameters
FltAcquireResourceExclusive
FltReleaseResource
FltIsOperationSynchronous
FltCheckLockForWriteAccess
FltQuerySecurityObject
FltSetSecurityObject
FltCheckLockForReadAccess
FltCheckOplock
FltProcessFileLock
FltOplockFsctrl
FltQueryEaFile
FltQueryVolumeInformation
FltQueryVolumeInformationFile
FltDeviceIoControlFile
FltClose
FltCreateFileEx
FltGetVolumeProperties
FltReadFile
FltSetCallbackDataDirty
FltGetRequestorProcessId
FltQueryInformationFile
FltSetInformationFile
FltWriteFile
FltReleaseContext
FltGetInstanceContext
FltGetVolumeName

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
gxdte64_win7.sys
.sys windows:6 windows x64 arch:x64

7ea2abee883b9e0444b435bc8107407d

Code Sign

01
Certificate

Issuer

CN=Microsoft Authenticode(tm) Root Authority,O=MSFT,C=US

Not Before

01/01/1995, 08:00

Not After

31/12/1999, 23:59

Subject

CN=Microsoft Authenticode(tm) Root Authority,O=MSFT,C=US

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:2d:cc:39:18:5a:9c:0b:9a:4e:98:4b:ba:9b:8e:e3
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

79:ad:16:a1:4a:a0:a5:ad:4c:73:58:f4:07:13:2e:65
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

09/05/2001, 23:19

Not After

09/05/2021, 23:28

Subject

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

72:94:04:10:1f:3e:0c:a3:47:83:7f:ca:17:5a:84:38
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/11/2005, 13:46

Not After

01/11/2025, 13:54

Subject

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

b7:98:6c:0f:40:2f:0a:1d:ea:20:59:a1:87:3e:ec:67:9e:97:0d:53
Signer

Actual PE Digest

b7:98:6c:0f:40:2f:0a:1d:ea:20:59:a1:87:3e:ec:67:9e:97:0d:53

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

e:\po\privates\gxdte\Release\amd64\gxdte64.pdb

Imports

ntoskrnl.exe

CcPurgeCacheSection
PsCreateSystemThread
ExInterlockedInsertTailList
PsTerminateSystemThread
KeWaitForSingleObject
ExInterlockedRemoveHeadList
MmForceSectionClosed
IofCompleteRequest
FsRtlTeardownPerStreamContexts
ExAcquireResourceSharedLite
FsRtlInitializeOplock
IoFreeWorkItem
SeCreateClientSecurity
SeImpersonateClient
IoAllocateWorkItem
PsRevertToSelf
PsDereferenceImpersonationToken
KeInitializeEvent
PsDereferencePrimaryToken
SeTokenType
sprintf
RtlCopyUnicodeString
PsLookupProcessByProcessId
MmGetSystemRoutineAddress
ObOpenObjectByPointer
ExInitializeNPagedLookasideList
PsSetCreateProcessNotifyRoutine
IoCreateSymbolicLink
IoCreateDevice
ExReinitializeResourceLite
IoGetLowerDeviceObject
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
RtlCompareUnicodeString
KeBugCheckEx
KeSetEvent
MmFlushImageSection
KeSetPriorityThread
RtlUpcaseUnicodeChar
wcsncmp
PsGetVersion
RtlTimeToTimeFields
ExSystemTimeToLocalTime
MmMapLockedPagesSpecifyCache
KeDelayExecutionThread
ExQueryDepthSList
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExInitializeResourceLite
ExDeleteResourceLite
ExReleaseResourceLite
wcsstr
ExAcquireResourceExclusiveLite
_wcsicmp
CcCanIWrite
CcCopyWrite
CcInitializeCacheMap
CcSetReadAheadGranularity
CcCopyRead
ExRaiseStatus
CcFlushCache
MmCanFileBeTruncated
ExFreePoolWithTag
ExAllocatePoolWithTag
IoSetShareAccess
ObfDereferenceObject
PsGetCurrentProcessId
IoCheckShareAccess
ZwClose
RtlInitUnicodeString
IoUpdateShareAccess
ExIsResourceAcquiredExclusiveLite
CcZeroData
DbgPrint
KeEnterCriticalRegion
IoRemoveShareAccess
CcUninitializeCacheMap
KeLeaveCriticalRegion
IoQueueWorkItem
CcSetFileSizes
__C_specific_handler

hal

KeStallExecutionProcessor

fltmgr.sys

FltAllocateContext
FltSetInstanceContext
FltGetDeviceObject
FltStartFiltering
FltReleaseFileNameInformation
FltRegisterFilter
FltUnregisterFilter
FltGetFileNameInformation
FltGetFileNameInformationUnsafe
FltCheckAndGrowNameControl
FltClearCallbackDataDirty
FltAllocateCallbackData
FltPerformSynchronousIo
FltFreeCallbackData
FltUninitializeFileLock
FltUninitializeOplock
FltInitializeFileLock
FltAcquireResourceShared
FltDecodeParameters
FltAcquireResourceExclusive
FltReleaseResource
FltIsOperationSynchronous
FltCheckLockForWriteAccess
FltQuerySecurityObject
FltSetSecurityObject
FltCheckLockForReadAccess
FltCheckOplock
FltProcessFileLock
FltOplockFsctrl
FltQueryEaFile
FltQueryVolumeInformation
FltQueryVolumeInformationFile
FltDeviceIoControlFile
FltClose
FltCreateFileEx
FltGetVolumeProperties
FltReadFile
FltSetCallbackDataDirty
FltGetRequestorProcessId
FltQueryInformationFile
FltSetInformationFile
FltWriteFile
FltReleaseContext
FltGetInstanceContext
FltGetVolumeName

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
gxonecli.exe
.exe windows:5 windows x86 arch:x86

f24c357bd3105c66366e1a07e440dbef

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

12:7e:de:92:1c:68:96:24:e4:8c:3a:8c:52:9c:5c:5c:d5:aa:12:4f:cb:48:5f:f5:c2:2e:45:49:70:41:96:d6
Signer

Actual PE Digest

12:7e:de:92:1c:68:96:24:e4:8c:3a:8c:52:9c:5c:5c:d5:aa:12:4f:cb:48:5f:f5:c2:2e:45:49:70:41:96:d6

Digest Algorithm

sha256

PE Digest Matches

true

22:6f:d6:22:c9:bc:5f:f2:97:8a:dd:1e:b0:37:91:5e:4a:83:c5:c2
Signer

Actual PE Digest

22:6f:d6:22:c9:bc:5f:f2:97:8a:dd:1e:b0:37:91:5e:4a:83:c5:c2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\po\trunk\modules\gxonecli\Release\gxonecli.pdb

Imports

kernel32

LocalAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateThread
CreateEventW
WaitForSingleObject
GetDiskFreeSpaceExW
lstrlenW
lstrcpynW
GetLogicalDrives
GetDriveTypeW
CloseHandle
lstrcmpiA
GetWindowsDirectoryW
lstrcpyA
SetFileAttributesW
Module32NextW
OpenEventW
GetFileAttributesExW
CreateToolhelp32Snapshot
FindNextFileW
lstrcatW
GetModuleHandleA
Process32NextW
Module32FirstW
DeviceIoControl
QueryDosDeviceW
GetModuleFileNameW
GetModuleHandleW
OutputDebugStringW
Process32FirstW
FindClose
ExitProcess
lstrcpyW
DeleteFileW
GetVersionExW
LocalFree
GetCommandLineW
lstrcmpiW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
HeapAlloc
Sleep
GetProcAddress
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapSize
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetFileSize
ReadFile
CreateFileW
LoadLibraryW
GetCurrentDirectoryW
FreeResource
FindResourceW
LoadResource
SizeofResource
LockResource
DosDateTimeToFileTime
SetFilePointer
SystemTimeToFileTime
MulDiv
GetLocalTime
GlobalLock
GlobalAlloc
GlobalUnlock
CreateFileA
lstrcmpA
FindFirstFileW
lstrlenA
VirtualQuery
lstrcpynA
CreateProcessW
GlobalSize
SetEvent
GetDriveTypeA
InitializeCriticalSection
OpenProcess
CopyFileW
GetFileAttributesW
lstrcmpW
GlobalFree
WriteConsoleW

user32

ReleaseDC
InvalidateRect
IntersectRect
GetDC
GetUpdateRect
PtInRect
BeginPaint
TrackMouseEvent
GetFocus
GetKeyState
KillTimer
SetCapture
EndPaint
MoveWindow
SetWindowTextW
GetCaretBlinkTime
GetCaretPos
GetWindowTextW
GetWindowTextLengthW
SetRect
CharPrevW
DrawTextW
FillRect
SetCaretPos
CreateCaret
GetSysColor
ShowCaret
HideCaret
ClientToScreen
GetGUIThreadInfo
CreateAcceleratorTableW
InvalidateRgn
SetClipboardData
OpenClipboard
GetDesktopWindow
EndDialog
EmptyClipboard
CloseClipboard
GetDlgItem
SetDlgItemTextW
GetDlgItemTextW
SendDlgItemMessageW
DialogBoxIndirectParamW
GetActiveWindow
ReleaseCapture
MapWindowPoints
IsRectEmpty
SetCursor
wvsprintfW
OffsetRect
UnionRect
GetWindowRect
IsIconic
LoadImageW
SetFocus
GetClassInfoExW
wsprintfW
SetPropW
MonitorFromWindow
RegisterClassW
GetMonitorInfoW
CallWindowProcW
GetWindow
CharNextW
IsWindowVisible
MessageBoxW
IsWindow
ShowWindow
GetCursorPos
EnableWindow
GetClientRect
GetParent
ScreenToClient
GetPropW
SetTimer
DestroyIcon
GetIconInfo
SetWindowPos
PostMessageW
GetForegroundWindow
FindWindowW
SetForegroundWindow
DispatchMessageW
DefWindowProcW
UpdateWindow
CreateWindowExW
SetWindowLongW
SetClassLongW
GetWindowLongW
CreateDialogIndirectParamW
LoadIconW
RegisterClassExW
GetSystemMetrics
DestroyWindow
GetMessageW
PostQuitMessage
LoadCursorW
TranslateMessage
IsDialogMessageW
SendMessageW

gdi32

CreateCompatibleBitmap
Rectangle
SaveDC
CreatePen
GetStockObject
GetObjectW
DeleteObject
RestoreDC
CreateCompatibleDC
SelectObject
CreateFontIndirectW
DeleteDC
GetTextMetricsW
BitBlt
SetWindowOrgEx
CreateDIBSection
CreateSolidBrush
GetDeviceCaps
MoveToEx
GetTextExtentPoint32W
LineTo
StretchBlt
SetBkColor
GdiFlush
SelectClipRgn
CreatePenIndirect
CreateRectRgnIndirect
CombineRgn
CreatePatternBrush
SetBkMode
SetTextColor
GetObjectA
TextOutW
ExtSelectClipRgn
RoundRect
ExtTextOutW
GetCharABCWidthsW
SetStretchBltMode
CreateRoundRectRgn
GetClipBox

shell32

ShellExecuteA
ord165
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHOpenFolderAndSelectItems
SHAppBarMessage
SHGetDesktopFolder
CommandLineToArgvW
ord727
SHGetFileInfoW
ShellExecuteW

ole32

GetHGlobalFromStream
CoTaskMemFree
CoCreateGuid
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoUninitialize
OleLockRunning
CoCreateInstance
CoInitialize

gdiplus

GdipSetSmoothingMode
GdipFree
GdipGetImageHeight
GdipCreateBitmapFromHICON
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdiplusStartup
GdipGetImageWidth
GdipCloneImage
GdipBitmapLockBits
GdipSaveImageToFile
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipSetPageUnit
GdipAlloc
GdipGetImageEncodersSize
GdipDisposeImage
GdiplusShutdown
GdipDeleteBrush
GdipCloneBrush
GdipCreateFontFromLogfontA
GdipSetStringFormatLineAlign
GdipSetTextRenderingHint
GdipDeleteFont
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipSetStringFormatAlign
GdipGraphicsClear
GdipDrawImage
GdipImageGetFrameCount
GdipGetFamily
GdipDeleteFontFamily
GdipDrawString
GdipCreateFromHDC
GdipSetCompositingQuality
GdipCreateLineBrushI
GdipSetInterpolationMode
GdipCreateStringFormat
GdipSetPixelOffsetMode
GdipDeleteStringFormat
GdipCreateFontFromDC
GdipLoadImageFromStream
GdipImageGetFrameDimensionsList
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameDimensionsCount
GdipLoadImageFromFile

comctl32

ord17

imm32

ImmSetCompositionWindow
ImmSetCompositionFontW
ImmReleaseContext
ImmGetContext

shlwapi

PathFindFileNameW
PathFileExistsW
SHDeleteValueW
PathIsDirectoryW
PathAppendW
SHCreateStreamOnFileW
PathFileExistsA
StrCatBuffW
wnsprintfW
wvnsprintfW
PathFindExtensionW
SHGetValueA
PathRemoveFileSpecW
StrStrIW
StrChrW
SHGetValueW
SHDeleteKeyW
StrCmpNIW
SHSetValueW
StrChrA
wnsprintfA
StrCmpNIA
wvnsprintfA

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ws2_32

WSAStartup

psapi

GetProcessImageFileNameW

imagehlp

ImageGetCertificateData
ImageEnumerateCertificates

crypt32

CertEnumCertificatesInStore
CertCloseStore
CryptDecodeObjectEx
CertGetNameStringW
CryptQueryObject
CryptMsgClose

comdlg32

GetOpenFileNameW

advapi32

SetEntriesInAclW
RegCreateKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetFileSecurityW
AllocateAndInitializeSid
RegEnumValueW
FreeSid
GetUserNameW
RegSetValueExW
RegCloseKey
RegOpenKeyExW

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit

Sections

.text
Size: 625KB - Virtual size: 624KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hecate32.dll
.dll windows:5 windows x86 arch:x86

d4811082a1a344f30b3f6df3d11a0c2a

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:ea:b4:ad:19:fa:30:a0:92:95:7f:c1:14:c5:36:e0:88:c4:4a:78:47:f2:11:d3:c2:bf:4b:84:51:a7:00:b7
Signer

Actual PE Digest

42:ea:b4:ad:19:fa:30:a0:92:95:7f:c1:14:c5:36:e0:88:c4:4a:78:47:f2:11:d3:c2:bf:4b:84:51:a7:00:b7

Digest Algorithm

sha256

PE Digest Matches

true

d5:55:b0:30:11:09:e1:9d:f2:83:71:ce:19:4f:31:21:9b:be:24:ad
Signer

Actual PE Digest

d5:55:b0:30:11:09:e1:9d:f2:83:71:ce:19:4f:31:21:9b:be:24:ad

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\hecate\Release\hecate32.pdb

Imports

kernel32

CreateThread
OutputDebugStringA
GetModuleHandleA
GetLocalTime
GetProcAddress
FileTimeToSystemTime
lstrcpynW
LoadLibraryW
IsBadReadPtr
OutputDebugStringW
SystemTimeToFileTime
IsBadStringPtrW
CloseHandle
lstrcmpiW
DisableThreadLibraryCalls
MoveFileW
SetLastError
GetLastError
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetStringTypeA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameW
Sleep
lstrcmpA
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateFileA
lstrlenA
VirtualQuery
lstrcpynA
HeapAlloc
GetCurrentProcess
HeapFree
SetEvent
GetModuleHandleW
GetTickCount
WriteFile
TerminateProcess
ReadFile
GetACP
lstrlenW
LoadLibraryA
Process32FirstW
Module32FirstW
Process32NextW
CreateToolhelp32Snapshot
OpenEventW
Module32NextW
GetCurrentProcessId
lstrcpyW
lstrcpyA
GetCurrentThreadId
SetFilePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
ExitProcess
GetCommandLineA
RaiseException
RtlUnwind
GetCPInfo
LCMapStringW
CompareStringW
LCMapStringA
GetStringTypeW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
GetStdHandle
GetModuleFileNameA
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
FreeLibrary
InitializeCriticalSectionAndSpinCount
LocalAlloc

user32

SetTimer
KillTimer
CallNextHookEx
FindWindowW
IsWindow
SetWindowsHookExW
UnhookWindowsHookEx
SendMessageW
GetWindowThreadProcessId

shlwapi

PathFileExistsW
wvnsprintfW
wnsprintfW
SHGetValueW
PathAppendW
StrCmpNIW
SHSetValueW
StrChrA
wnsprintfA
wvnsprintfA
StrCatW
PathFindFileNameW

advapi32

RegOpenKeyW
GetUserNameW
RegCloseKey

ole32

CoCreateGuid

Sections

.text
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hermes32.dll
.dll windows:5 windows x86 arch:x86

71aed7fc193c1355383d32621dca49c4

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

12:33:07:55:4b:65:71:7d:cb:98:bb:3e:57:54:db:d2:f7:be:fc:8c:57:b4:13:ce:13:14:ee:3a:d1:40:35:74
Signer

Actual PE Digest

12:33:07:55:4b:65:71:7d:cb:98:bb:3e:57:54:db:d2:f7:be:fc:8c:57:b4:13:ce:13:14:ee:3a:d1:40:35:74

Digest Algorithm

sha256

PE Digest Matches

true

78:b5:91:57:ee:80:b3:5c:c2:be:f4:8e:15:10:2e:48:72:e7:5e:5f
Signer

Actual PE Digest

78:b5:91:57:ee:80:b3:5c:c2:be:f4:8e:15:10:2e:48:72:e7:5e:5f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\hermes\Release\hermes32.pdb

Imports

kernel32

LocalAlloc
CreateThread
OutputDebugStringA
GetProcAddress
lstrlenW
lstrcpynW
LoadLibraryW
InitializeCriticalSection
IsBadReadPtr
GetModuleHandleW
OutputDebugStringW
CloseHandle
lstrcmpiW
DisableThreadLibraryCalls
MoveFileW
SetLastError
GetLastError
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
InterlockedExchange
FreeLibrary
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
GetModuleFileNameW
Sleep
lstrcmpA
CreateFileA
VirtualQuery
lstrcpynA
HeapAlloc
GetCurrentProcess
HeapFree
SetEvent
GetTickCount
WriteFile
WideCharToMultiByte
LeaveCriticalSection
TerminateProcess
ReadFile
GetACP
MultiByteToWideChar
EnterCriticalSection
GetLocalTime
LoadLibraryA
Process32FirstW
Module32FirstW
Process32NextW
GetModuleHandleA
CreateToolhelp32Snapshot
OpenEventW
Module32NextW
GetCurrentProcessId
lstrcpyW
lstrcpyA
GetCurrentThreadId
SetFilePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCommandLineA
RaiseException
RtlUnwind
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameA
GetTimeZoneInformation
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
VirtualAlloc

user32

GetWindowRect
CallNextHookEx
EnumWindows
GetWindowTextW
GetClassNameW
IsWindow
SetWindowsHookExW
UnhookWindowsHookEx
SendMessageW
GetWindowThreadProcessId

shlwapi

PathFindFileNameW
StrStrIW
wvnsprintfW
SHGetValueW
PathAppendW
SHSetValueW
StrChrA
wnsprintfA
wvnsprintfA
wnsprintfW
PathFileExistsW

advapi32

GetUserNameW

ole32

CoCreateGuid

Sections

.text
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
imagent32.dll
.dll windows:5 windows x86 arch:x86

a3959ab95f75534d5898095abca19045

Code Sign

0f:2d:cc:39:18:5a:9c:0b:9a:4e:98:4b:ba:9b:8e:e3
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:2d:8c:51:24:3c:49:35:1a:b9:89:cc:ef:19:b5:29
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ad:36:ad:b2:0f:05:69:80:1b:8f:41:db:d5:1f:fd:5c:ae:c4:37:81:40:ba:0c:fc:aa:40:62:f4:3f:31:3c:ad
Signer

Actual PE Digest

ad:36:ad:b2:0f:05:69:80:1b:8f:41:db:d5:1f:fd:5c:ae:c4:37:81:40:ba:0c:fc:aa:40:62:f4:3f:31:3c:ad

Digest Algorithm

sha256

PE Digest Matches

true

48:ee:d2:8e:cb:2b:82:f4:e1:67:c2:d4:ad:87:60:ca:4b:56:a3:05
Signer

Actual PE Digest

48:ee:d2:8e:cb:2b:82:f4:e1:67:c2:d4:ad:87:60:ca:4b:56:a3:05

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\Release\imagent32.pdb

Imports

kernel32

WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
CloseHandle
DisableThreadLibraryCalls
lstrcmpA
GetModuleFileNameW
GetProcAddress
lstrcmpiW
GetModuleHandleA
lstrcpyW
lstrcpyA
VirtualQuery
HeapAlloc
GetCurrentProcess
HeapFree
GetLogicalDrives
GetModuleHandleW
GetTickCount
WriteFile
InitializeCriticalSection
OpenProcess
WideCharToMultiByte
LeaveCriticalSection
lstrcpynW
TerminateProcess
ReadFile
GetACP
MultiByteToWideChar
lstrlenW
GetLastError
SetLastError
EnterCriticalSection
LoadLibraryA
Process32FirstW
ProcessIdToSessionId
QueryDosDeviceW
Module32FirstW
Process32NextW
lstrcatW
CreateToolhelp32Snapshot
Module32NextW
GetCurrentProcessId
CreateFileA
SetFilePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
Sleep
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
VirtualAlloc
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
InterlockedExchange
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW

shlwapi

wnsprintfA
wvnsprintfA
wnsprintfW
StrStrIW
SHGetValueW
PathAppendW
StrCmpNIW
SHSetValueW
StrChrA
StrStrW
PathFindFileNameW
wvnsprintfW
PathFileExistsW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

psapi

GetProcessImageFileNameW

advapi32

OpenProcessToken
CreateProcessAsUserW

ole32

CoCreateGuid

Sections

.text
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
imagent64.dll
.dll windows:5 windows x64 arch:x64

2d51c5725da49b503f06a15ab7aefb16

Code Sign

0f:2d:cc:39:18:5a:9c:0b:9a:4e:98:4b:ba:9b:8e:e3
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:2d:8c:51:24:3c:49:35:1a:b9:89:cc:ef:19:b5:29
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

bb:2e:d5:0a:c5:15:9a:50:a0:53:a4:37:b1:23:89:ed:78:23:a8:76:b0:b9:e1:72:7b:ee:ea:cc:12:22:48:21
Signer

Actual PE Digest

bb:2e:d5:0a:c5:15:9a:50:a0:53:a4:37:b1:23:89:ed:78:23:a8:76:b0:b9:e1:72:7b:ee:ea:cc:12:22:48:21

Digest Algorithm

sha256

PE Digest Matches

true

0a:13:09:2a:0c:ce:fb:54:26:49:19:d9:4d:05:a2:2d:95:a3:57:2e
Signer

Actual PE Digest

0a:13:09:2a:0c:ce:fb:54:26:49:19:d9:4d:05:a2:2d:95:a3:57:2e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\po\trunk\modules\Release\imagent64.pdb

Imports

kernel32

WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
CloseHandle
DisableThreadLibraryCalls
lstrcmpA
GetModuleFileNameW
GetProcAddress
lstrcmpiW
GetModuleHandleA
lstrcpyW
lstrcpyA
VirtualQuery
HeapAlloc
GetCurrentProcess
HeapFree
GetLogicalDrives
GetModuleHandleW
GetTickCount
WriteFile
InitializeCriticalSection
OpenProcess
WideCharToMultiByte
LeaveCriticalSection
lstrcpynW
TerminateProcess
ReadFile
GetACP
MultiByteToWideChar
lstrlenW
GetLastError
SetLastError
EnterCriticalSection
LoadLibraryA
Process32FirstW
ProcessIdToSessionId
QueryDosDeviceW
Module32FirstW
Process32NextW
lstrcatW
CreateToolhelp32Snapshot
Module32NextW
GetCurrentProcessId
CreateFileA
SetFilePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
HeapReAlloc
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
Sleep
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW

shlwapi

StrStrW
wnsprintfW
StrStrIW
SHGetValueW
PathAppendW
StrCmpNIW
SHSetValueW
StrChrA
wvnsprintfA
wnsprintfA
PathFindFileNameW
wvnsprintfW
PathFileExistsW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

psapi

GetProcessImageFileNameW

advapi32

OpenProcessToken
CreateProcessAsUserW

ole32

CoCreateGuid

Sections

.text
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
intcap32.dll
.dll windows:5 windows x86 arch:x86

8b0214dfc7011046a466c19c48e14255

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ac:55:5c:f9:0e:1a:fd:1e:51:a3:6e:0b:58:31:ac:0b:67:2b:23:9b:2a:a8:fc:0d:fa:a6:f9:b9:a9:3e:27:ec
Signer

Actual PE Digest

ac:55:5c:f9:0e:1a:fd:1e:51:a3:6e:0b:58:31:ac:0b:67:2b:23:9b:2a:a8:fc:0d:fa:a6:f9:b9:a9:3e:27:ec

Digest Algorithm

sha256

PE Digest Matches

true

08:9d:23:c0:13:78:dc:00:6d:90:ae:77:88:cc:c2:03:8c:56:5d:55
Signer

Actual PE Digest

08:9d:23:c0:13:78:dc:00:6d:90:ae:77:88:cc:c2:03:8c:56:5d:55

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\intcap\Release\intcap32.pdb

Imports

kernel32

GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
lstrcmpA
SetLastError
GetLastError
GetTempPathW
OutputDebugStringW
CreateThread
GetCurrentThreadId
InterlockedExchange
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
lstrlenA
CloseHandle
CreateEventW
lstrcpynW
SetFilePointer
GetWindowsDirectoryW
LocalFree
DeleteFileW
Sleep
SetEvent
WaitForSingleObject
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
RaiseException
RtlUnwind
HeapAlloc
HeapFree
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
GetModuleFileNameW
lstrlenW
lstrcmpiW
GetModuleHandleA
lstrcpyW
lstrcpyA
CreateFileA
VirtualQuery
lstrcpynA
CreateProcessW
GetLogicalDrives
InitializeCriticalSection
OpenProcess
GetFileAttributesW
ReadFile
CreateFileW
GetLocalTime
Process32FirstW
ProcessIdToSessionId
QueryDosDeviceW
Module32FirstW
Process32NextW
lstrcatW
CreateToolhelp32Snapshot
GetFileAttributesExW
OpenEventW
Module32NextW
WriteConsoleW

advapi32

AllocateAndInitializeSid
SetEntriesInAclW
RegEnumValueW
FreeSid
OpenProcessToken
CreateProcessAsUserW
InitializeSecurityDescriptor
GetUserNameW
SetSecurityDescriptorDacl
RegCloseKey
RegOpenKeyExW
SetFileSecurityW

shlwapi

wnsprintfW
SHDeleteValueW
PathFileExistsW
PathAppendW
StrStrIW
SHGetValueW
wnsprintfA
StrCmpNIW
SHSetValueW
StrChrA
StrStrW
PathIsDirectoryW
wvnsprintfA
PathFindFileNameW
wvnsprintfW
PathRemoveFileSpecW

ws2_32

WSAGetOverlappedResult
socket
bind
WSACreateEvent
WSARecvFrom
closesocket
recvfrom
inet_ntoa
WSACloseEvent
WSAWaitForMultipleEvents
htons
sendto

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

psapi

GetProcessImageFileNameW

shell32

ord165

ole32

CoCreateGuid

Sections

.text
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
intcap64.dll
.dll windows:5 windows x64 arch:x64

c39cdb94f494991e7be23eef9065f6be

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:7b:9e:f3:35:e4:77:56:ac:4a:4b:a2:3c:fd:50:b3:65:0a:d0:33:c6:0f:97:7f:72:ce:68:ac:12:98:f1:c3
Signer

Actual PE Digest

38:7b:9e:f3:35:e4:77:56:ac:4a:4b:a2:3c:fd:50:b3:65:0a:d0:33:c6:0f:97:7f:72:ce:68:ac:12:98:f1:c3

Digest Algorithm

sha256

PE Digest Matches

true

2e:a3:2c:26:aa:7c:85:a0:4f:98:83:b6:26:c0:10:3c:1c:d2:5a:b9
Signer

Actual PE Digest

2e:a3:2c:26:aa:7c:85:a0:4f:98:83:b6:26:c0:10:3c:1c:d2:5a:b9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\intcap\Release\intcap64.pdb

Imports

kernel32

GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
lstrcmpA
SetLastError
GetLastError
GetTempPathW
OutputDebugStringW
CreateThread
GetCurrentThreadId
lstrlenA
CloseHandle
CreateEventW
lstrcpynW
SetFilePointer
GetWindowsDirectoryW
LocalFree
DeleteFileW
Sleep
SetEvent
WaitForSingleObject
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
HeapAlloc
HeapFree
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
HeapSize
GetModuleHandleW
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
GetModuleFileNameW
lstrlenW
lstrcmpiW
GetModuleHandleA
lstrcpyW
lstrcpyA
CreateFileA
VirtualQuery
lstrcpynA
CreateProcessW
GetLogicalDrives
InitializeCriticalSection
OpenProcess
GetFileAttributesW
ReadFile
CreateFileW
GetLocalTime
Process32FirstW
ProcessIdToSessionId
QueryDosDeviceW
Module32FirstW
Process32NextW
lstrcatW
CreateToolhelp32Snapshot
GetFileAttributesExW
OpenEventW
Module32NextW
WriteConsoleW

advapi32

SetFileSecurityW
AllocateAndInitializeSid
OpenProcessToken
GetUserNameW
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCloseKey
RegOpenKeyExW
FreeSid
RegEnumValueW
SetEntriesInAclW

shlwapi

wnsprintfW
SHDeleteValueW
PathFileExistsW
PathAppendW
StrStrIW
SHGetValueW
wnsprintfA
StrCmpNIW
SHSetValueW
StrChrA
StrStrW
PathIsDirectoryW
wvnsprintfA
PathFindFileNameW
wvnsprintfW
PathRemoveFileSpecW

ws2_32

WSAGetOverlappedResult
socket
bind
WSACreateEvent
WSARecvFrom
closesocket
recvfrom
inet_ntoa
WSACloseEvent
WSAWaitForMultipleEvents
htons
sendto

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

psapi

GetProcessImageFileNameW

shell32

ord165

ole32

CoCreateGuid

Sections

.text
Size: 288KB - Virtual size: 287KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lang/lang-2052.dll
.dll windows:6 windows x86 arch:x86

Code Sign

0f:2d:cc:39:18:5a:9c:0b:9a:4e:98:4b:ba:9b:8e:e3
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:2d:8c:51:24:3c:49:35:1a:b9:89:cc:ef:19:b5:29
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

b5:90:49:79:f9:14:e7:77:ec:41:e1:69:4a:df:e1:94:81:ac:1d:79:7f:a0:5c:c3:34:0d:0d:6f:e7:65:bf:4a
Signer

Actual PE Digest

b5:90:49:79:f9:14:e7:77:ec:41:e1:69:4a:df:e1:94:81:ac:1d:79:7f:a0:5c:c3:34:0d:0d:6f:e7:65:bf:4a

Digest Algorithm

sha256

PE Digest Matches

true

8e:f7:16:93:5d:43:8d:a5:93:76:8e:ba:36:6d:47:c0:20:c5:3e:a1
Signer

Actual PE Digest

8e:f7:16:93:5d:43:8d:a5:93:76:8e:ba:36:6d:47:c0:20:c5:3e:a1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lang/zh_CN.json
langrp32.dll
.dll windows:5 windows x86 arch:x86

f9223ff8064b955363a1a03459ee76e4

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:ec:1a:5d:21:77:9a:5b:f6:15:e0:45:cf:e4:cc:cb:c8:bb:6b:f1:de:8e:7e:c2:7e:d5:dd:e8:b9:72:f5:f0
Signer

Actual PE Digest

32:ec:1a:5d:21:77:9a:5b:f6:15:e0:45:cf:e4:cc:cb:c8:bb:6b:f1:de:8e:7e:c2:7e:d5:dd:e8:b9:72:f5:f0

Digest Algorithm

sha256

PE Digest Matches

true

32:a1:9e:99:1d:5b:ec:26:51:94:fd:7a:9c:76:9f:1f:ac:e9:e1:27
Signer

Actual PE Digest

32:a1:9e:99:1d:5b:ec:26:51:94:fd:7a:9c:76:9f:1f:ac:e9:e1:27

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\langrp\Release\langrp32.pdb

Imports

kernel32

GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
DeleteFileW
FileTimeToLocalFileTime
GetFileAttributesExW
GetLocalTime
FileTimeToSystemTime
CopyFileW
Sleep
DisableThreadLibraryCalls
lstrcmpA
CreateThread
CloseHandle
EnterCriticalSection
SetFilePointer
GetLastError
LeaveCriticalSection
InitializeCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
HeapAlloc
HeapFree
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
GetModuleFileNameW
lstrlenW
lstrcmpiW
GetModuleHandleA
lstrcpyW
lstrcpyA
GetDriveTypeW
GetLogicalDrives
lstrcpynW
CreateEventW
GetDiskFreeSpaceExW
CreateFileA
lstrlenA
VirtualQuery
SystemTimeToFileTime
WaitForSingleObject
SetEvent
GetDriveTypeA
OpenProcess
GetFileAttributesW
ReadFile
CreateFileW
Process32FirstW
QueryDosDeviceW
DeviceIoControl
Module32FirstW
Process32NextW
lstrcatW
CreateToolhelp32Snapshot
Module32NextW
WriteConsoleW

shlwapi

PathRemoveFileSpecW
SHGetValueW
wnsprintfW
StrCmpNIW
SHSetValueW
PathIsDirectoryW
SHDeleteValueW
PathFileExistsW
wvnsprintfW
PathFindFileNameW
wnsprintfA
StrStrIW
wvnsprintfA
StrStrW

ws2_32

socket
sendto
htons
closesocket
bind
setsockopt
htonl
recvfrom

psapi

GetProcessImageFileNameW

advapi32

RegCloseKey
RegOpenKeyExW
RegEnumValueW

shell32

ord165

ole32

CoCreateGuid

Sections

.text
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
langrp64.dll
.dll windows:5 windows x64 arch:x64

f2a282d7955b42d23c143e62792b9bc4

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

88:87:ea:c3:98:be:84:1a:1e:48:d7:93:d7:75:d6:1e:79:c2:a4:0e:36:8c:25:4f:19:a6:5c:e2:99:25:98:8a
Signer

Actual PE Digest

88:87:ea:c3:98:be:84:1a:1e:48:d7:93:d7:75:d6:1e:79:c2:a4:0e:36:8c:25:4f:19:a6:5c:e2:99:25:98:8a

Digest Algorithm

sha256

PE Digest Matches

true

49:3e:f5:ac:bc:55:4a:21:20:50:a7:15:67:b1:8f:97:64:81:8b:34
Signer

Actual PE Digest

49:3e:f5:ac:bc:55:4a:21:20:50:a7:15:67:b1:8f:97:64:81:8b:34

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\langrp\Release\langrp64.pdb

Imports

kernel32

GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
DeleteFileW
FileTimeToLocalFileTime
GetFileAttributesExW
GetLocalTime
FileTimeToSystemTime
CopyFileW
Sleep
DisableThreadLibraryCalls
lstrcmpA
CreateThread
CloseHandle
EnterCriticalSection
SetFilePointer
Module32NextW
GetLastError
LeaveCriticalSection
InitializeCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
HeapAlloc
HeapFree
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
HeapSize
GetModuleHandleW
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
GetModuleFileNameW
lstrlenW
lstrcmpiW
GetModuleHandleA
lstrcpyW
lstrcpyA
GetDriveTypeW
GetLogicalDrives
lstrcpynW
CreateEventW
GetDiskFreeSpaceExW
CreateFileA
lstrlenA
VirtualQuery
SystemTimeToFileTime
WaitForSingleObject
SetEvent
GetDriveTypeA
OpenProcess
GetFileAttributesW
ReadFile
CreateFileW
Process32FirstW
QueryDosDeviceW
DeviceIoControl
Module32FirstW
Process32NextW
lstrcatW
CreateToolhelp32Snapshot
WriteConsoleW

shlwapi

wnsprintfW
PathRemoveFileSpecW
SHDeleteValueW
StrCmpNIW
SHSetValueW
PathIsDirectoryW
wvnsprintfA
PathFileExistsW
wvnsprintfW
PathFindFileNameW
StrStrIW
SHGetValueW
wnsprintfA
StrStrW

ws2_32

socket
sendto
htons
closesocket
bind
setsockopt
htonl
recvfrom

psapi

GetProcessImageFileNameW

advapi32

RegCloseKey
RegOpenKeyExW
RegEnumValueW

shell32

ord165

ole32

CoCreateGuid

Sections

.text
Size: 272KB - Virtual size: 271KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
leakways32.dll
.dll windows:5 windows x86 arch:x86

17c0d32c2c5aabae4434f50ee3e21a31

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

af:fb:24:9d:8d:8d:cc:b4:fb:c7:d2:74:da:12:63:65:1e:6b:c7:c3:96:93:00:b8:6d:64:9d:cf:53:37:87:61
Signer

Actual PE Digest

af:fb:24:9d:8d:8d:cc:b4:fb:c7:d2:74:da:12:63:65:1e:6b:c7:c3:96:93:00:b8:6d:64:9d:cf:53:37:87:61

Digest Algorithm

sha256

PE Digest Matches

true

cb:84:e6:32:88:be:e0:84:6f:4d:94:c8:3d:71:33:26:58:3f:cc:9c
Signer

Actual PE Digest

cb:84:e6:32:88:be:e0:84:6f:4d:94:c8:3d:71:33:26:58:3f:cc:9c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\po\trunk\modules\leakways\Release\leakways32.pdb

Imports

kernel32

CreateEventW
DisableThreadLibraryCalls
lstrcmpA
GetModuleHandleA
LoadLibraryA
GetProcAddress
SetLastError
GetLastError
GetTempPathW
OutputDebugStringW
CloseHandle
lstrcmpiW
GetWindowsDirectoryW
LocalFree
Module32NextW
OpenEventW
GetFileAttributesExW
CreateToolhelp32Snapshot
FindNextFileW
Process32NextW
Module32FirstW
QueryDosDeviceW
ProcessIdToSessionId
Process32FirstW
GetLocalTime
FindClose
GetCurrentDirectoryW
GetFileSizeEx
lstrcmpW
ReadFile
GetFileAttributesW
GetVersionExW
LoadLibraryW
Sleep
GetDriveTypeA
GetLogicalDrives
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
HeapAlloc
HeapFree
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
InterlockedExchange
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
GetModuleFileNameW
lstrlenW
lstrcpyW
CreateThread
lstrcpyA
lstrcpynA
GetSystemDirectoryW
CopyFileW
lstrcpynW
CreateFileW
MoveFileW
DeviceIoControl
DeleteFileW
FindFirstFileW
VirtualQuery
CreateProcessW
SetEvent
InitializeCriticalSection
OpenProcess

shell32

SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ord165

ole32

StringFromGUID2
CoCreateInstance
CoCreateGuid
CoTaskMemFree
CoInitialize

setupapi

SetupDiGetDeviceInfoListDetailW
SetupDiClassNameFromGuidExW
SetupDiBuildClassInfoListExW
SetupDiGetClassDevsExW
CM_Get_Device_ID_ExW
SetupDiGetClassDescriptionExW
CM_Get_DevNode_Status_Ex
SetupDiGetClassDevsW
CM_Disable_DevNode
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
CM_Get_DevNode_Status
SetupDiGetDeviceRegistryPropertyW

netapi32

NetShareEnum
NetShareDel
NetApiBufferFree

wlanapi

WlanDisconnect
WlanEnumInterfaces
WlanOpenHandle
WlanCloseHandle
WlanQueryInterface
WlanFreeMemory

shlwapi

SHSetValueW
StrCmpNIW
SHGetValueW
StrChrW
PathRemoveFileSpecW
StrNCatW
PathFindExtensionW
PathAddBackslashW
wnsprintfW
PathIsDirectoryW
PathFindFileNameW
PathAppendW
StrStrIW
StrChrA
PathFileExistsW
wvnsprintfW
wnsprintfA
wvnsprintfA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CreateServiceW
CloseServiceHandle
OpenProcessToken
DeleteService
OpenSCManagerW
OpenServiceW
CreateProcessAsUserW
GetUserNameW
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
SetFileSecurityW
QueryServiceStatus
StartServiceW

Sections

.text
Size: 225KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
leakways64.dll
.dll windows:5 windows x64 arch:x64

305b5e8bdf5b26e854b46175f893cf42

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:87:fb:8f:a0:84:00:0d:b8:ed:b6:e5:3a:d2:cb:d8:a5:ba:c1:4f:f1:f0:66:6f:51:08:67:42:fa:c8:a2:5a
Signer

Actual PE Digest

38:87:fb:8f:a0:84:00:0d:b8:ed:b6:e5:3a:d2:cb:d8:a5:ba:c1:4f:f1:f0:66:6f:51:08:67:42:fa:c8:a2:5a

Digest Algorithm

sha256

PE Digest Matches

true

6d:5c:5a:53:c3:f3:56:25:6b:c1:e3:90:b7:e2:01:21:9d:cf:32:c9
Signer

Actual PE Digest

6d:5c:5a:53:c3:f3:56:25:6b:c1:e3:90:b7:e2:01:21:9d:cf:32:c9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\po\trunk\modules\leakways\Release\leakways64.pdb

Imports

kernel32

CreateEventW
DisableThreadLibraryCalls
lstrcmpA
GetModuleHandleA
LoadLibraryA
GetProcAddress
SetLastError
GetLastError
GetTempPathW
OutputDebugStringW
CloseHandle
lstrcmpiW
GetWindowsDirectoryW
LocalFree
Module32NextW
OpenEventW
GetFileAttributesExW
CreateToolhelp32Snapshot
FindNextFileW
Process32NextW
Module32FirstW
QueryDosDeviceW
ProcessIdToSessionId
Process32FirstW
GetLocalTime
FindClose
GetCurrentDirectoryW
GetFileSizeEx
lstrcmpW
ReadFile
GetFileAttributesW
GetVersionExW
Sleep
GetDriveTypeA
GetLogicalDrives
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
HeapAlloc
HeapFree
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
HeapSize
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapReAlloc
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
GetModuleFileNameW
lstrlenW
lstrcpyW
CreateThread
lstrcpyA
lstrcpynA
GetSystemDirectoryW
CopyFileW
lstrcpynW
CreateFileW
MoveFileW
DeviceIoControl
DeleteFileW
FindFirstFileW
VirtualQuery
CreateProcessW
SetEvent
InitializeCriticalSection
OpenProcess

shell32

SHGetSpecialFolderPathW
SHGetPathFromIDListW
ord165
SHGetSpecialFolderLocation

ole32

CoInitialize
StringFromGUID2
CoCreateInstance
CoCreateGuid
CoTaskMemFree

setupapi

CM_Disable_DevNode
SetupDiGetDeviceInfoListDetailW
SetupDiClassNameFromGuidExW
SetupDiBuildClassInfoListExW
SetupDiGetClassDevsExW
CM_Get_Device_ID_ExW
CM_Get_DevNode_Status
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
CM_Get_DevNode_Status_Ex
SetupDiGetClassDevsW
SetupDiGetClassDescriptionExW

netapi32

NetShareEnum
NetApiBufferFree
NetShareDel

wlanapi

WlanCloseHandle
WlanEnumInterfaces
WlanDisconnect
WlanOpenHandle
WlanFreeMemory
WlanQueryInterface

shlwapi

StrChrA
SHSetValueW
StrCmpNIW
SHGetValueW
StrChrW
PathRemoveFileSpecW
StrNCatW
PathFindExtensionW
PathAddBackslashW
wnsprintfW
PathIsDirectoryW
PathFindFileNameW
PathAppendW
StrStrIW
PathFileExistsW
wvnsprintfW
wnsprintfA
wvnsprintfA

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CreateServiceW
CloseServiceHandle
OpenProcessToken
DeleteService
OpenSCManagerW
OpenServiceW
CreateProcessAsUserW
GetUserNameW
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
SetFileSecurityW
QueryServiceStatus
StartServiceW

Sections

.text
Size: 349KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libcrypto-3.dll
.dll windows:6 windows x86 arch:x86

5f9211e3d08e35021939396d29c31164

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9b:13:11:47:26:30:da:8c:3a:11:31:f0:c2:c0:27:28:2d:6b:dc:fc:86:ec:a1:1c:a2:35:51:38:4d:9e:41:e2
Signer

Actual PE Digest

9b:13:11:47:26:30:da:8c:3a:11:31:f0:c2:c0:27:28:2d:6b:dc:fc:86:ec:a1:1c:a2:35:51:38:4d:9e:41:e2

Digest Algorithm

sha256

PE Digest Matches

true

a8:29:c9:e9:08:5a:0b:85:91:8a:08:54:3a:aa:05:e9:15:a3:32:0d
Signer

Actual PE Digest

a8:29:c9:e9:08:5a:0b:85:91:8a:08:54:3a:aa:05:e9:15:a3:32:0d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\projects\projectsJ\nfsdk2_1.6\protocolfilters\openssl\out32dll\libcrypto-3.pdb

Imports

ws2_32

htons
accept
sendto
recvfrom
send
recv
shutdown
socket
setsockopt
listen
connect
closesocket
bind
htonl
WSACleanup
WSAStartup
select
getsockopt
getsockname
ioctlsocket
WSAGetLastError
WSASetLastError
getservbyname
getservbyport
gethostbyname
gethostbyaddr
ntohs
inet_ntoa
inet_addr

advapi32

CryptCreateHash
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
DeregisterEventSource
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertOpenStore
CertGetCertificateContextProperty

user32

GetUserObjectInformationW
MessageBoxW
GetProcessWindowStation

bcrypt

BCryptGenRandom

kernel32

SetFileAttributesW
GetFileAttributesExW
GetModuleFileNameA
HeapSize
LoadLibraryExW
GetModuleFileNameW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
GetStringTypeW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetFullPathNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateFileW
OutputDebugStringW
SetEnvironmentVariableA
GetTimeZoneInformation
SetEndOfFile
GetFullPathNameA
RtlUnwind
FindFirstFileW
GetDriveTypeW
FindFirstFileExW
SetFilePointerEx
SetFilePointer
FlushFileBuffers
SetStdHandle
ConvertThreadToFiberEx
ConvertFiberToThread
CreateFiberEx
DeleteFiber
SwitchToFiber
GetSystemDirectoryA
FreeLibrary
GetProcAddress
FormatMessageA
LoadLibraryA
Sleep
GetSystemTime
SystemTimeToFileTime
GetLastError
SetLastError
CloseHandle
LoadLibraryW
GetEnvironmentVariableW
GetStdHandle
GetFileType
WriteFile
GetVersion
GetModuleHandleW
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetModuleHandleExW
GetSystemInfo
VirtualAlloc
VirtualFree
VirtualProtect
VirtualLock
FindClose
FindNextFileW
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
InterlockedExchangeAdd
InterlockedCompareExchange
InterlockedCompareExchange64
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetConsoleMode
ReadConsoleA
ReadConsoleW
SetConsoleMode
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapFree
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
IsProcessorFeaturePresent
ReadFile
InterlockedExchange
HeapAlloc
EncodePointer
DecodePointer
InterlockedDecrement
ExitProcess
AreFileApisANSI
SetConsoleCtrlHandler
HeapReAlloc
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
FileTimeToSystemTime
GetCommandLineA
GetConsoleCP
InterlockedIncrement
IsValidCodePage
GetOEMCP
GetCPInfo
GetCurrentThread
GetProcessHeap
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
FatalAppExitA
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateSemaphoreW

Exports

Exports

ACCESS_DESCRIPTION_free
ACCESS_DESCRIPTION_it
ACCESS_DESCRIPTION_new
ADMISSIONS_free
ADMISSIONS_get0_admissionAuthority
ADMISSIONS_get0_namingAuthority
ADMISSIONS_get0_professionInfos
ADMISSIONS_it
ADMISSIONS_new
ADMISSIONS_set0_admissionAuthority
ADMISSIONS_set0_namingAuthority
ADMISSIONS_set0_professionInfos
ADMISSION_SYNTAX_free
ADMISSION_SYNTAX_get0_admissionAuthority
ADMISSION_SYNTAX_get0_contentsOfAdmissions
ADMISSION_SYNTAX_it
ADMISSION_SYNTAX_new
ADMISSION_SYNTAX_set0_admissionAuthority
ADMISSION_SYNTAX_set0_contentsOfAdmissions
AES_bi_ige_encrypt
AES_cbc_encrypt
AES_cfb128_encrypt
AES_cfb1_encrypt
AES_cfb8_encrypt
AES_decrypt
AES_ecb_encrypt
AES_encrypt
AES_ige_encrypt
AES_ofb128_encrypt
AES_options
AES_set_decrypt_key
AES_set_encrypt_key
AES_unwrap_key
AES_wrap_key
ASIdOrRange_free
ASIdOrRange_it
ASIdOrRange_new
ASIdentifierChoice_free
ASIdentifierChoice_it
ASIdentifierChoice_new
ASIdentifiers_free
ASIdentifiers_it
ASIdentifiers_new
ASN1_ANY_it
ASN1_BIT_STRING_check
ASN1_BIT_STRING_free
ASN1_BIT_STRING_get_bit
ASN1_BIT_STRING_it
ASN1_BIT_STRING_name_print
ASN1_BIT_STRING_new
ASN1_BIT_STRING_num_asc
ASN1_BIT_STRING_set
ASN1_BIT_STRING_set_asc
ASN1_BIT_STRING_set_bit
ASN1_BMPSTRING_free
ASN1_BMPSTRING_it
ASN1_BMPSTRING_new
ASN1_BOOLEAN_it
ASN1_ENUMERATED_free
ASN1_ENUMERATED_get
ASN1_ENUMERATED_get_int64
ASN1_ENUMERATED_it
ASN1_ENUMERATED_new
ASN1_ENUMERATED_set
ASN1_ENUMERATED_set_int64
ASN1_ENUMERATED_to_BN
ASN1_FBOOLEAN_it
ASN1_GENERALIZEDTIME_adj
ASN1_GENERALIZEDTIME_check
ASN1_GENERALIZEDTIME_dup
ASN1_GENERALIZEDTIME_free
ASN1_GENERALIZEDTIME_it
ASN1_GENERALIZEDTIME_new
ASN1_GENERALIZEDTIME_print
ASN1_GENERALIZEDTIME_set
ASN1_GENERALIZEDTIME_set_string
ASN1_GENERALSTRING_free
ASN1_GENERALSTRING_it
ASN1_GENERALSTRING_new
ASN1_IA5STRING_free
ASN1_IA5STRING_it
ASN1_IA5STRING_new
ASN1_INTEGER_cmp
ASN1_INTEGER_dup
ASN1_INTEGER_free
ASN1_INTEGER_get
ASN1_INTEGER_get_int64
ASN1_INTEGER_get_uint64
ASN1_INTEGER_it
ASN1_INTEGER_new
ASN1_INTEGER_set
ASN1_INTEGER_set_int64
ASN1_INTEGER_set_uint64
ASN1_INTEGER_to_BN
ASN1_ITEM_get
ASN1_ITEM_lookup
ASN1_NULL_free
ASN1_NULL_it
ASN1_NULL_new
ASN1_OBJECT_create
ASN1_OBJECT_free
ASN1_OBJECT_it
ASN1_OBJECT_new
ASN1_OCTET_STRING_NDEF_it
ASN1_OCTET_STRING_cmp
ASN1_OCTET_STRING_dup
ASN1_OCTET_STRING_free
ASN1_OCTET_STRING_it
ASN1_OCTET_STRING_new
ASN1_OCTET_STRING_set
ASN1_PCTX_free
ASN1_PCTX_get_cert_flags
ASN1_PCTX_get_flags
ASN1_PCTX_get_nm_flags
ASN1_PCTX_get_oid_flags
ASN1_PCTX_get_str_flags
ASN1_PCTX_new
ASN1_PCTX_set_cert_flags
ASN1_PCTX_set_flags
ASN1_PCTX_set_nm_flags
ASN1_PCTX_set_oid_flags
ASN1_PCTX_set_str_flags
ASN1_PRINTABLESTRING_free
ASN1_PRINTABLESTRING_it
ASN1_PRINTABLESTRING_new
ASN1_PRINTABLE_free
ASN1_PRINTABLE_it
ASN1_PRINTABLE_new
ASN1_PRINTABLE_type
ASN1_SCTX_free
ASN1_SCTX_get_app_data
ASN1_SCTX_get_flags
ASN1_SCTX_get_item
ASN1_SCTX_get_template
ASN1_SCTX_new
ASN1_SCTX_set_app_data
ASN1_SEQUENCE_ANY_it
ASN1_SEQUENCE_it
ASN1_SET_ANY_it
ASN1_STRING_TABLE_add
ASN1_STRING_TABLE_cleanup
ASN1_STRING_TABLE_get
ASN1_STRING_clear_free
ASN1_STRING_cmp
ASN1_STRING_copy
ASN1_STRING_data
ASN1_STRING_dup
ASN1_STRING_free
ASN1_STRING_get0_data
ASN1_STRING_get_default_mask
ASN1_STRING_length
ASN1_STRING_length_set
ASN1_STRING_new
ASN1_STRING_print
ASN1_STRING_print_ex
ASN1_STRING_print_ex_fp
ASN1_STRING_set
ASN1_STRING_set0
ASN1_STRING_set_by_NID
ASN1_STRING_set_default_mask
ASN1_STRING_set_default_mask_asc
ASN1_STRING_to_UTF8
ASN1_STRING_type
ASN1_STRING_type_new
ASN1_T61STRING_free
ASN1_T61STRING_it
ASN1_T61STRING_new
ASN1_TBOOLEAN_it
ASN1_TIME_adj
ASN1_TIME_check
ASN1_TIME_cmp_time_t
ASN1_TIME_compare
ASN1_TIME_diff
ASN1_TIME_dup
ASN1_TIME_free
ASN1_TIME_it
ASN1_TIME_new
ASN1_TIME_normalize
ASN1_TIME_print
ASN1_TIME_print_ex
ASN1_TIME_set
ASN1_TIME_set_string
ASN1_TIME_set_string_X509
ASN1_TIME_to_generalizedtime
ASN1_TIME_to_tm
ASN1_TYPE_cmp
ASN1_TYPE_free
ASN1_TYPE_get
ASN1_TYPE_get_int_octetstring
ASN1_TYPE_get_octetstring
ASN1_TYPE_new
ASN1_TYPE_pack_sequence
ASN1_TYPE_set
ASN1_TYPE_set1
ASN1_TYPE_set_int_octetstring
ASN1_TYPE_set_octetstring
ASN1_TYPE_unpack_sequence
ASN1_UNIVERSALSTRING_free
ASN1_UNIVERSALSTRING_it
ASN1_UNIVERSALSTRING_new
ASN1_UNIVERSALSTRING_to_string
ASN1_UTCTIME_adj
ASN1_UTCTIME_check
ASN1_UTCTIME_cmp_time_t
ASN1_UTCTIME_dup
ASN1_UTCTIME_free
ASN1_UTCTIME_it
ASN1_UTCTIME_new
ASN1_UTCTIME_print
ASN1_UTCTIME_set
ASN1_UTCTIME_set_string
ASN1_UTF8STRING_free
ASN1_UTF8STRING_it
ASN1_UTF8STRING_new
ASN1_VISIBLESTRING_free
ASN1_VISIBLESTRING_it
ASN1_VISIBLESTRING_new
ASN1_add_oid_module
ASN1_add_stable_module
ASN1_bn_print
ASN1_buf_print
ASN1_check_infinite_end
ASN1_const_check_infinite_end
ASN1_d2i_bio
ASN1_d2i_fp
ASN1_digest
ASN1_dup
ASN1_generate_nconf
ASN1_generate_v3
ASN1_get_object
ASN1_i2d_bio
ASN1_i2d_fp
ASN1_item_d2i
ASN1_item_d2i_bio
ASN1_item_d2i_bio_ex
ASN1_item_d2i_ex
ASN1_item_d2i_fp
ASN1_item_d2i_fp_ex
ASN1_item_digest
ASN1_item_dup
ASN1_item_ex_d2i
ASN1_item_ex_free
ASN1_item_ex_i2d
ASN1_item_ex_new
ASN1_item_free
ASN1_item_i2d
ASN1_item_i2d_bio
ASN1_item_i2d_fp
ASN1_item_i2d_mem_bio
ASN1_item_ndef_i2d
ASN1_item_new
ASN1_item_new_ex
ASN1_item_pack
ASN1_item_print
ASN1_item_sign
ASN1_item_sign_ctx
ASN1_item_sign_ex
ASN1_item_unpack
ASN1_item_verify
ASN1_item_verify_ctx
ASN1_item_verify_ex
ASN1_mbstring_copy
ASN1_mbstring_ncopy
ASN1_object_size
ASN1_parse
ASN1_parse_dump
ASN1_put_eoc
ASN1_put_object
ASN1_sign
ASN1_str2mask
ASN1_tag2bit
ASN1_tag2str
ASN1_verify
ASRange_free
ASRange_it
ASRange_new
ASYNC_WAIT_CTX_clear_fd
ASYNC_WAIT_CTX_free
ASYNC_WAIT_CTX_get_all_fds
ASYNC_WAIT_CTX_get_callback
ASYNC_WAIT_CTX_get_changed_fds
ASYNC_WAIT_CTX_get_fd
ASYNC_WAIT_CTX_get_status
ASYNC_WAIT_CTX_new
ASYNC_WAIT_CTX_set_callback
ASYNC_WAIT_CTX_set_status
ASYNC_WAIT_CTX_set_wait_fd
ASYNC_block_pause
ASYNC_cleanup_thread
ASYNC_get_current_job
ASYNC_get_wait_ctx
ASYNC_init_thread
ASYNC_is_capable
ASYNC_pause_job
ASYNC_start_job
ASYNC_unblock_pause
AUTHORITY_INFO_ACCESS_free
AUTHORITY_INFO_ACCESS_it
AUTHORITY_INFO_ACCESS_new
AUTHORITY_KEYID_free
AUTHORITY_KEYID_it
AUTHORITY_KEYID_new
BASIC_CONSTRAINTS_free
BASIC_CONSTRAINTS_it
BASIC_CONSTRAINTS_new
BF_cbc_encrypt
BF_cfb64_encrypt
BF_decrypt
BF_ecb_encrypt
BF_encrypt
BF_ofb64_encrypt
BF_options
BF_set_key
BIGNUM_it
BIO_ADDRINFO_address
BIO_ADDRINFO_family
BIO_ADDRINFO_free
BIO_ADDRINFO_next
BIO_ADDRINFO_protocol
BIO_ADDRINFO_socktype
BIO_ADDR_clear
BIO_ADDR_family
BIO_ADDR_free
BIO_ADDR_hostname_string
BIO_ADDR_new
BIO_ADDR_path_string
BIO_ADDR_rawaddress
BIO_ADDR_rawmake
BIO_ADDR_rawport
BIO_ADDR_service_string
BIO_accept
BIO_accept_ex
BIO_asn1_get_prefix
BIO_asn1_get_suffix
BIO_asn1_set_prefix
BIO_asn1_set_suffix
BIO_bind
BIO_callback_ctrl
BIO_clear_flags
BIO_closesocket
BIO_connect
BIO_copy_next_retry
BIO_ctrl
BIO_ctrl_get_read_request
BIO_ctrl_get_write_guarantee
BIO_ctrl_pending
BIO_ctrl_reset_read_request
BIO_ctrl_wpending
BIO_debug_callback
BIO_debug_callback_ex
BIO_dgram_non_fatal_error
BIO_do_connect_retry
BIO_dump
BIO_dump_cb
BIO_dump_fp
BIO_dump_indent
BIO_dump_indent_cb
BIO_dump_indent_fp
BIO_dup_chain
BIO_f_asn1
BIO_f_base64
BIO_f_buffer
BIO_f_cipher
BIO_f_linebuffer
BIO_f_md
BIO_f_nbio_test
BIO_f_null
BIO_f_prefix
BIO_f_readbuffer
BIO_f_reliable
BIO_fd_non_fatal_error
BIO_fd_should_retry
BIO_find_type
BIO_free
BIO_free_all
BIO_get_accept_socket
BIO_get_callback
BIO_get_callback_arg
BIO_get_callback_ex
BIO_get_data
BIO_get_ex_data
BIO_get_host_ip
BIO_get_init
BIO_get_line
BIO_get_new_index
BIO_get_port
BIO_get_retry_BIO
BIO_get_retry_reason
BIO_get_shutdown
BIO_gethostbyname
BIO_gets
BIO_hex_string
BIO_indent
BIO_int_ctrl
BIO_listen
BIO_lookup
BIO_lookup_ex
BIO_meth_free
BIO_meth_get_callback_ctrl
BIO_meth_get_create
BIO_meth_get_ctrl
BIO_meth_get_destroy
BIO_meth_get_gets
BIO_meth_get_puts
BIO_meth_get_read
BIO_meth_get_read_ex
BIO_meth_get_write
BIO_meth_get_write_ex
BIO_meth_new
BIO_meth_set_callback_ctrl
BIO_meth_set_create
BIO_meth_set_ctrl
BIO_meth_set_destroy
BIO_meth_set_gets
BIO_meth_set_puts
BIO_meth_set_read
BIO_meth_set_read_ex
BIO_meth_set_write
BIO_meth_set_write_ex
BIO_method_name
BIO_method_type
BIO_new
BIO_new_CMS
BIO_new_NDEF
BIO_new_PKCS7
BIO_new_accept
BIO_new_bio_pair
BIO_new_connect
BIO_new_dgram
BIO_new_ex
BIO_new_fd
BIO_new_file
BIO_new_fp
BIO_new_from_core_bio
BIO_new_mem_buf
BIO_new_socket
BIO_next
BIO_nread
BIO_nread0
BIO_number_read
BIO_number_written
BIO_nwrite
BIO_nwrite0
BIO_parse_hostserv
BIO_pop
BIO_printf
BIO_ptr_ctrl
BIO_push
BIO_puts
BIO_read
BIO_read_ex
BIO_s_accept
BIO_s_bio
BIO_s_connect
BIO_s_core
BIO_s_datagram
BIO_s_fd
BIO_s_file
BIO_s_log
BIO_s_mem
BIO_s_null
BIO_s_secmem
BIO_s_socket
BIO_set_callback
BIO_set_callback_arg
BIO_set_callback_ex
BIO_set_cipher
BIO_set_data
BIO_set_ex_data
BIO_set_flags
BIO_set_init
BIO_set_next
BIO_set_retry_reason
BIO_set_shutdown
BIO_set_tcp_ndelay
BIO_snprintf
BIO_sock_error
BIO_sock_info
BIO_sock_init
BIO_sock_non_fatal_error
BIO_sock_should_retry
BIO_socket
BIO_socket_ioctl
BIO_socket_nbio
BIO_socket_wait
BIO_test_flags
BIO_up_ref
BIO_vfree
BIO_vprintf
BIO_vsnprintf
BIO_wait
BIO_write
BIO_write_ex
BN_BLINDING_convert
BN_BLINDING_convert_ex
BN_BLINDING_create_param
BN_BLINDING_free
BN_BLINDING_get_flags
BN_BLINDING_invert
BN_BLINDING_invert_ex

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 844KB - Virtual size: 844KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libcurl32.dll
.dll windows:5 windows x86 arch:x86

9b3e7aeb251685658b5586e13849c1cc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:2d:cc:39:18:5a:9c:0b:9a:4e:98:4b:ba:9b:8e:e3
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:2d:8c:51:24:3c:49:35:1a:b9:89:cc:ef:19:b5:29
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4a:bb:f7:45:d1:ce:20:eb:eb:ec:9c:fa:b9:fb:8a:6a:7c:e0:f7:9e:f1:0d:ee:0f:8f:ed:3e:df:97:13:0b:e4
Signer

Actual PE Digest

4a:bb:f7:45:d1:ce:20:eb:eb:ec:9c:fa:b9:fb:8a:6a:7c:e0:f7:9e:f1:0d:ee:0f:8f:ed:3e:df:97:13:0b:e4

Digest Algorithm

sha256

PE Digest Matches

true

28:7c:fd:69:70:e9:7c:28:d7:0d:ad:3c:3c:e5:a9:fa:d4:ae:a6:4d
Signer

Actual PE Digest

28:7c:fd:69:70:e9:7c:28:d7:0d:ad:3c:3c:e5:a9:fa:d4:ae:a6:4d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\libs\libcurl-7.26\Release\libcurl32.pdb

Imports

kernel32

InitializeCriticalSection
LeaveCriticalSection
GetLastError
SetLastError
EnterCriticalSection
DeleteCriticalSection
SleepEx
FreeLibrary
GetModuleHandleW
LoadLibraryW
GetFileAttributesW
GetModuleFileNameW
GetSystemDirectoryA
GetProcAddress
LoadLibraryA
GetModuleHandleA
OutputDebugStringA
GetVersion
WaitForSingleObject
CloseHandle
MultiByteToWideChar
ExpandEnvironmentStringsA
Sleep
FormatMessageA
PeekNamedPipe
ReadFile
GetStdHandle
GetFileType
WaitForMultipleObjects
GetTickCount
HeapSize
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
CreateFileA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetProcessHeap
SetEndOfFile
FlushFileBuffers
LCMapStringW
LCMapStringA
GetFullPathNameW
GetCurrentDirectoryA
GetFullPathNameA
GetConsoleMode
GetConsoleCP
SetStdHandle
GetModuleFileNameA
WriteFile
VirtualAlloc
VirtualFree
HeapDestroy
HeapCreate
RtlUnwind
ExitProcess
GetStartupInfoA
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCommandLineA
WideCharToMultiByte
CreateFileW
FindFirstFileW
GetDriveTypeW
FindFirstFileA
GetDriveTypeA
FindClose
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
SetFilePointer
HeapReAlloc
HeapAlloc
CreateThread
GetCurrentThreadId
ExitThread
HeapFree
GetSystemTimeAsFileTime

wldap32

ord22
ord26
ord79
ord166
ord207
ord146
ord215
ord126
ord144
ord27
ord301
ord211
ord141
ord46
ord132
ord41

ws2_32

gethostbyname
getpeername
connect
htons
ntohs
getsockname
gethostbyaddr
recv
bind
socket
WSASetLastError
closesocket
getsockopt
WSAGetLastError
getservbyname
getservbyport
htonl
inet_addr
inet_ntoa
gethostname
WSACleanup
WSAStartup
accept
listen
ioctlsocket
__WSAFDIsSet
send
sendto
setsockopt
recvfrom
select

libeay32

ord2604
ord224
ord2454
ord656
ord280
ord579
ord1951
ord222
ord181
ord1958
ord544
ord467
ord78
ord625
ord391
ord227
ord52
ord120
ord654
ord641
ord2075
ord1180
ord298
ord281
ord95
ord188
ord18
ord657
ord7
ord2023
ord808
ord2437
ord809
ord2435
ord784
ord2436
ord342
ord464
ord341
ord340
ord2254
ord2291
ord66
ord2596
ord223
ord680
ord151
ord542
ord2442
ord556
ord979
ord1216
ord566
ord4445
ord2431
ord653
ord1
ord1653
ord958
ord1654
ord248
ord3212
ord578
ord421
ord466
ord1015

ssleay32

ord74
ord60
ord90
ord43
ord21
ord5
ord87
ord15
ord76
ord242
ord110
ord183
ord86
ord126
ord78
ord8
ord48
ord108
ord12
ord30
ord235
ord24
ord127
ord96
ord17
ord77
ord243
ord222
ord172
ord49
ord75
ord141
ord130
ord58
ord61
ord180
ord116
ord6
ord157
ord31
ord45

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_version
curl_version_info

Sections

.text
Size: 319KB - Virtual size: 319KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libcurl64.dll
.dll windows:5 windows x64 arch:x64

234b971b2319ad2560c54bf20998aba0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:2d:cc:39:18:5a:9c:0b:9a:4e:98:4b:ba:9b:8e:e3
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:2d:8c:51:24:3c:49:35:1a:b9:89:cc:ef:19:b5:29
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d3:41:e8:b6:e8:c4:bc:91:50:a5:0a:35:41:ce:d3:04:3d:f4:fc:ef:40:a7:70:53:d6:bd:48:3b:29:9e:be:a0
Signer

Actual PE Digest

d3:41:e8:b6:e8:c4:bc:91:50:a5:0a:35:41:ce:d3:04:3d:f4:fc:ef:40:a7:70:53:d6:bd:48:3b:29:9e:be:a0

Digest Algorithm

sha256

PE Digest Matches

true

d9:d3:7e:90:91:3b:4d:ed:ca:6a:15:ed:a1:45:d1:2f:4e:c1:ae:0e
Signer

Actual PE Digest

d9:d3:7e:90:91:3b:4d:ed:ca:6a:15:ed:a1:45:d1:2f:4e:c1:ae:0e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\po\trunk\libs\libcurl-7.26\Release\libcurl64.pdb

Imports

kernel32

InitializeCriticalSection
LeaveCriticalSection
GetLastError
SetLastError
EnterCriticalSection
DeleteCriticalSection
SleepEx
FreeLibrary
GetModuleHandleExW
QueryActCtxW
CreateActCtxW
ActivateActCtx
LoadLibraryW
GetModuleFileNameW
GetSystemDirectoryA
DeactivateActCtx
GetProcAddress
LoadLibraryA
OutputDebugStringA
FindActCtxSectionStringW
WaitForSingleObject
CloseHandle
MultiByteToWideChar
ExpandEnvironmentStringsA
Sleep
FormatMessageA
PeekNamedPipe
ReadFile
GetStdHandle
GetFileType
WaitForMultipleObjects
GetTickCount
HeapSize
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
CreateFileA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetProcessHeap
SetEndOfFile
FlushFileBuffers
LCMapStringW
LCMapStringA
GetFullPathNameW
GetCurrentDirectoryA
GetFullPathNameA
GetConsoleMode
GetConsoleCP
SetStdHandle
GetModuleFileNameA
WriteFile
HeapDestroy
HeapCreate
HeapSetInformation
ExitProcess
GetModuleHandleW
GetStartupInfoA
SetHandleCount
RtlUnwindEx
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FlsAlloc
FlsFree
FlsGetValue
DecodePointer
EncodePointer
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCommandLineA
FlsSetValue
WideCharToMultiByte
CreateFileW
FindFirstFileW
GetDriveTypeW
FindFirstFileA
GetDriveTypeA
FindClose
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
SetFilePointer
HeapReAlloc
HeapAlloc
CreateThread
GetCurrentThreadId
ExitThread
HeapFree
GetSystemTimeAsFileTime

wldap32

ord22
ord26
ord79
ord166
ord207
ord146
ord215
ord126
ord144
ord27
ord301
ord211
ord141
ord46
ord132
ord41

ws2_32

gethostbyname
getpeername
connect
htons
ntohs
getsockname
gethostbyaddr
recv
bind
socket
WSASetLastError
closesocket
getsockopt
WSAGetLastError
getservbyname
getservbyport
htonl
inet_addr
inet_ntoa
gethostname
WSACleanup
WSAStartup
accept
listen
ioctlsocket
__WSAFDIsSet
send
sendto
setsockopt
recvfrom
select

libeay64

ord656
ord280
ord579
ord1951
ord222
ord181
ord1958
ord544
ord467
ord78
ord625
ord391
ord227
ord52
ord120
ord654
ord641
ord2075
ord2454
ord298
ord281
ord95
ord188
ord18
ord657
ord7
ord2023
ord808
ord2437
ord809
ord2435
ord784
ord2436
ord342
ord464
ord341
ord340
ord2254
ord2291
ord66
ord2596
ord223
ord680
ord151
ord542
ord2442
ord556
ord979
ord1216
ord566
ord4445
ord2431
ord653
ord1
ord1653
ord958
ord1654
ord248
ord3212
ord578
ord421
ord466
ord1180
ord2604
ord224
ord1015

ssleay64

ord43
ord21
ord60
ord74
ord45
ord5
ord87
ord15
ord76
ord242
ord110
ord183
ord86
ord126
ord78
ord8
ord48
ord108
ord12
ord30
ord235
ord24
ord127
ord96
ord17
ord77
ord243
ord222
ord172
ord49
ord75
ord141
ord130
ord58
ord61
ord180
ord116
ord6
ord157
ord31
ord90

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_version
curl_version_info

Sections

.text
Size: 371KB - Virtual size: 370KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libeay32.dll
.dll windows:5 windows x86 arch:x86

2c30af1e6ba5c85ae00579debdabf312

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

09:9d:1a:13:bd:f7:cb:77:51:1e:e5:cd:06:e1:2d:24
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

08/08/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:ae:6d:bb:e5:f1:95:e4:e1:77:47:a4:ee:de:a4:f1
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

08/08/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fd:e2:0a:82:78:19:02:ed:e0:3a:1d:dc:8a:75:38:90:bd:85:81:9c:11:07:90:81:7d:8f:c6:36:9b:fa:42:fd
Signer

Actual PE Digest

fd:e2:0a:82:78:19:02:ed:e0:3a:1d:dc:8a:75:38:90:bd:85:81:9c:11:07:90:81:7d:8f:c6:36:9b:fa:42:fd

Digest Algorithm

sha256

PE Digest Matches

true

2d:8f:f9:26:a6:af:29:fc:63:ab:0f:05:9c:24:a6:6a:27:87:fa:ef
Signer

Actual PE Digest

2d:8f:f9:26:a6:af:29:fc:63:ab:0f:05:9c:24:a6:6a:27:87:fa:ef

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\libs\openssl-1.0.2o\out32dll\libeay32.pdb

Imports

ws2_32

sendto
recvfrom
bind
listen
accept
ntohl
ioctlsocket
WSACleanup
WSAStartup
gethostbyname
getsockopt
getservbyname
ntohs
htons
htonl
socket
setsockopt
connect
send
WSASetLastError
recv
WSAGetLastError
shutdown
closesocket

gdi32

CreateCompatibleBitmap
GetObjectA
GetDIBits
DeleteObject
GetDeviceCaps

advapi32

ReportEventA
DeregisterEventSource
RegisterEventSourceA

user32

GetDC
ReleaseDC
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW

kernel32

GetStringTypeW
GetStringTypeA
GetLocaleInfoA
HeapSize
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
GetProcessHeap
SetEndOfFile
GetCurrentDirectoryA
CompareStringA
CreateFileW
CompareStringW
SetEnvironmentVariableA
GetEnvironmentStrings
GetConsoleCP
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
FlushFileBuffers
RtlUnwind
WriteConsoleW
ExitProcess
GetProcAddress
GetModuleHandleA
GetCurrentThreadId
GetLastError
GetVersion
WriteFile
GetFileType
GetStdHandle
FindNextFileA
FindFirstFileA
FindClose
FreeLibrary
LoadLibraryA
CloseHandle
SetLastError
MultiByteToWideChar
SystemTimeToFileTime
GetSystemTime
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
FlushConsoleInputBuffer
GetModuleHandleW
Sleep
SetConsoleCtrlHandler
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapReAlloc
HeapAlloc
GetSystemTimeAsFileTime
ReadFile
WideCharToMultiByte
GetConsoleMode
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
SetFileAttributesA
GetFileAttributesA
CreateFileA
ReadConsoleInputA
SetConsoleMode
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameA
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetStartupInfoA
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
SetStdHandle
WriteConsoleA
GetConsoleOutputCP

Exports

Exports

ACCESS_DESCRIPTION_free
ACCESS_DESCRIPTION_it
ACCESS_DESCRIPTION_new
AES_bi_ige_encrypt
AES_cbc_encrypt
AES_cfb128_encrypt
AES_cfb1_encrypt
AES_cfb8_encrypt
AES_ctr128_encrypt
AES_decrypt
AES_ecb_encrypt
AES_encrypt
AES_ige_encrypt
AES_ofb128_encrypt
AES_options
AES_set_decrypt_key
AES_set_encrypt_key
AES_unwrap_key
AES_wrap_key
ASN1_ANY_it
ASN1_BIT_STRING_check
ASN1_BIT_STRING_free
ASN1_BIT_STRING_get_bit
ASN1_BIT_STRING_it
ASN1_BIT_STRING_name_print
ASN1_BIT_STRING_new
ASN1_BIT_STRING_num_asc
ASN1_BIT_STRING_set
ASN1_BIT_STRING_set_asc
ASN1_BIT_STRING_set_bit
ASN1_BMPSTRING_free
ASN1_BMPSTRING_it
ASN1_BMPSTRING_new
ASN1_BOOLEAN_it
ASN1_ENUMERATED_free
ASN1_ENUMERATED_get
ASN1_ENUMERATED_it
ASN1_ENUMERATED_new
ASN1_ENUMERATED_set
ASN1_ENUMERATED_to_BN
ASN1_FBOOLEAN_it
ASN1_GENERALIZEDTIME_adj
ASN1_GENERALIZEDTIME_check
ASN1_GENERALIZEDTIME_free
ASN1_GENERALIZEDTIME_it
ASN1_GENERALIZEDTIME_new
ASN1_GENERALIZEDTIME_print
ASN1_GENERALIZEDTIME_set
ASN1_GENERALIZEDTIME_set_string
ASN1_GENERALSTRING_free
ASN1_GENERALSTRING_it
ASN1_GENERALSTRING_new
ASN1_IA5STRING_free
ASN1_IA5STRING_it
ASN1_IA5STRING_new
ASN1_INTEGER_cmp
ASN1_INTEGER_dup
ASN1_INTEGER_free
ASN1_INTEGER_get
ASN1_INTEGER_it
ASN1_INTEGER_new
ASN1_INTEGER_set
ASN1_INTEGER_to_BN
ASN1_NULL_free
ASN1_NULL_it
ASN1_NULL_new
ASN1_OBJECT_create
ASN1_OBJECT_free
ASN1_OBJECT_it
ASN1_OBJECT_new
ASN1_OCTET_STRING_NDEF_it
ASN1_OCTET_STRING_cmp
ASN1_OCTET_STRING_dup
ASN1_OCTET_STRING_free
ASN1_OCTET_STRING_it
ASN1_OCTET_STRING_new
ASN1_OCTET_STRING_set
ASN1_PCTX_free
ASN1_PCTX_get_cert_flags
ASN1_PCTX_get_flags
ASN1_PCTX_get_nm_flags
ASN1_PCTX_get_oid_flags
ASN1_PCTX_get_str_flags
ASN1_PCTX_new
ASN1_PCTX_set_cert_flags
ASN1_PCTX_set_flags
ASN1_PCTX_set_nm_flags
ASN1_PCTX_set_oid_flags
ASN1_PCTX_set_str_flags
ASN1_PRINTABLESTRING_free
ASN1_PRINTABLESTRING_it
ASN1_PRINTABLESTRING_new
ASN1_PRINTABLE_free
ASN1_PRINTABLE_it
ASN1_PRINTABLE_new
ASN1_PRINTABLE_type
ASN1_SEQUENCE_ANY_it
ASN1_SEQUENCE_it
ASN1_SET_ANY_it
ASN1_STRING_TABLE_add
ASN1_STRING_TABLE_cleanup
ASN1_STRING_TABLE_get
ASN1_STRING_clear_free
ASN1_STRING_cmp
ASN1_STRING_copy
ASN1_STRING_data
ASN1_STRING_dup
ASN1_STRING_free
ASN1_STRING_get_default_mask
ASN1_STRING_length
ASN1_STRING_length_set
ASN1_STRING_new
ASN1_STRING_print
ASN1_STRING_print_ex
ASN1_STRING_print_ex_fp
ASN1_STRING_set
ASN1_STRING_set0
ASN1_STRING_set_by_NID
ASN1_STRING_set_default_mask
ASN1_STRING_set_default_mask_asc
ASN1_STRING_to_UTF8
ASN1_STRING_type
ASN1_STRING_type_new
ASN1_T61STRING_free
ASN1_T61STRING_it
ASN1_T61STRING_new
ASN1_TBOOLEAN_it
ASN1_TIME_adj
ASN1_TIME_check
ASN1_TIME_diff
ASN1_TIME_free
ASN1_TIME_it
ASN1_TIME_new
ASN1_TIME_print
ASN1_TIME_set
ASN1_TIME_set_string
ASN1_TIME_to_generalizedtime
ASN1_TYPE_cmp
ASN1_TYPE_free
ASN1_TYPE_get
ASN1_TYPE_get_int_octetstring
ASN1_TYPE_get_octetstring
ASN1_TYPE_new
ASN1_TYPE_set
ASN1_TYPE_set1
ASN1_TYPE_set_int_octetstring
ASN1_TYPE_set_octetstring
ASN1_UNIVERSALSTRING_free
ASN1_UNIVERSALSTRING_it
ASN1_UNIVERSALSTRING_new
ASN1_UNIVERSALSTRING_to_string
ASN1_UTCTIME_adj
ASN1_UTCTIME_check
ASN1_UTCTIME_cmp_time_t
ASN1_UTCTIME_free
ASN1_UTCTIME_it
ASN1_UTCTIME_new
ASN1_UTCTIME_print
ASN1_UTCTIME_set
ASN1_UTCTIME_set_string
ASN1_UTF8STRING_free
ASN1_UTF8STRING_it
ASN1_UTF8STRING_new
ASN1_VISIBLESTRING_free
ASN1_VISIBLESTRING_it
ASN1_VISIBLESTRING_new
ASN1_add_oid_module
ASN1_bn_print
ASN1_check_infinite_end
ASN1_const_check_infinite_end
ASN1_d2i_bio
ASN1_d2i_fp
ASN1_digest
ASN1_dup
ASN1_generate_nconf
ASN1_generate_v3
ASN1_get_object
ASN1_i2d_bio
ASN1_i2d_fp
ASN1_item_d2i
ASN1_item_d2i_bio
ASN1_item_d2i_fp
ASN1_item_digest
ASN1_item_dup
ASN1_item_ex_d2i
ASN1_item_ex_free
ASN1_item_ex_i2d
ASN1_item_ex_new
ASN1_item_free
ASN1_item_i2d
ASN1_item_i2d_bio
ASN1_item_i2d_fp
ASN1_item_ndef_i2d
ASN1_item_new
ASN1_item_pack
ASN1_item_print
ASN1_item_sign
ASN1_item_sign_ctx
ASN1_item_unpack
ASN1_item_verify
ASN1_mbstring_copy
ASN1_mbstring_ncopy
ASN1_object_size
ASN1_pack_string
ASN1_parse
ASN1_parse_dump
ASN1_primitive_free
ASN1_primitive_new
ASN1_put_eoc
ASN1_put_object
ASN1_seq_pack
ASN1_seq_unpack
ASN1_sign
ASN1_tag2bit
ASN1_tag2str
ASN1_template_d2i
ASN1_template_free
ASN1_template_i2d
ASN1_template_new
ASN1_unpack_string
ASN1_verify
AUTHORITY_INFO_ACCESS_free
AUTHORITY_INFO_ACCESS_it
AUTHORITY_INFO_ACCESS_new
AUTHORITY_KEYID_free
AUTHORITY_KEYID_it
AUTHORITY_KEYID_new
BASIC_CONSTRAINTS_free
BASIC_CONSTRAINTS_it
BASIC_CONSTRAINTS_new
BF_cbc_encrypt
BF_cfb64_encrypt
BF_decrypt
BF_ecb_encrypt
BF_encrypt
BF_ofb64_encrypt
BF_options
BF_set_key
BIGNUM_it
BIO_accept
BIO_asn1_get_prefix
BIO_asn1_get_suffix
BIO_asn1_set_prefix
BIO_asn1_set_suffix
BIO_callback_ctrl
BIO_clear_flags
BIO_copy_next_retry
BIO_ctrl
BIO_ctrl_get_read_request
BIO_ctrl_get_write_guarantee
BIO_ctrl_pending
BIO_ctrl_reset_read_request
BIO_ctrl_wpending
BIO_debug_callback
BIO_dgram_non_fatal_error
BIO_dump
BIO_dump_cb
BIO_dump_fp
BIO_dump_indent
BIO_dump_indent_cb
BIO_dump_indent_fp
BIO_dup_chain
BIO_f_asn1
BIO_f_base64
BIO_f_buffer
BIO_f_cipher
BIO_f_md
BIO_f_nbio_test
BIO_f_null
BIO_f_reliable
BIO_fd_non_fatal_error
BIO_fd_should_retry
BIO_find_type
BIO_free
BIO_free_all
BIO_get_accept_socket
BIO_get_callback
BIO_get_callback_arg
BIO_get_ex_data
BIO_get_ex_new_index
BIO_get_host_ip
BIO_get_port
BIO_get_retry_BIO
BIO_get_retry_reason
BIO_gethostbyname
BIO_gets
BIO_hex_string
BIO_indent
BIO_int_ctrl
BIO_method_name
BIO_method_type
BIO_new
BIO_new_CMS
BIO_new_NDEF
BIO_new_PKCS7
BIO_new_accept
BIO_new_bio_pair
BIO_new_connect
BIO_new_dgram
BIO_new_fd
BIO_new_file
BIO_new_fp
BIO_new_mem_buf
BIO_new_socket
BIO_next
BIO_nread
BIO_nread0
BIO_number_read
BIO_number_written
BIO_nwrite
BIO_nwrite0
BIO_pop
BIO_printf
BIO_ptr_ctrl
BIO_push
BIO_puts
BIO_read
BIO_s_accept
BIO_s_bio
BIO_s_connect
BIO_s_datagram
BIO_s_fd
BIO_s_file
BIO_s_mem
BIO_s_null
BIO_s_socket
BIO_set
BIO_set_callback
BIO_set_callback_arg
BIO_set_cipher
BIO_set_ex_data
BIO_set_flags
BIO_set_tcp_ndelay
BIO_snprintf
BIO_sock_cleanup
BIO_sock_error
BIO_sock_init
BIO_sock_non_fatal_error
BIO_sock_should_retry
BIO_socket_ioctl
BIO_socket_nbio
BIO_test_flags
BIO_vfree
BIO_vprintf
BIO_vsnprintf
BIO_write
BN_BLINDING_convert
BN_BLINDING_convert_ex
BN_BLINDING_create_param
BN_BLINDING_free
BN_BLINDING_get_flags
BN_BLINDING_get_thread_id
BN_BLINDING_invert
BN_BLINDING_invert_ex
BN_BLINDING_new
BN_BLINDING_set_flags
BN_BLINDING_set_thread_id
BN_BLINDING_thread_id
BN_BLINDING_update
BN_CTX_end
BN_CTX_free
BN_CTX_get
BN_CTX_init
BN_CTX_new
BN_CTX_start
BN_GENCB_call
BN_GF2m_add
BN_GF2m_arr2poly
BN_GF2m_mod
BN_GF2m_mod_arr
BN_GF2m_mod_div
BN_GF2m_mod_div_arr
BN_GF2m_mod_exp
BN_GF2m_mod_exp_arr
BN_GF2m_mod_inv
BN_GF2m_mod_inv_arr
BN_GF2m_mod_mul
BN_GF2m_mod_mul_arr
BN_GF2m_mod_solve_quad
BN_GF2m_mod_solve_quad_arr
BN_GF2m_mod_sqr
BN_GF2m_mod_sqr_arr
BN_GF2m_mod_sqrt
BN_GF2m_mod_sqrt_arr
BN_GF2m_poly2arr
BN_MONT_CTX_copy
BN_MONT_CTX_free
BN_MONT_CTX_init
BN_MONT_CTX_new
BN_MONT_CTX_set
BN_MONT_CTX_set_locked
BN_RECP_CTX_free
BN_RECP_CTX_init
BN_RECP_CTX_new
BN_RECP_CTX_set
BN_X931_derive_prime_ex
BN_X931_generate_Xpq
BN_X931_generate_prime_ex
BN_add
BN_add_word
BN_asc2bn
BN_bin2bn
BN_bn2bin
BN_bn2dec
BN_bn2hex
BN_bn2mpi
BN_bntest_rand
BN_clear
BN_clear_bit
BN_clear_free
BN_cmp
BN_consttime_swap
BN_copy
BN_dec2bn
BN_div
BN_div_recp
BN_div_word
BN_dup
BN_exp
BN_free
BN_from_montgomery
BN_gcd
BN_generate_prime
BN_generate_prime_ex
BN_get0_nist_prime_192
BN_get0_nist_prime_224
BN_get0_nist_prime_256
BN_get0_nist_prime_384
BN_get0_nist_prime_521
BN_get_params
BN_get_word
BN_hex2bn
BN_init
BN_is_bit_set
BN_is_prime
BN_is_prime_ex
BN_is_prime_fasttest
BN_is_prime_fasttest_ex
BN_kronecker
BN_lshift
BN_lshift1
BN_mask_bits
BN_mod_add
BN_mod_add_quick
BN_mod_exp
BN_mod_exp2_mont
BN_mod_exp_mont
BN_mod_exp_mont_consttime
BN_mod_exp_mont_word
BN_mod_exp_recp
BN_mod_exp_simple
BN_mod_inverse
BN_mod_lshift
BN_mod_lshift1
BN_mod_lshift1_quick
BN_mod_lshift_quick
BN_mod_mul
BN_mod_mul_montgomery
BN_mod_mul_reciprocal
BN_mod_sqr
BN_mod_sqrt
BN_mod_sub
BN_mod_sub_quick
BN_mod_word
BN_mpi2bn
BN_mul
BN_mul_word
BN_new
BN_nist_mod_192
BN_nist_mod_224
BN_nist_mod_256
BN_nist_mod_384
BN_nist_mod_521
BN_nnmod
BN_num_bits
BN_num_bits_word
BN_options
BN_print
BN_print_fp
BN_pseudo_rand
BN_pseudo_rand_range
BN_rand
BN_rand_range
BN_reciprocal
BN_rshift
BN_rshift1
BN_set_bit
BN_set_negative
BN_set_params
BN_set_word
BN_sqr
BN_sub
BN_sub_word
BN_swap
BN_to_ASN1_ENUMERATED
BN_to_ASN1_INTEGER
BN_uadd
BN_ucmp
BN_usub
BN_value_one

Sections

.text
Size: 847KB - Virtual size: 847KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 358KB - Virtual size: 358KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libeay64.dll
.dll windows:5 windows x64 arch:x64

34d90530287c7d4c9de543c94b2e2cba

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:2d:cc:39:18:5a:9c:0b:9a:4e:98:4b:ba:9b:8e:e3
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:2d:8c:51:24:3c:49:35:1a:b9:89:cc:ef:19:b5:29
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

9e:ff:35:0e:78:e2:95:3c:d0:eb:70:ea:e4:6f:75:8d:3f:22:96:29:1e:9b:5c:f2:60:cc:d3:4e:04:ac:b6:f8
Signer

Actual PE Digest

9e:ff:35:0e:78:e2:95:3c:d0:eb:70:ea:e4:6f:75:8d:3f:22:96:29:1e:9b:5c:f2:60:cc:d3:4e:04:ac:b6:f8

Digest Algorithm

sha256

PE Digest Matches

true

35:22:9e:0a:92:7b:6d:13:17:de:58:bc:48:5d:3a:5c:84:c8:3d:99
Signer

Actual PE Digest

35:22:9e:0a:92:7b:6d:13:17:de:58:bc:48:5d:3a:5c:84:c8:3d:99

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\libs\openssl-1.0.2o\out32dll\libeay64.pdb

Imports

ws2_32

sendto
recvfrom
bind
listen
accept
ntohl
ioctlsocket
WSACleanup
WSAStartup
gethostbyname
getsockopt
getservbyname
ntohs
htons
htonl
socket
setsockopt
connect
send
WSASetLastError
recv
WSAGetLastError
shutdown
closesocket

gdi32

CreateCompatibleBitmap
GetObjectW
GetDIBits
DeleteObject
GetDeviceCaps

advapi32

ReportEventW
DeregisterEventSource
RegisterEventSourceW

user32

GetDC
ReleaseDC
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW

kernel32

GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoA
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
GetProcessHeap
SetEndOfFile
GetCurrentDirectoryA
CompareStringA
CompareStringW
HeapSize
SetEnvironmentVariableA
CreateFileW
GetEnvironmentStrings
GetConsoleCP
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
ExitProcess
GetProcAddress
GetModuleHandleW
GetCurrentThreadId
GetLastError
GetVersion
MultiByteToWideChar
WriteFile
GetFileType
GetStdHandle
WideCharToMultiByte
FindNextFileW
FindFirstFileW
FindClose
RtlVirtualUnwind
FreeLibrary
LoadLibraryA
CloseHandle
LoadLibraryW
SetLastError
SystemTimeToFileTime
GetSystemTime
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
FlushConsoleInputBuffer
Sleep
SetConsoleCtrlHandler
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapReAlloc
HeapAlloc
GetSystemTimeAsFileTime
ReadFile
GetConsoleMode
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
SetFileAttributesA
GetFileAttributesA
CreateFileA
ReadConsoleInputA
SetConsoleMode
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
RtlUnwindEx
DeleteCriticalSection
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetStartupInfoA
HeapSetInformation
HeapCreate
HeapDestroy
GetTimeZoneInformation
SetFilePointer
SetStdHandle
WriteConsoleA

Exports

Exports

ACCESS_DESCRIPTION_free
ACCESS_DESCRIPTION_it
ACCESS_DESCRIPTION_new
AES_bi_ige_encrypt
AES_cbc_encrypt
AES_cfb128_encrypt
AES_cfb1_encrypt
AES_cfb8_encrypt
AES_ctr128_encrypt
AES_decrypt
AES_ecb_encrypt
AES_encrypt
AES_ige_encrypt
AES_ofb128_encrypt
AES_options
AES_set_decrypt_key
AES_set_encrypt_key
AES_unwrap_key
AES_wrap_key
ASN1_ANY_it
ASN1_BIT_STRING_check
ASN1_BIT_STRING_free
ASN1_BIT_STRING_get_bit
ASN1_BIT_STRING_it
ASN1_BIT_STRING_name_print
ASN1_BIT_STRING_new
ASN1_BIT_STRING_num_asc
ASN1_BIT_STRING_set
ASN1_BIT_STRING_set_asc
ASN1_BIT_STRING_set_bit
ASN1_BMPSTRING_free
ASN1_BMPSTRING_it
ASN1_BMPSTRING_new
ASN1_BOOLEAN_it
ASN1_ENUMERATED_free
ASN1_ENUMERATED_get
ASN1_ENUMERATED_it
ASN1_ENUMERATED_new
ASN1_ENUMERATED_set
ASN1_ENUMERATED_to_BN
ASN1_FBOOLEAN_it
ASN1_GENERALIZEDTIME_adj
ASN1_GENERALIZEDTIME_check
ASN1_GENERALIZEDTIME_free
ASN1_GENERALIZEDTIME_it
ASN1_GENERALIZEDTIME_new
ASN1_GENERALIZEDTIME_print
ASN1_GENERALIZEDTIME_set
ASN1_GENERALIZEDTIME_set_string
ASN1_GENERALSTRING_free
ASN1_GENERALSTRING_it
ASN1_GENERALSTRING_new
ASN1_IA5STRING_free
ASN1_IA5STRING_it
ASN1_IA5STRING_new
ASN1_INTEGER_cmp
ASN1_INTEGER_dup
ASN1_INTEGER_free
ASN1_INTEGER_get
ASN1_INTEGER_it
ASN1_INTEGER_new
ASN1_INTEGER_set
ASN1_INTEGER_to_BN
ASN1_NULL_free
ASN1_NULL_it
ASN1_NULL_new
ASN1_OBJECT_create
ASN1_OBJECT_free
ASN1_OBJECT_it
ASN1_OBJECT_new
ASN1_OCTET_STRING_NDEF_it
ASN1_OCTET_STRING_cmp
ASN1_OCTET_STRING_dup
ASN1_OCTET_STRING_free
ASN1_OCTET_STRING_it
ASN1_OCTET_STRING_new
ASN1_OCTET_STRING_set
ASN1_PCTX_free
ASN1_PCTX_get_cert_flags
ASN1_PCTX_get_flags
ASN1_PCTX_get_nm_flags
ASN1_PCTX_get_oid_flags
ASN1_PCTX_get_str_flags
ASN1_PCTX_new
ASN1_PCTX_set_cert_flags
ASN1_PCTX_set_flags
ASN1_PCTX_set_nm_flags
ASN1_PCTX_set_oid_flags
ASN1_PCTX_set_str_flags
ASN1_PRINTABLESTRING_free
ASN1_PRINTABLESTRING_it
ASN1_PRINTABLESTRING_new
ASN1_PRINTABLE_free
ASN1_PRINTABLE_it
ASN1_PRINTABLE_new
ASN1_PRINTABLE_type
ASN1_SEQUENCE_ANY_it
ASN1_SEQUENCE_it
ASN1_SET_ANY_it
ASN1_STRING_TABLE_add
ASN1_STRING_TABLE_cleanup
ASN1_STRING_TABLE_get
ASN1_STRING_clear_free
ASN1_STRING_cmp
ASN1_STRING_copy
ASN1_STRING_data
ASN1_STRING_dup
ASN1_STRING_free
ASN1_STRING_get_default_mask
ASN1_STRING_length
ASN1_STRING_length_set
ASN1_STRING_new
ASN1_STRING_print
ASN1_STRING_print_ex
ASN1_STRING_print_ex_fp
ASN1_STRING_set
ASN1_STRING_set0
ASN1_STRING_set_by_NID
ASN1_STRING_set_default_mask
ASN1_STRING_set_default_mask_asc
ASN1_STRING_to_UTF8
ASN1_STRING_type
ASN1_STRING_type_new
ASN1_T61STRING_free
ASN1_T61STRING_it
ASN1_T61STRING_new
ASN1_TBOOLEAN_it
ASN1_TIME_adj
ASN1_TIME_check
ASN1_TIME_diff
ASN1_TIME_free
ASN1_TIME_it
ASN1_TIME_new
ASN1_TIME_print
ASN1_TIME_set
ASN1_TIME_set_string
ASN1_TIME_to_generalizedtime
ASN1_TYPE_cmp
ASN1_TYPE_free
ASN1_TYPE_get
ASN1_TYPE_get_int_octetstring
ASN1_TYPE_get_octetstring
ASN1_TYPE_new
ASN1_TYPE_set
ASN1_TYPE_set1
ASN1_TYPE_set_int_octetstring
ASN1_TYPE_set_octetstring
ASN1_UNIVERSALSTRING_free
ASN1_UNIVERSALSTRING_it
ASN1_UNIVERSALSTRING_new
ASN1_UNIVERSALSTRING_to_string
ASN1_UTCTIME_adj
ASN1_UTCTIME_check
ASN1_UTCTIME_cmp_time_t
ASN1_UTCTIME_free
ASN1_UTCTIME_it
ASN1_UTCTIME_new
ASN1_UTCTIME_print
ASN1_UTCTIME_set
ASN1_UTCTIME_set_string
ASN1_UTF8STRING_free
ASN1_UTF8STRING_it
ASN1_UTF8STRING_new
ASN1_VISIBLESTRING_free
ASN1_VISIBLESTRING_it
ASN1_VISIBLESTRING_new
ASN1_add_oid_module
ASN1_bn_print
ASN1_check_infinite_end
ASN1_const_check_infinite_end
ASN1_d2i_bio
ASN1_d2i_fp
ASN1_digest
ASN1_dup
ASN1_generate_nconf
ASN1_generate_v3
ASN1_get_object
ASN1_i2d_bio
ASN1_i2d_fp
ASN1_item_d2i
ASN1_item_d2i_bio
ASN1_item_d2i_fp
ASN1_item_digest
ASN1_item_dup
ASN1_item_ex_d2i
ASN1_item_ex_free
ASN1_item_ex_i2d
ASN1_item_ex_new
ASN1_item_free
ASN1_item_i2d
ASN1_item_i2d_bio
ASN1_item_i2d_fp
ASN1_item_ndef_i2d
ASN1_item_new
ASN1_item_pack
ASN1_item_print
ASN1_item_sign
ASN1_item_sign_ctx
ASN1_item_unpack
ASN1_item_verify
ASN1_mbstring_copy
ASN1_mbstring_ncopy
ASN1_object_size
ASN1_pack_string
ASN1_parse
ASN1_parse_dump
ASN1_primitive_free
ASN1_primitive_new
ASN1_put_eoc
ASN1_put_object
ASN1_seq_pack
ASN1_seq_unpack
ASN1_sign
ASN1_tag2bit
ASN1_tag2str
ASN1_template_d2i
ASN1_template_free
ASN1_template_i2d
ASN1_template_new
ASN1_unpack_string
ASN1_verify
AUTHORITY_INFO_ACCESS_free
AUTHORITY_INFO_ACCESS_it
AUTHORITY_INFO_ACCESS_new
AUTHORITY_KEYID_free
AUTHORITY_KEYID_it
AUTHORITY_KEYID_new
BASIC_CONSTRAINTS_free
BASIC_CONSTRAINTS_it
BASIC_CONSTRAINTS_new
BF_cbc_encrypt
BF_cfb64_encrypt
BF_decrypt
BF_ecb_encrypt
BF_encrypt
BF_ofb64_encrypt
BF_options
BF_set_key
BIGNUM_it
BIO_accept
BIO_asn1_get_prefix
BIO_asn1_get_suffix
BIO_asn1_set_prefix
BIO_asn1_set_suffix
BIO_callback_ctrl
BIO_clear_flags
BIO_copy_next_retry
BIO_ctrl
BIO_ctrl_get_read_request
BIO_ctrl_get_write_guarantee
BIO_ctrl_pending
BIO_ctrl_reset_read_request
BIO_ctrl_wpending
BIO_debug_callback
BIO_dgram_non_fatal_error
BIO_dump
BIO_dump_cb
BIO_dump_fp
BIO_dump_indent
BIO_dump_indent_cb
BIO_dump_indent_fp
BIO_dup_chain
BIO_f_asn1
BIO_f_base64
BIO_f_buffer
BIO_f_cipher
BIO_f_md
BIO_f_nbio_test
BIO_f_null
BIO_f_reliable
BIO_fd_non_fatal_error
BIO_fd_should_retry
BIO_find_type
BIO_free
BIO_free_all
BIO_get_accept_socket
BIO_get_callback
BIO_get_callback_arg
BIO_get_ex_data
BIO_get_ex_new_index
BIO_get_host_ip
BIO_get_port
BIO_get_retry_BIO
BIO_get_retry_reason
BIO_gethostbyname
BIO_gets
BIO_hex_string
BIO_indent
BIO_int_ctrl
BIO_method_name
BIO_method_type
BIO_new
BIO_new_CMS
BIO_new_NDEF
BIO_new_PKCS7
BIO_new_accept
BIO_new_bio_pair
BIO_new_connect
BIO_new_dgram
BIO_new_fd
BIO_new_file
BIO_new_fp
BIO_new_mem_buf
BIO_new_socket
BIO_next
BIO_nread
BIO_nread0
BIO_number_read
BIO_number_written
BIO_nwrite
BIO_nwrite0
BIO_pop
BIO_printf
BIO_ptr_ctrl
BIO_push
BIO_puts
BIO_read
BIO_s_accept
BIO_s_bio
BIO_s_connect
BIO_s_datagram
BIO_s_fd
BIO_s_file
BIO_s_mem
BIO_s_null
BIO_s_socket
BIO_set
BIO_set_callback
BIO_set_callback_arg
BIO_set_cipher
BIO_set_ex_data
BIO_set_flags
BIO_set_tcp_ndelay
BIO_snprintf
BIO_sock_cleanup
BIO_sock_error
BIO_sock_init
BIO_sock_non_fatal_error
BIO_sock_should_retry
BIO_socket_ioctl
BIO_socket_nbio
BIO_test_flags
BIO_vfree
BIO_vprintf
BIO_vsnprintf
BIO_write
BN_BLINDING_convert
BN_BLINDING_convert_ex
BN_BLINDING_create_param
BN_BLINDING_free
BN_BLINDING_get_flags
BN_BLINDING_get_thread_id
BN_BLINDING_invert
BN_BLINDING_invert_ex
BN_BLINDING_new
BN_BLINDING_set_flags
BN_BLINDING_set_thread_id
BN_BLINDING_thread_id
BN_BLINDING_update
BN_CTX_end
BN_CTX_free
BN_CTX_get
BN_CTX_init
BN_CTX_new
BN_CTX_start
BN_GENCB_call
BN_GF2m_add
BN_GF2m_arr2poly
BN_GF2m_mod
BN_GF2m_mod_arr
BN_GF2m_mod_div
BN_GF2m_mod_div_arr
BN_GF2m_mod_exp
BN_GF2m_mod_exp_arr
BN_GF2m_mod_inv
BN_GF2m_mod_inv_arr
BN_GF2m_mod_mul
BN_GF2m_mod_mul_arr
BN_GF2m_mod_solve_quad
BN_GF2m_mod_solve_quad_arr
BN_GF2m_mod_sqr
BN_GF2m_mod_sqr_arr
BN_GF2m_mod_sqrt
BN_GF2m_mod_sqrt_arr
BN_GF2m_poly2arr
BN_MONT_CTX_copy
BN_MONT_CTX_free
BN_MONT_CTX_init
BN_MONT_CTX_new
BN_MONT_CTX_set
BN_MONT_CTX_set_locked
BN_RECP_CTX_free
BN_RECP_CTX_init
BN_RECP_CTX_new
BN_RECP_CTX_set
BN_X931_derive_prime_ex
BN_X931_generate_Xpq
BN_X931_generate_prime_ex
BN_add
BN_add_word
BN_asc2bn
BN_bin2bn
BN_bn2bin
BN_bn2dec
BN_bn2hex
BN_bn2mpi
BN_bntest_rand
BN_clear
BN_clear_bit
BN_clear_free
BN_cmp
BN_consttime_swap
BN_copy
BN_dec2bn
BN_div
BN_div_recp
BN_div_word
BN_dup
BN_exp
BN_free
BN_from_montgomery
BN_gcd
BN_generate_prime
BN_generate_prime_ex
BN_get0_nist_prime_192
BN_get0_nist_prime_224
BN_get0_nist_prime_256
BN_get0_nist_prime_384
BN_get0_nist_prime_521
BN_get_params
BN_get_word
BN_hex2bn
BN_init
BN_is_bit_set
BN_is_prime
BN_is_prime_ex
BN_is_prime_fasttest
BN_is_prime_fasttest_ex
BN_kronecker
BN_lshift
BN_lshift1
BN_mask_bits
BN_mod_add
BN_mod_add_quick
BN_mod_exp
BN_mod_exp2_mont
BN_mod_exp_mont
BN_mod_exp_mont_consttime
BN_mod_exp_mont_word
BN_mod_exp_recp
BN_mod_exp_simple
BN_mod_inverse
BN_mod_lshift
BN_mod_lshift1
BN_mod_lshift1_quick
BN_mod_lshift_quick
BN_mod_mul
BN_mod_mul_montgomery
BN_mod_mul_reciprocal
BN_mod_sqr
BN_mod_sqrt
BN_mod_sub
BN_mod_sub_quick
BN_mod_word
BN_mpi2bn
BN_mul
BN_mul_word
BN_new
BN_nist_mod_192
BN_nist_mod_224
BN_nist_mod_256
BN_nist_mod_384
BN_nist_mod_521
BN_nnmod
BN_num_bits
BN_num_bits_word
BN_options
BN_print
BN_print_fp
BN_pseudo_rand
BN_pseudo_rand_range
BN_rand
BN_rand_range
BN_reciprocal
BN_rshift
BN_rshift1
BN_set_bit
BN_set_negative
BN_set_params
BN_set_word
BN_sqr
BN_sub
BN_sub_word
BN_swap
BN_to_ASN1_ENUMERATED
BN_to_ASN1_INTEGER
BN_uadd
BN_ucmp
BN_usub
BN_value_one

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 505KB - Virtual size: 505KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 255KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libssl-3.dll
.dll windows:6 windows x86 arch:x86

93c29966cac61d073a926989d4a7f069

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

79:67:9d:25:a2:ce:d5:71:3b:6f:99:f8:59:42:fb:b8:63:86:04:15:9c:f6:c2:24:0e:cf:6b:6b:15:f7:e9:82
Signer

Actual PE Digest

79:67:9d:25:a2:ce:d5:71:3b:6f:99:f8:59:42:fb:b8:63:86:04:15:9c:f6:c2:24:0e:cf:6b:6b:15:f7:e9:82

Digest Algorithm

sha256

PE Digest Matches

true

5b:88:61:7e:b8:80:d1:f5:7c:25:8d:c6:1b:0b:79:20:6a:c6:ee:7b
Signer

Actual PE Digest

5b:88:61:7e:b8:80:d1:f5:7c:25:8d:c6:1b:0b:79:20:6a:c6:ee:7b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\projects\projectsJ\nfsdk2_1.6\protocolfilters\openssl\out32dll\libssl-3.pdb

Imports

libcrypto-3

EVP_PKEY_paramgen_init
EVP_PKEY_paramgen
EVP_PKEY_keygen_init
EVP_PKEY_keygen
EVP_PKEY_CTX_set_group_name
X509_NAME_free
X509_free
RAND_bytes_ex
X509_it
ASN1_OCTET_STRING_it
INT32_it
ZINT32_it
UINT32_it
ZUINT32_it
ZINT64_it
ZUINT64_it
CRYPTO_strndup
ASN1_item_free
ASN1_item_d2i
ASN1_item_i2d
OPENSSL_DIR_read
OPENSSL_DIR_end
OPENSSL_sk_shift
OPENSSL_sk_pop
OPENSSL_sk_set_cmp_func
CRYPTO_THREAD_lock_new
CRYPTO_THREAD_lock_free
CRYPTO_get_ex_new_index
CRYPTO_THREAD_run_once
OSSL_LIB_CTX_set0_default
BIO_s_file
BIO_snprintf
OBJ_nid2ln
OBJ_nid2sn
OPENSSL_LH_new
OPENSSL_LH_free
OPENSSL_LH_insert
OPENSSL_LH_retrieve
X509_verify_cert
X509_STORE_new
X509_STORE_free
X509_STORE_up_ref
X509_STORE_CTX_new_ex
X509_STORE_CTX_free
X509_STORE_CTX_init
X509_STORE_CTX_set_verify_cb
X509_STORE_add_cert
X509_STORE_CTX_set_ex_data
X509_STORE_CTX_get_error
X509_STORE_CTX_get0_chain
X509_STORE_CTX_get1_chain
X509_STORE_CTX_set_flags
X509_STORE_CTX_get0_param
X509_STORE_CTX_set_default
X509_STORE_CTX_set0_dane
X509_VERIFY_PARAM_set1
X509_VERIFY_PARAM_set_auth_level
X509_VERIFY_PARAM_move_peername
X509_verify_cert_error_string
X509_NAME_dup
i2d_X509_NAME
X509_new_ex
X509_get_subject_name
X509_up_ref
X509_chain_up_ref
X509_cmp
X509_NAME_hash_ex
PEM_read_bio_X509
OSSL_STORE_open
OSSL_STORE_load
OSSL_STORE_eof
OSSL_STORE_error
OSSL_STORE_close
OSSL_STORE_INFO_get_type
OSSL_STORE_INFO_get0_NAME
OSSL_STORE_INFO_get0_CERT
OSSL_STORE_INFO_free
X509_get_extension_flags
OPENSSL_sk_new
OPENSSL_sk_delete
OPENSSL_sk_unshift
OPENSSL_sk_dup
OPENSSL_sk_sort
COMP_get_type
COMP_get_name
COMP_zlib
EVP_CIPHER_get_block_size
EVP_CIPHER_get_flags
EVP_CIPHER_get_mode
EVP_CIPHER_fetch
EVP_get_cipherbyname
EVP_get_digestbyname
EVP_PKEY_asn1_find_str
EVP_PKEY_asn1_get0_info
EVP_SIGNATURE_free
EVP_SIGNATURE_fetch
EVP_KEYEXCH_free
EVP_KEYEXCH_fetch
CONF_parse_list
ERR_set_mark
ERR_pop_to_mark
OPENSSL_strcasecmp
OPENSSL_strncasecmp
ERR_clear_last_mark
X509_STORE_load_path
X509_STORE_load_file_ex
X509_STORE_load_store_ex
OSSL_DECODER_CTX_free
OSSL_DECODER_from_bio
OSSL_DECODER_CTX_new_for_pkey
ERR_reason_error_string
ERR_load_strings_const
OPENSSL_init_crypto
OPENSSL_atexit
OPENSSL_sk_insert
CRYPTO_THREAD_read_lock
CRYPTO_THREAD_write_lock
CRYPTO_THREAD_unlock
CRYPTO_new_ex_data
CRYPTO_dup_ex_data
CRYPTO_free_ex_data
CRYPTO_set_ex_data
CRYPTO_get_ex_data
CRYPTO_realloc
CRYPTO_secure_zalloc
CRYPTO_secure_free
BUF_MEM_free
COMP_CTX_get_method
BIO_int_ctrl
BIO_pop
BIO_free_all
BIO_s_socket
ASN1_OCTET_STRING_free
OPENSSL_LH_num_items
ERR_peek_error
OBJ_bsearch_
EVP_MD_get0_provider
EVP_CIPHER_up_ref
EVP_CIPHER_free
EVP_MD_fetch
EVP_MD_up_ref
EVP_MD_free
EVP_CIPHER_CTX_free
EVP_PKEY_get_security_bits
X509_STORE_add_lookup
X509_LOOKUP_hash_dir
X509_LOOKUP_file
X509_LOOKUP_store
X509_LOOKUP_ctrl
X509_LOOKUP_ctrl_ex
X509_STORE_set_default_paths_ex
X509_VERIFY_PARAM_new
X509_VERIFY_PARAM_free
X509_VERIFY_PARAM_inherit
X509_VERIFY_PARAM_set_purpose
X509_VERIFY_PARAM_set_trust
X509_VERIFY_PARAM_set_depth
X509_VERIFY_PARAM_set1_host
X509_VERIFY_PARAM_add1_host
X509_VERIFY_PARAM_set_hostflags
X509_VERIFY_PARAM_get0_peername
X509_VERIFY_PARAM_get1_ip_asc
X509_VERIFY_PARAM_set1_ip_asc
X509_VERIFY_PARAM_get_depth
d2i_PUBKEY
X509_EXTENSION_free
d2i_X509
X509_get0_pubkey
X509_check_private_key
X509_get_ext_d2i
ASYNC_WAIT_CTX_new
ASYNC_WAIT_CTX_free
ASYNC_WAIT_CTX_get_all_fds
ASYNC_WAIT_CTX_set_callback
ASYNC_WAIT_CTX_get_status
ASYNC_WAIT_CTX_get_changed_fds
ASYNC_start_job
ASYNC_get_current_job
CT_POLICY_EVAL_CTX_new_ex
CT_POLICY_EVAL_CTX_free
CT_POLICY_EVAL_CTX_set1_cert
CT_POLICY_EVAL_CTX_set1_issuer
CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE
CT_POLICY_EVAL_CTX_set_time
SCT_LIST_free
SCT_set_source
SCT_get_validation_status
SCT_LIST_validate
o2i_SCT_LIST
CTLOG_STORE_new_ex
CTLOG_STORE_free
CTLOG_STORE_load_file
CTLOG_STORE_load_default_file
X509_get_key_usage
a2i_IPADDRESS
RAND_priv_bytes_ex
EVP_PKEY_decapsulate
OCSP_resp_count
OCSP_resp_get0
OCSP_SINGLERESP_get1_ext_d2i
OCSP_BASICRESP_free
OCSP_RESPID_free
OCSP_RESPONSE_free
d2i_OCSP_RESPONSE
conf_ssl_get
conf_ssl_name_find
conf_ssl_get_cmd
ERR_peek_last_error
EVP_PKEY_can_sign
d2i_PrivateKey_ex
EVP_PKEY_copy_parameters
EVP_PKEY_missing_parameters
EVP_PKEY_eq
d2i_X509_bio
d2i_PrivateKey_ex_bio
X509_get_pubkey
PEM_read_bio
PEM_read_bio_X509_AUX
PEM_read_bio_PrivateKey_ex
RSA_free
RSA_up_ref
d2i_RSAPrivateKey
EVP_PKEY_assign
EVP_PKEY_new
d2i_RSAPrivateKey_bio
PEM_read_bio_RSAPrivateKey
OPENSSL_LH_delete
OPENSSL_LH_get_down_load
OPENSSL_LH_set_down_load
PEM_ASN1_read_bio
PEM_ASN1_write_bio
PEM_ASN1_read
PEM_ASN1_write
BIO_puts
BIO_dump_indent
BIO_printf
OSSL_PARAM_construct_int
OSSL_PARAM_construct_size_t
OSSL_PARAM_construct_utf8_string
EVP_MD_get0_name
EVP_DigestSignInit_ex
EVP_CIPHER_CTX_ctrl
EVP_CIPHER_CTX_set_params
EVP_PKEY_new_mac_key
EVP_PKEY_new_raw_private_key_ex
EVP_KDF_free
EVP_KDF_fetch
EVP_KDF_CTX_new
EVP_KDF_CTX_free
EVP_KDF_derive
CRYPTO_memcmp
BN_free
BN_get_rfc2409_prime_1024
BN_get_rfc3526_prime_2048
BN_get_rfc3526_prime_3072
BN_get_rfc3526_prime_4096
BN_get_rfc3526_prime_8192
OBJ_txt2nid
OBJ_ln2nid
OBJ_sn2nid
OSSL_PARAM_locate_const
OSSL_PARAM_get_int
OSSL_PARAM_get_uint
OSSL_PARAM_free
EVP_CIPHER_CTX_get_iv_length
EVP_DecryptInit_ex
EVP_DecryptUpdate
EVP_DecryptFinal
EVP_MAC_fetch
EVP_MAC_free
EVP_MAC_CTX_new
EVP_MAC_CTX_free
EVP_MAC_CTX_get_mac_size
EVP_MAC_init
EVP_MAC_update
EVP_MAC_final
EVP_PKEY_get_id
EVP_PKEY_get_bits
EVP_PKEY_get_size
EVP_PKEY_set_type
EVP_PKEY_digestsign_supports_digest
EVP_PKEY_set1_encoded_public_key
EVP_KEYMGMT_fetch
EVP_KEYMGMT_free
EVP_KEYMGMT_get0_provider
EVP_PKEY_fromdata_init
EVP_PKEY_fromdata
EVP_PKEY_get_ec_point_conv_form
EVP_PKEY_get_field_type
EVP_PKEY_get_group_name
X509_get_signature_info
X509_get_signature_nid
X509_get_issuer_name
X509_chain_check_suiteb
X509_NAME_cmp
OSSL_PROVIDER_do_all
OSSL_PROVIDER_get_capabilities
OSSL_PARAM_BLD_new
OSSL_PARAM_BLD_to_param
OSSL_PARAM_BLD_free
OSSL_PARAM_BLD_push_uint
OSSL_PARAM_BLD_push_BN
BIO_indent
d2i_X509_NAME
X509_NAME_print_ex
X509_print_ex
PEM_write_bio_X509
EVP_Q_mac
EC_GROUP_get_curve_name
EC_KEY_get0_group
EVP_PKEY_set1_DH
ENGINE_get_ssl_client_cert_function
ENGINE_get_cipher
ENGINE_get_digest
ENGINE_init
ENGINE_finish
ENGINE_load_ssl_client_cert
ENGINE_get_cipher_engine
ENGINE_get_digest_engine
HMAC_size
HMAC_CTX_new
HMAC_CTX_free
HMAC_Init_ex
HMAC_Update
HMAC_Final
BN_is_zero
BN_num_bits
BN_clear_free
BN_copy
BN_bin2bn
BN_bn2bin
BN_dup
BN_ucmp
SRP_create_verifier_BN_ex
SRP_check_known_gN_param
SRP_get_default_gN
SRP_Calc_server_key
SRP_Calc_B_ex
SRP_Verify_A_mod_N
SRP_Calc_u_ex
SRP_Calc_x_ex
SRP_Calc_A
SRP_Calc_client_key_ex
SRP_Verify_B_mod_N
EVP_CIPHER_CTX_get0_cipher
COMP_compress_block
COMP_expand_block
OSSL_PARAM_construct_octet_ptr
EVP_MD_CTX_get_pkey_ctx
EVP_CIPHER_CTX_get_block_size
EVP_Cipher
EVP_MD_CTX_ctrl
EVP_MD_CTX_copy
EVP_CipherUpdate
EVP_DigestSignUpdate
EVP_DigestSignFinal
EVP_CIPHER_CTX_get_params
EVP_PKEY_CTX_set_params
EVP_CipherFinal_ex
EVP_PKEY_get1_encoded_public_key
i2d_X509_EXTENSIONS
i2d_OCSP_RESPID
EVP_DigestSign
d2i_X509_EXTENSIONS
d2i_OCSP_RESPID
BUF_MEM_new
BUF_MEM_grow_clean
ERR_vset_error
EVP_Digest
EVP_DigestInit
EVP_DigestVerify
EVP_DigestVerifyInit_ex
EVP_PKEY_CTX_ctrl
EVP_PKEY_encrypt_init
EVP_PKEY_encrypt
EVP_PKEY_public_check
EVP_PKEY_param_check_quick
EVP_PKEY_CTX_set_rsa_padding
EVP_PKEY_CTX_set_rsa_pss_saltlen
BUF_reverse
EVP_DigestVerifyUpdate
EVP_DigestVerifyFinal
i2d_X509
ASN1_ANY_it
ASN1_TYPE_get
ASN1_item_new
OSSL_PARAM_construct_uint
EVP_EncryptInit_ex
EVP_EncryptUpdate
EVP_EncryptFinal
EVP_PKEY_decrypt_init
EVP_PKEY_decrypt
EVP_PKEY_get_bn_param
EVP_PKEY_decapsulate_init
EVP_PKEY_encapsulate
EVP_PKEY_encapsulate_init
EVP_PKEY_derive
EVP_PKEY_derive_set_peer
EVP_PKEY_derive_init
EVP_PKEY_CTX_free
EVP_PKEY_CTX_new_from_pkey
EVP_PKEY_CTX_new_from_name
EVP_PKEY_free
EVP_PKEY_up_ref
EVP_PKEY_is_a
EVP_PKEY_CTX_set_dh_pad
CRYPTO_strdup
CRYPTO_memdup
OPENSSL_sk_pop_free
OPENSSL_sk_new_reserve
OPENSSL_sk_value
OPENSSL_sk_num
EVP_CIPHER_CTX_reset
EVP_CIPHER_CTX_new
EVP_CipherInit_ex
EVP_DigestFinal_ex
EVP_MD_CTX_copy_ex
EVP_MD_CTX_set_params
EVP_CIPHER_get_iv_length
EVP_CIPHER_get_key_length
EVP_CIPHER_get0_provider
EVP_MD_CTX_get0_md
EVP_MD_get_size
EVP_MD_get_type
OSSL_PARAM_construct_end
OSSL_PARAM_construct_octet_string
BIO_s_mem
COMP_CTX_free
COMP_CTX_new
OPENSSL_cleanse
CRYPTO_clear_free
SHA512_Transform
SHA512_Init
SHA384_Init
SHA256_Transform
SHA256_Init
SHA224_Init
SHA1_Transform
SHA1_Init
MD5_Transform
MD5_Init
EVP_DigestFinal
EVP_DigestUpdate
EVP_DigestInit_ex
EVP_MD_CTX_free
EVP_MD_CTX_new
EVP_MD_is_a
CRYPTO_malloc
OPENSSL_sk_push
OPENSSL_sk_find
OPENSSL_sk_free
OPENSSL_sk_new_null
ERR_clear_error
BIO_ADDR_clear
BIO_ADDR_free
BIO_ADDR_new
BIO_read
BIO_test_flags
BIO_copy_next_retry
BIO_f_buffer
BIO_s_connect
BIO_set_retry_reason
BIO_get_retry_reason
BIO_set_next
BIO_next
BIO_find_type
BIO_push
BIO_callback_ctrl
BIO_ctrl
BIO_write
BIO_up_ref
BIO_get_shutdown
BIO_set_shutdown
BIO_get_init
BIO_set_init
BIO_get_data
BIO_set_data
BIO_free
BIO_new
BIO_method_type
BIO_clear_flags
BIO_set_flags
ERR_set_error
ERR_set_debug
ERR_new
BUF_MEM_grow
CRYPTO_free
OCSP_response_get1_basic
CRYPTO_zalloc

kernel32

FlushFileBuffers
GetFullPathNameA
WriteConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapSize
LoadLibraryW
OutputDebugStringW
ReadConsoleW
ReadFile
SetEndOfFile
GetTimeZoneInformation
SetStdHandle
GetStringTypeW
HeapReAlloc
HeapAlloc
RtlUnwind
SetFilePointerEx
GetConsoleMode
GetConsoleCP
SetConsoleCtrlHandler
LoadLibraryExW
FreeLibrary
InterlockedExchange
GetModuleFileNameW
WriteFile
CloseHandle
CreateFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFullPathNameW
PeekNamedPipe
GetFileInformationByHandle
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FatalAppExitA
LeaveCriticalSection
EnterCriticalSection
Sleep
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
DeleteCriticalSection
GetFileType
GetStdHandle
GetProcessHeap
CreateSemaphoreW
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapFree
MultiByteToWideChar
AreFileApisANSI
GetProcAddress
GetModuleHandleExW
ExitProcess
FileTimeToSystemTime
GetDriveTypeW
FindFirstFileExW
FindClose
FileTimeToLocalFileTime
GetCurrentThread
InterlockedDecrement
InterlockedIncrement
DecodePointer
EncodePointer
GetCurrentThreadId
GetCommandLineA
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
GetLastError
SystemTimeToFileTime
GetSystemTime
SetLastError
SetEnvironmentVariableA

Exports

Exports

BIO_f_ssl
BIO_new_buffer_ssl_connect
BIO_new_ssl
BIO_new_ssl_connect
BIO_ssl_copy_session_id
BIO_ssl_shutdown
DTLS_client_method
DTLS_get_data_mtu
DTLS_method
DTLS_server_method
DTLS_set_timer_cb
DTLSv1_2_client_method
DTLSv1_2_method
DTLSv1_2_server_method
DTLSv1_client_method
DTLSv1_listen
DTLSv1_method
DTLSv1_server_method
ERR_load_SSL_strings
OPENSSL_cipher_name
OPENSSL_init_ssl
OSSL_default_cipher_list
OSSL_default_ciphersuites
PEM_read_SSL_SESSION
PEM_read_bio_SSL_SESSION
PEM_write_SSL_SESSION
PEM_write_bio_SSL_SESSION
SRP_Calc_A_param
SSL_CIPHER_description
SSL_CIPHER_find
SSL_CIPHER_get_auth_nid
SSL_CIPHER_get_bits
SSL_CIPHER_get_cipher_nid
SSL_CIPHER_get_digest_nid
SSL_CIPHER_get_handshake_digest
SSL_CIPHER_get_id
SSL_CIPHER_get_kx_nid
SSL_CIPHER_get_name
SSL_CIPHER_get_protocol_id
SSL_CIPHER_get_version
SSL_CIPHER_is_aead
SSL_CIPHER_standard_name
SSL_COMP_add_compression_method
SSL_COMP_get0_name
SSL_COMP_get_compression_methods
SSL_COMP_get_id
SSL_COMP_get_name
SSL_COMP_set0_compression_methods
SSL_CONF_CTX_clear_flags
SSL_CONF_CTX_finish
SSL_CONF_CTX_free
SSL_CONF_CTX_new
SSL_CONF_CTX_set1_prefix
SSL_CONF_CTX_set_flags
SSL_CONF_CTX_set_ssl
SSL_CONF_CTX_set_ssl_ctx
SSL_CONF_cmd
SSL_CONF_cmd_argv
SSL_CONF_cmd_value_type
SSL_CTX_SRP_CTX_free
SSL_CTX_SRP_CTX_init
SSL_CTX_add1_to_CA_list
SSL_CTX_add_client_CA
SSL_CTX_add_client_custom_ext
SSL_CTX_add_custom_ext
SSL_CTX_add_server_custom_ext
SSL_CTX_add_session
SSL_CTX_callback_ctrl
SSL_CTX_check_private_key
SSL_CTX_clear_options
SSL_CTX_config
SSL_CTX_ct_is_enabled
SSL_CTX_ctrl
SSL_CTX_dane_clear_flags
SSL_CTX_dane_enable
SSL_CTX_dane_mtype_set
SSL_CTX_dane_set_flags
SSL_CTX_enable_ct
SSL_CTX_flush_sessions
SSL_CTX_free
SSL_CTX_get0_CA_list
SSL_CTX_get0_certificate
SSL_CTX_get0_ctlog_store
SSL_CTX_get0_param
SSL_CTX_get0_privatekey
SSL_CTX_get0_security_ex_data
SSL_CTX_get_cert_store
SSL_CTX_get_ciphers
SSL_CTX_get_client_CA_list
SSL_CTX_get_client_cert_cb
SSL_CTX_get_default_passwd_cb
SSL_CTX_get_default_passwd_cb_userdata
SSL_CTX_get_ex_data
SSL_CTX_get_info_callback
SSL_CTX_get_keylog_callback
SSL_CTX_get_max_early_data
SSL_CTX_get_num_tickets
SSL_CTX_get_options
SSL_CTX_get_quiet_shutdown
SSL_CTX_get_record_padding_callback_arg
SSL_CTX_get_recv_max_early_data
SSL_CTX_get_security_callback
SSL_CTX_get_security_level
SSL_CTX_get_ssl_method
SSL_CTX_get_timeout
SSL_CTX_get_verify_callback
SSL_CTX_get_verify_depth
SSL_CTX_get_verify_mode
SSL_CTX_has_client_custom_ext
SSL_CTX_load_verify_dir
SSL_CTX_load_verify_file
SSL_CTX_load_verify_locations
SSL_CTX_load_verify_store
SSL_CTX_new
SSL_CTX_new_ex
SSL_CTX_remove_session
SSL_CTX_sess_get_get_cb
SSL_CTX_sess_get_new_cb
SSL_CTX_sess_get_remove_cb
SSL_CTX_sess_set_get_cb
SSL_CTX_sess_set_new_cb
SSL_CTX_sess_set_remove_cb
SSL_CTX_sessions
SSL_CTX_set0_CA_list
SSL_CTX_set0_ctlog_store
SSL_CTX_set0_security_ex_data
SSL_CTX_set0_tmp_dh_pkey
SSL_CTX_set1_cert_store
SSL_CTX_set1_param
SSL_CTX_set_allow_early_data_cb
SSL_CTX_set_alpn_protos
SSL_CTX_set_alpn_select_cb
SSL_CTX_set_async_callback
SSL_CTX_set_async_callback_arg
SSL_CTX_set_block_padding
SSL_CTX_set_cert_cb
SSL_CTX_set_cert_store
SSL_CTX_set_cert_verify_callback
SSL_CTX_set_cipher_list
SSL_CTX_set_ciphersuites
SSL_CTX_set_client_CA_list
SSL_CTX_set_client_cert_cb
SSL_CTX_set_client_cert_engine
SSL_CTX_set_client_hello_cb
SSL_CTX_set_cookie_generate_cb
SSL_CTX_set_cookie_verify_cb
SSL_CTX_set_ct_validation_callback
SSL_CTX_set_ctlog_list_file
SSL_CTX_set_default_ctlog_list_file
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_set_default_read_buffer_len
SSL_CTX_set_default_verify_dir
SSL_CTX_set_default_verify_file
SSL_CTX_set_default_verify_paths
SSL_CTX_set_default_verify_store
SSL_CTX_set_ex_data
SSL_CTX_set_generate_session_id
SSL_CTX_set_info_callback
SSL_CTX_set_keylog_callback
SSL_CTX_set_max_early_data
SSL_CTX_set_msg_callback
SSL_CTX_set_next_proto_select_cb
SSL_CTX_set_next_protos_advertised_cb
SSL_CTX_set_not_resumable_session_callback
SSL_CTX_set_num_tickets
SSL_CTX_set_options
SSL_CTX_set_post_handshake_auth
SSL_CTX_set_psk_client_callback
SSL_CTX_set_psk_find_session_callback
SSL_CTX_set_psk_server_callback
SSL_CTX_set_psk_use_session_callback
SSL_CTX_set_purpose
SSL_CTX_set_quiet_shutdown
SSL_CTX_set_record_padding_callback
SSL_CTX_set_record_padding_callback_arg
SSL_CTX_set_recv_max_early_data
SSL_CTX_set_security_callback
SSL_CTX_set_security_level
SSL_CTX_set_session_id_context
SSL_CTX_set_session_ticket_cb
SSL_CTX_set_srp_cb_arg
SSL_CTX_set_srp_client_pwd_callback
SSL_CTX_set_srp_password
SSL_CTX_set_srp_strength
SSL_CTX_set_srp_username
SSL_CTX_set_srp_username_callback
SSL_CTX_set_srp_verify_param_callback
SSL_CTX_set_ssl_version
SSL_CTX_set_stateless_cookie_generate_cb
SSL_CTX_set_stateless_cookie_verify_cb
SSL_CTX_set_timeout
SSL_CTX_set_tlsext_max_fragment_length
SSL_CTX_set_tlsext_ticket_key_evp_cb
SSL_CTX_set_tlsext_use_srtp
SSL_CTX_set_tmp_dh_callback
SSL_CTX_set_trust
SSL_CTX_set_verify
SSL_CTX_set_verify_depth
SSL_CTX_up_ref
SSL_CTX_use_PrivateKey
SSL_CTX_use_PrivateKey_ASN1
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_RSAPrivateKey
SSL_CTX_use_RSAPrivateKey_ASN1
SSL_CTX_use_RSAPrivateKey_file
SSL_CTX_use_cert_and_key
SSL_CTX_use_certificate
SSL_CTX_use_certificate_ASN1
SSL_CTX_use_certificate_chain_file
SSL_CTX_use_certificate_file
SSL_CTX_use_psk_identity_hint
SSL_CTX_use_serverinfo
SSL_CTX_use_serverinfo_ex
SSL_CTX_use_serverinfo_file
SSL_SESSION_dup
SSL_SESSION_free
SSL_SESSION_get0_alpn_selected
SSL_SESSION_get0_cipher
SSL_SESSION_get0_hostname
SSL_SESSION_get0_id_context
SSL_SESSION_get0_peer
SSL_SESSION_get0_ticket
SSL_SESSION_get0_ticket_appdata
SSL_SESSION_get_compress_id
SSL_SESSION_get_ex_data
SSL_SESSION_get_id
SSL_SESSION_get_master_key
SSL_SESSION_get_max_early_data
SSL_SESSION_get_max_fragment_length
SSL_SESSION_get_protocol_version
SSL_SESSION_get_ticket_lifetime_hint
SSL_SESSION_get_time
SSL_SESSION_get_timeout
SSL_SESSION_has_ticket
SSL_SESSION_is_resumable
SSL_SESSION_new
SSL_SESSION_print
SSL_SESSION_print_fp
SSL_SESSION_print_keylog
SSL_SESSION_set1_alpn_selected
SSL_SESSION_set1_hostname
SSL_SESSION_set1_id
SSL_SESSION_set1_id_context
SSL_SESSION_set1_master_key
SSL_SESSION_set1_ticket_appdata
SSL_SESSION_set_cipher
SSL_SESSION_set_ex_data
SSL_SESSION_set_max_early_data
SSL_SESSION_set_protocol_version
SSL_SESSION_set_time
SSL_SESSION_set_timeout
SSL_SESSION_up_ref
SSL_SRP_CTX_free
SSL_SRP_CTX_init
SSL_accept
SSL_add1_host
SSL_add1_to_CA_list
SSL_add_client_CA
SSL_add_dir_cert_subjects_to_stack
SSL_add_file_cert_subjects_to_stack
SSL_add_ssl_module
SSL_add_store_cert_subjects_to_stack
SSL_alert_desc_string
SSL_alert_desc_string_long
SSL_alert_type_string
SSL_alert_type_string_long
SSL_alloc_buffers
SSL_bytes_to_cipher_list
SSL_callback_ctrl
SSL_certs_clear
SSL_check_chain
SSL_check_private_key
SSL_clear
SSL_clear_options
SSL_client_hello_get0_ciphers
SSL_client_hello_get0_compression_methods
SSL_client_hello_get0_ext
SSL_client_hello_get0_legacy_version
SSL_client_hello_get0_random
SSL_client_hello_get0_session_id
SSL_client_hello_get1_extensions_present
SSL_client_hello_isv2
SSL_client_version
SSL_config
SSL_connect
SSL_copy_session_id
SSL_ct_is_enabled
SSL_ctrl
SSL_dane_clear_flags
SSL_dane_enable
SSL_dane_set_flags
SSL_dane_tlsa_add
SSL_do_handshake
SSL_dup
SSL_dup_CA_list
SSL_enable_ct
SSL_export_keying_material
SSL_export_keying_material_early
SSL_extension_supported
SSL_free
SSL_free_buffers
SSL_get0_CA_list
SSL_get0_alpn_selected
SSL_get0_dane
SSL_get0_dane_authority
SSL_get0_dane_tlsa
SSL_get0_next_proto_negotiated
SSL_get0_param
SSL_get0_peer_CA_list
SSL_get0_peer_certificate
SSL_get0_peer_scts
SSL_get0_peername
SSL_get0_security_ex_data
SSL_get0_verified_chain
SSL_get1_peer_certificate
SSL_get1_session
SSL_get1_supported_ciphers
SSL_get_SSL_CTX
SSL_get_all_async_fds
SSL_get_async_status
SSL_get_certificate
SSL_get_changed_async_fds
SSL_get_cipher_list
SSL_get_ciphers
SSL_get_client_CA_list
SSL_get_client_ciphers
SSL_get_client_random
SSL_get_current_cipher
SSL_get_current_compression
SSL_get_current_expansion
SSL_get_default_passwd_cb
SSL_get_default_passwd_cb_userdata
SSL_get_default_timeout
SSL_get_early_data_status
SSL_get_error
SSL_get_ex_data
SSL_get_ex_data_X509_STORE_CTX_idx
SSL_get_fd
SSL_get_finished
SSL_get_info_callback
SSL_get_key_update_type
SSL_get_max_early_data
SSL_get_num_tickets
SSL_get_options
SSL_get_peer_cert_chain
SSL_get_peer_finished
SSL_get_peer_signature_type_nid
SSL_get_pending_cipher
SSL_get_privatekey
SSL_get_psk_identity
SSL_get_psk_identity_hint
SSL_get_quiet_shutdown
SSL_get_rbio
SSL_get_read_ahead
SSL_get_record_padding_callback_arg
SSL_get_recv_max_early_data
SSL_get_rfd
SSL_get_security_callback
SSL_get_security_level
SSL_get_selected_srtp_profile
SSL_get_server_random
SSL_get_servername
SSL_get_servername_type
SSL_get_session
SSL_get_shared_ciphers
SSL_get_shared_sigalgs
SSL_get_shutdown
SSL_get_sigalgs
SSL_get_signature_type_nid
SSL_get_srp_N
SSL_get_srp_g
SSL_get_srp_userinfo
SSL_get_srp_username
SSL_get_srtp_profiles
SSL_get_ssl_method
SSL_get_state
SSL_get_verify_callback
SSL_get_verify_depth
SSL_get_verify_mode
SSL_get_verify_result
SSL_get_version
SSL_get_wbio
SSL_get_wfd
SSL_group_to_name
SSL_has_matching_session_id
SSL_has_pending
SSL_in_before
SSL_in_init
SSL_is_dtls
SSL_is_init_finished
SSL_is_server
SSL_key_update
SSL_load_client_CA_file
SSL_load_client_CA_file_ex
SSL_new
SSL_new_session_ticket
SSL_peek
SSL_peek_ex
SSL_pending
SSL_read
SSL_read_early_data
SSL_read_ex
SSL_renegotiate
SSL_renegotiate_abbreviated
SSL_renegotiate_pending
SSL_rstate_string
SSL_rstate_string_long
SSL_select_next_proto
SSL_sendfile
SSL_session_reused
SSL_set0_CA_list
SSL_set0_rbio
SSL_set0_security_ex_data
SSL_set0_tmp_dh_pkey
SSL_set0_wbio
SSL_set1_host
SSL_set1_param
SSL_set_SSL_CTX
SSL_set_accept_state
SSL_set_allow_early_data_cb
SSL_set_alpn_protos
SSL_set_async_callback
SSL_set_async_callback_arg
SSL_set_bio
SSL_set_block_padding
SSL_set_cert_cb
SSL_set_cipher_list
SSL_set_ciphersuites
SSL_set_client_CA_list
SSL_set_connect_state
SSL_set_ct_validation_callback
SSL_set_debug
SSL_set_default_passwd_cb
SSL_set_default_passwd_cb_userdata
SSL_set_default_read_buffer_len
SSL_set_ex_data
SSL_set_fd
SSL_set_generate_session_id
SSL_set_hostflags
SSL_set_info_callback
SSL_set_max_early_data
SSL_set_msg_callback
SSL_set_not_resumable_session_callback
SSL_set_num_tickets
SSL_set_options
SSL_set_post_handshake_auth
SSL_set_psk_client_callback
SSL_set_psk_find_session_callback
SSL_set_psk_server_callback
SSL_set_psk_use_session_callback
SSL_set_purpose
SSL_set_quiet_shutdown
SSL_set_read_ahead
SSL_set_record_padding_callback
SSL_set_record_padding_callback_arg
SSL_set_recv_max_early_data
SSL_set_rfd
SSL_set_security_callback
SSL_set_security_level
SSL_set_session
SSL_set_session_id_context
SSL_set_session_secret_cb
SSL_set_session_ticket_ext
SSL_set_session_ticket_ext_cb
SSL_set_shutdown
SSL_set_srp_server_param
SSL_set_srp_server_param_pw
SSL_set_ssl_method
SSL_set_tlsext_max_fragment_length
SSL_set_tlsext_use_srtp
SSL_set_tmp_dh_callback
SSL_set_trust
SSL_set_verify
SSL_set_verify_depth
SSL_set_verify_result
SSL_set_wfd
SSL_shutdown
SSL_srp_server_param_with_username
SSL_state_string
SSL_state_string_long
SSL_stateless
SSL_trace
SSL_up_ref
SSL_use_PrivateKey
SSL_use_PrivateKey_ASN1
SSL_use_PrivateKey_file
SSL_use_RSAPrivateKey
SSL_use_RSAPrivateKey_ASN1
SSL_use_RSAPrivateKey_file
SSL_use_cert_and_key
SSL_use_certificate
SSL_use_certificate_ASN1
SSL_use_certificate_chain_file
SSL_use_certificate_file
SSL_use_psk_identity_hint
SSL_verify_client_post_handshake
SSL_version
SSL_waiting_for_async
SSL_want

Sections

.text
Size: 537KB - Virtual size: 536KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
magichk32.dll
.dll windows:5 windows x86 arch:x86

1e02664e74e061136922be84ac79f7f7

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:2d:cc:39:18:5a:9c:0b:9a:4e:98:4b:ba:9b:8e:e3
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:2d:8c:51:24:3c:49:35:1a:b9:89:cc:ef:19:b5:29
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ec:ee:cc:58:81:96:70:46:a4:68:32:73:74:42:b0:98:09:86:d9:4b:ec:68:e5:0d:79:a3:f3:88:46:45:50:9b
Signer

Actual PE Digest

ec:ee:cc:58:81:96:70:46:a4:68:32:73:74:42:b0:98:09:86:d9:4b:ec:68:e5:0d:79:a3:f3:88:46:45:50:9b

Digest Algorithm

sha256

PE Digest Matches

true

5a:dc:4c:5b:49:c6:60:a3:d6:ff:21:47:84:cf:04:ba:9a:62:ce:d5
Signer

Actual PE Digest

5a:dc:4c:5b:49:c6:60:a3:d6:ff:21:47:84:cf:04:ba:9a:62:ce:d5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\free\EasyHook-2.7.6789.0\Build\netfx3.5-Release\x86\magichk32.pdb

Imports

psapi

EnumProcessModules
GetModuleInformation

kernel32

TlsFree
GetCurrentThreadId
GetSystemInfo
GetLastError
GetCurrentProcess
GetProcAddress
GetModuleFileNameA
GetFullPathNameW
GetEnvironmentVariableW
SetEnvironmentVariableW
SetEvent
GetModuleHandleW
LoadLibraryW
GetModuleHandleA
CloseHandle
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
DeleteCriticalSection
GetThreadContext
SetThreadContext
WaitForSingleObject
OpenProcess
Thread32First
ReadProcessMemory
Thread32Next
VirtualAllocEx
OpenThread
CreateEventW
CreateToolhelp32Snapshot
DuplicateHandle
TlsAlloc
SuspendThread
ResumeThread
TlsGetValue
CreateProcessW
CreateRemoteThread
TlsSetValue
WideCharToMultiByte
TerminateProcess
lstrlenW
SetLastError
GetExitCodeThread
Module32FirstW
WaitForMultipleObjects
Module32NextW
GetCurrentProcessId
FatalAppExitW
GetModuleFileNameW
CreateFileW
HeapAlloc
HeapFree
IsBadReadPtr
InitializeCriticalSection
Sleep
LeaveCriticalSection
EnterCriticalSection
VirtualProtect
InterlockedExchange
VirtualQuery
SetStdHandle
OutputDebugStringW
LoadLibraryA
HeapCreate
HeapDestroy
FreeLibrary
WriteConsoleW
SetEndOfFile
WriteProcessMemory
GetVersionExW
LCMapStringW
EncodePointer
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
GetStdHandle
GetFileType
GetStartupInfoW
GetProcessHeap
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WriteFile
RtlUnwind
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
HeapReAlloc
LoadLibraryExW
ReadFile
ReadConsoleW
GetStringTypeW

advapi32

StartServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
OpenProcessToken

ole32

CoTaskMemAlloc
CoTaskMemFree

shlwapi

PathQuoteSpacesW

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
naca32.dll
.dll windows:5 windows x86 arch:x86

7946363053b0344e97034fb32804596d

Code Sign

0f:2d:cc:39:18:5a:9c:0b:9a:4e:98:4b:ba:9b:8e:e3
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:5b:05:21:b0:1f:8f:a1:fd:1e:2a:e0:34:06:d6:ef
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

19/08/2022, 00:00

Not After

20/08/2025, 23:59

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,L=济南市,ST=山东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

70:79:a7:8d:47:d3:eb:e1:5a:0d:14:60:e2:2c:76:03:8d:65:80:5a:53:dd:80:28:4a:e1:db:b5:15:c0:24:bb
Signer

Actual PE Digest

70:79:a7:8d:47:d3:eb:e1:5a:0d:14:60:e2:2c:76:03:8d:65:80:5a:53:dd:80:28:4a:e1:db:b5:15:c0:24:bb

Digest Algorithm

sha256

PE Digest Matches

true

eb:a8:7e:2c:92:ac:63:63:65:a1:08:32:b7:7c:bc:c0:3d:a0:d2:03
Signer

Actual PE Digest

eb:a8:7e:2c:92:ac:63:63:65:a1:08:32:b7:7c:bc:c0:3d:a0:d2:03

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\naca\Release\naca32.pdb

Imports

kernel32

LocalAlloc
lstrcmpiW
FreeLibrary
DisableThreadLibraryCalls
GetModuleFileNameW
lstrcmpA
SetLastError
lstrlenW
lstrcpynW
GetExitCodeProcess
OutputDebugStringW
WaitForSingleObject
CreateThread
CloseHandle
EnterCriticalSection
GetProcAddress
lstrcmpiA
GetLastError
MultiByteToWideChar
GetACP
LeaveCriticalSection
Sleep
OutputDebugStringA
Module32NextW
GetFileAttributesExW
CreateToolhelp32Snapshot
lstrcatW
Process32NextW
Module32FirstW
QueryDosDeviceW
LoadLibraryW
InitializeCriticalSection
GetModuleHandleW
ProcessIdToSessionId
Process32FirstW
CreateFileW
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
InterlockedExchange
LoadLibraryA
GetCPInfo
GetOEMCP
IsValidCodePage
GetLocaleInfoW
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
GetLogicalDrives
GetWindowsDirectoryW
GetModuleHandleA
lstrcpyW
lstrcpyA
VirtualQuery
CreateProcessW
GlobalSize
GlobalLock
OpenProcess
GetVersionExW
ReadFile

user32

SendMessageTimeoutW
PostMessageW
IsWindowEnabled
FindWindowW
GetWindowLongW
EnumChildWindows
IsWindow

iphlpapi

GetAdaptersInfo

shlwapi

SHGetValueW
StrChrW
StrCmpNIW
StrStrIA
wvnsprintfA
wnsprintfW
PathFileExistsW
PathAppendW
SHSetValueW
wnsprintfA
PathIsDirectoryW
StrStrW
StrStrIW
wvnsprintfW
PathFindFileNameW
SHGetValueA
StrChrA
PathFileExistsA

ws2_32

inet_ntoa

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

psapi

GetProcessImageFileNameW

libcurl32

curl_slist_append
curl_easy_setopt
curl_easy_perform
curl_easy_strerror
curl_easy_cleanup
curl_global_init
curl_slist_free_all
curl_easy_init
curl_easy_reset

advapi32

CloseServiceHandle
OpenProcessToken
OpenSCManagerW
OpenServiceW
CreateProcessAsUserW
ControlService
QueryServiceStatus

ole32

CreateStreamOnHGlobal
GetHGlobalFromStream

Sections

.text
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nacmacwatch.dll
.dll windows:5 windows x86 arch:x86

1e696572c3ff4dfe665db4b1cf3794f4

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

96:3c:1a:36:7e:d4:7e:b3:f7:ce:ba:fe:5c:96:65:d9:c3:18:ee:57:60:d2:51:49:05:70:58:28:a9:80:69:0b
Signer

Actual PE Digest

96:3c:1a:36:7e:d4:7e:b3:f7:ce:ba:fe:5c:96:65:d9:c3:18:ee:57:60:d2:51:49:05:70:58:28:a9:80:69:0b

Digest Algorithm

sha256

PE Digest Matches

true

fb:94:83:02:a6:f9:c0:1a:26:a3:a8:fd:0a:67:6d:e8:70:35:5b:42
Signer

Actual PE Digest

fb:94:83:02:a6:f9:c0:1a:26:a3:a8:fd:0a:67:6d:e8:70:35:5b:42

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\nacmacwatch\Release\nacmacwatch.pdb

Imports

shlwapi

PathAppendW
PathFileExistsW
StrStrIA
wnsprintfA
wvnsprintfW
PathIsDirectoryW
StrStrW
PathFindFileNameW
wnsprintfW
wvnsprintfA
PathRemoveFileSpecW
StrStrIW
StrChrW
SHGetValueW
StrCmpNIW
SHSetValueW
StrChrA

ws2_32

ioctlsocket
connect
inet_addr
select
WSAGetLastError
htons
socket
inet_ntoa
closesocket
__WSAFDIsSet

iphlpapi

GetAdaptersInfo

kernel32

lstrcmpiW
GetModuleHandleA
OutputDebugStringA
GetVersion
GetFileAttributesW
LoadLibraryW
GetModuleHandleW
FreeLibrary
DisableThreadLibraryCalls
lstrcmpiA
lstrcpynW
lstrcmpA
GetCurrentThreadId
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetTickCount
SetEvent
InterlockedIncrement
CreateThread
CloseHandle
SetLastError
GetLastError
GetTempPathW
GetExitCodeProcess
Sleep
OutputDebugStringW
WaitForSingleObject
CreateEventW
GetModuleFileNameW
LocalAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
SetFilePointer
GetWindowsDirectoryW
lstrcpyA
lstrcpyW
LocalFree
DeleteFileW
Module32NextW
OpenEventW
GetFileAttributesExW
CreateToolhelp32Snapshot
lstrcatW
Process32NextW
Module32FirstW
QueryDosDeviceW
WriteConsoleA
GetConsoleOutputCP
InterlockedDecrement
InterlockedExchange
DeleteCriticalSection
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
GetCommandLineA
RaiseException
RtlUnwind
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
WriteFile
GetStdHandle
GetModuleFileNameA
ExitProcess
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetLocaleInfoW
WriteConsoleW
CreateFileA
VirtualQuery
lstrcpynA
CreateProcessW
GetLogicalDrives
OpenProcess
GetVersionExW
ReadFile
CreateFileW
lstrlenW
GetLocalTime
Process32FirstW
ProcessIdToSessionId

user32

SendMessageTimeoutW
PostMessageW
IsWindowEnabled
FindWindowW
GetWindowLongW
EnumChildWindows
IsWindow

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

shell32

ord165

psapi

GetProcessImageFileNameW

advapi32

SetFileSecurityW
RegOpenKeyExW
FreeSid
RegEnumValueW
OpenProcessToken
GetUserNameW
RegCloseKey
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetEntriesInAclW
AllocateAndInitializeSid

ole32

CoCreateGuid

Exports

Exports

NacMacWatchSetConfig
NacMacWatchSetServerIpPort
NacMacWatchStart

Sections

.text
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nfapi.dll
.dll windows:6 windows x86 arch:x86

599e11bf6d8a09b832bbe62adc5c96cd

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b4:30:c0:e6:d9:3c:32:8f:74:b1:5c:08:65:08:ec:7c:88:08:4c:3e:bb:b0:8d:23:49:21:0a:fc:3d:d4:65:ca
Signer

Actual PE Digest

b4:30:c0:e6:d9:3c:32:8f:74:b1:5c:08:65:08:ec:7c:88:08:4c:3e:bb:b0:8d:23:49:21:0a:fc:3d:d4:65:ca

Digest Algorithm

sha256

PE Digest Matches

true

70:d6:f3:be:5a:ec:72:c0:c5:0b:fe:7e:ed:8f:94:34:d4:82:72:a0
Signer

Actual PE Digest

70:d6:f3:be:5a:ec:72:c0:c5:0b:fe:7e:ed:8f:94:34:d4:82:72:a0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\projects\projectsJ\nfsdk2_1.6\nfapi\build\release\win32\nfapi.pdb

Imports

kernel32

GetOverlappedResult
ReadFile
DeviceIoControl
GetProcAddress
GetModuleHandleA
OpenProcess
CancelIo
GetLogicalDriveStringsW
QueryDosDeviceW
GetDriveTypeW
SetLastError
CreateFileA
GetVersionExA
GetLastError
WriteFile
GetTickCount
WaitForMultipleObjects
WaitForSingleObject
SetEvent
GetSystemInfo
ResetEvent
CreateEventA
CloseHandle
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetCurrentProcessId
EnterCriticalSection
FlushFileBuffers
WriteConsoleW
SetStdHandle
HeapAlloc
HeapFree
EncodePointer
DecodePointer
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RaiseException
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
InterlockedDecrement
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
GetStdHandle
GetModuleFileNameW
GetProcessHeap
HeapSize
Sleep
InterlockedIncrement
GetCurrentThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
CreateSemaphoreW
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
FatalAppExitA
InterlockedExchange
FreeLibrary
SetConsoleCtrlHandler
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
LoadLibraryW
HeapReAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
CreateFileW

advapi32

DeleteService
RegSetValueExA
QueryServiceStatus
OpenServiceA
StartServiceA
CloseServiceHandle
CreateServiceW
OpenSCManagerA
RegCloseKey
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegQueryValueExA

psapi

GetModuleFileNameExA
GetModuleFileNameExW

Exports

Exports

?nf_addBindingRule@nfapi@@YA?AW4_NF_STATUS@@PAU_NF_BINDING_RULE@1@H@Z
?nf_addFlowCtl@nfapi@@YA?AW4_NF_STATUS@@PAU_NF_FLOWCTL_DATA@1@PAI@Z
?nf_addRule@nfapi@@YA?AW4_NF_STATUS@@PAU_NF_RULE@1@H@Z
?nf_addRuleEx@nfapi@@YA?AW4_NF_STATUS@@PAU_NF_RULE_EX@1@H@Z
?nf_adjustProcessPriviledges@nfapi@@YAXXZ
?nf_completeTCPConnectRequest@nfapi@@YA?AW4_NF_STATUS@@_KPAU_NF_TCP_CONN_INFO@1@@Z
?nf_completeUDPConnectRequest@nfapi@@YA?AW4_NF_STATUS@@_KPAU_NF_UDP_CONN_REQUEST@1@@Z
?nf_deleteBindingRules@nfapi@@YA?AW4_NF_STATUS@@XZ
?nf_deleteFlowCtl@nfapi@@YA?AW4_NF_STATUS@@I@Z
?nf_deleteRules@nfapi@@YA?AW4_NF_STATUS@@XZ
?nf_free@nfapi@@YAXXZ
?nf_getConnCount@nfapi@@YAKXZ
?nf_getDriverType@nfapi@@YAKXZ
?nf_getFlowCtlStat@nfapi@@YA?AW4_NF_STATUS@@IPAU_NF_FLOWCTL_STAT@1@@Z
?nf_getProcessNameA@nfapi@@YAHKPADK@Z
?nf_getProcessNameFromKernel@nfapi@@YAHKPA_WK@Z
?nf_getProcessNameW@nfapi@@YAHKPA_WK@Z
?nf_getTCPConnInfo@nfapi@@YA?AW4_NF_STATUS@@_KPAU_NF_TCP_CONN_INFO@1@@Z
?nf_getTCPStat@nfapi@@YA?AW4_NF_STATUS@@_KPAU_NF_FLOWCTL_STAT@1@@Z
?nf_getUDPConnInfo@nfapi@@YA?AW4_NF_STATUS@@_KPAU_NF_UDP_CONN_INFO@1@@Z
?nf_getUDPStat@nfapi@@YA?AW4_NF_STATUS@@_KPAU_NF_FLOWCTL_STAT@1@@Z
?nf_init@nfapi@@YA?AW4_NF_STATUS@@PBDPAVNF_EventHandler@1@@Z
?nf_ipPostReceive@nfapi@@YA?AW4_NF_STATUS@@PBDHPAU_NF_IP_PACKET_OPTIONS@1@@Z
?nf_ipPostSend@nfapi@@YA?AW4_NF_STATUS@@PBDHPAU_NF_IP_PACKET_OPTIONS@1@@Z
?nf_modifyFlowCtl@nfapi@@YA?AW4_NF_STATUS@@IPAU_NF_FLOWCTL_DATA@1@@Z
?nf_registerDriver@nfapi@@YA?AW4_NF_STATUS@@PBD@Z
?nf_registerDriverEx@nfapi@@YA?AW4_NF_STATUS@@PBD0@Z
?nf_setIPEventHandler@nfapi@@YAXPAVNF_IPEventHandler@1@@Z
?nf_setOptions@nfapi@@YAXKK@Z
?nf_setRules@nfapi@@YA?AW4_NF_STATUS@@PAU_NF_RULE@1@H@Z
?nf_setRulesEx@nfapi@@YA?AW4_NF_STATUS@@PAU_NF_RULE_EX@1@H@Z
?nf_setTCPFlowCtl@nfapi@@YA?AW4_NF_STATUS@@_KI@Z
?nf_setTCPTimeout@nfapi@@YAKK@Z
?nf_setUDPFlowCtl@nfapi@@YA?AW4_NF_STATUS@@_KI@Z
?nf_tcpClose@nfapi@@YA?AW4_NF_STATUS@@_K@Z
?nf_tcpDisableFiltering@nfapi@@YA?AW4_NF_STATUS@@_K@Z
?nf_tcpIsProxy@nfapi@@YAHK@Z
?nf_tcpPostReceive@nfapi@@YA?AW4_NF_STATUS@@_KPBDH@Z
?nf_tcpPostSend@nfapi@@YA?AW4_NF_STATUS@@_KPBDH@Z
?nf_tcpSetConnectionState@nfapi@@YA?AW4_NF_STATUS@@_KH@Z
?nf_tcpSetSockOpt@nfapi@@YA?AW4_NF_STATUS@@_KHPBDH@Z
?nf_udpDisableFiltering@nfapi@@YA?AW4_NF_STATUS@@_K@Z
?nf_udpPostReceive@nfapi@@YA?AW4_NF_STATUS@@_KPBEPBDHPAU_NF_UDP_OPTIONS@1@@Z
?nf_udpPostSend@nfapi@@YA?AW4_NF_STATUS@@_KPBEPBDHPAU_NF_UDP_OPTIONS@1@@Z
?nf_udpSetConnectionState@nfapi@@YA?AW4_NF_STATUS@@_KH@Z
?nf_unRegisterDriver@nfapi@@YA?AW4_NF_STATUS@@PBD@Z

Sections

.text
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nfentry32.dll
.dll windows:5 windows x86 arch:x86

c32a8feb9eb910c003834459a6874fe1

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b8:ef:ac:d0:b8:e8:3e:54:65:0c:e4:8c:62:74:12:18:98:e1:3b:47:da:51:f9:66:6b:cb:68:64:a6:bb:b3:b4
Signer

Actual PE Digest

b8:ef:ac:d0:b8:e8:3e:54:65:0c:e4:8c:62:74:12:18:98:e1:3b:47:da:51:f9:66:6b:cb:68:64:a6:bb:b3:b4

Digest Algorithm

sha256

PE Digest Matches

true

34:76:82:eb:4e:e2:00:5e:31:4e:0d:eb:d4:c4:33:e1:ff:91:9e:5b
Signer

Actual PE Digest

34:76:82:eb:4e:e2:00:5e:31:4e:0d:eb:d4:c4:33:e1:ff:91:9e:5b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\po\trunk\modules\nfentry\Release\nfentry32.pdb

Imports

kernel32

OpenProcess
GetProcAddress
LoadLibraryW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetModuleFileNameW
GetFileAttributesW
GetCurrentProcessId
GetLocalTime
DisableThreadLibraryCalls
GetSystemDirectoryW
lstrcpynW
DeleteCriticalSection
lstrcmpA
GetCurrentThreadId
lstrlenA
SetEndOfFile
SetFilePointer
lstrlenW
lstrcmpiW
CreateEventA
CreateThread
SetEvent
CreateEventW
WriteFile
OutputDebugStringW
WaitForSingleObject
GetTempPathW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
lstrcmpiA
CloseHandle
DeleteFileW
GetLastError
HeapSize
WriteConsoleW
SetStdHandle
ReadConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetFileType
GetStdHandle
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
HeapReAlloc
InterlockedFlushSList
LoadLibraryExW
FreeLibrary
RtlUnwind
Sleep
CreateFileW
ReadFile
RaiseException
InterlockedIncrement
GetFileSize
MoveFileExW
GetWindowsDirectoryW
OutputDebugStringA
VirtualQuery
lstrcmpW
WideCharToMultiByte
EncodePointer
DecodePointer
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
SizeofResource
QueryDosDeviceW
GetLogicalDrives
FindFirstFileW
GetFileSizeEx
HeapFree
FindNextFileW
RemoveDirectoryW
FindClose
OpenEventW
GetVersionExW
GetModuleHandleA
GetACP
SetFileAttributesW
CreateToolhelp32Snapshot
ProcessIdToSessionId
GetFileAttributesExW
Process32NextW
LoadLibraryA
lstrcatW
LockResource
lstrcpyA
Process32FirstW
LoadResource
FindResourceW
HeapAlloc
Module32FirstW
GetCurrentDirectoryW
SetFilePointerEx
LocalFree
lstrcpynA
GetProcessHeap
SystemTimeToFileTime
CreateProcessW
CopyFileW
lstrcpyW
Module32NextW
GetTempFileNameW

user32

GetWindowThreadProcessId
IsWindow
GetForegroundWindow

shell32

SHGetSpecialFolderLocation
ord165
SHGetPathFromIDListW
SHGetFolderPathW

ole32

CoCreateGuid
CoTaskMemFree

shlwapi

StrStrIA
StrStrIW
StrStrA
StrStrW
PathFileExistsW
StrCatW
SHCreateStreamOnFileW
PathMatchSpecA
PathAppendW
SHDeleteValueW
wnsprintfW
PathFindFileNameW
SHDeleteKeyW
PathFindExtensionW
wnsprintfA
SHGetValueW
SHGetValueA
StrCmpNIW
PathRemoveFileSpecW
StrChrA
StrChrW
wvnsprintfW
SHSetValueW
StrCmpNIA
wvnsprintfA
StrNCatW
PathIsDirectoryW

ws2_32

inet_addr
gethostbyname
closesocket
ntohl
ntohs
send
connect
WSASocketW
WSACloseEvent
bind
recv
htons

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

psapi

GetProcessImageFileNameW

dnsapi

DnsFree
DnsQuery_A

nfapi

?nf_deleteRules@nfapi@@YA?AW4_NF_STATUS@@XZ
?nf_tcpClose@nfapi@@YA?AW4_NF_STATUS@@_K@Z
?nf_udpSetConnectionState@nfapi@@YA?AW4_NF_STATUS@@_KH@Z
?nf_tcpSetConnectionState@nfapi@@YA?AW4_NF_STATUS@@_KH@Z
?nf_tcpPostReceive@nfapi@@YA?AW4_NF_STATUS@@_KPBDH@Z
?nf_adjustProcessPriviledges@nfapi@@YAXXZ
?nf_init@nfapi@@YA?AW4_NF_STATUS@@PBDPAVNF_EventHandler@1@@Z
?nf_udpPostSend@nfapi@@YA?AW4_NF_STATUS@@_KPBEPBDHPAU_NF_UDP_OPTIONS@1@@Z
?nf_addRule@nfapi@@YA?AW4_NF_STATUS@@PAU_NF_RULE@1@H@Z
?nf_udpPostReceive@nfapi@@YA?AW4_NF_STATUS@@_KPBEPBDHPAU_NF_UDP_OPTIONS@1@@Z
?nf_tcpPostSend@nfapi@@YA?AW4_NF_STATUS@@_KPBDH@Z

protocolfilters

?pf_deleteExceptions@ProtocolFilters@@YAXW4_eEXCEPTION_CLASS@1@@Z
?pf_postObject@ProtocolFilters@@YAH_KPAVPFObject@1@@Z
?pf_addFilter@ProtocolFilters@@YAH_KW4_PF_FilterType@1@KW4_PF_OpTarget@1@1@Z
?pf_getNFEventHandler@ProtocolFilters@@YAPAVNF_EventHandler@nfapi@@XZ
?PFObject_create@ProtocolFilters@@YAPAVPFObject@1@HH@Z
?pf_unzipStream@ProtocolFilters@@YAHPAVPFStream@1@@Z
?pf_setRootSSLCertSubject@ProtocolFilters@@YAXPBD@Z
?pf_init@ProtocolFilters@@YAHPAVPFEvents@1@PB_W@Z

advapi32

GetUserNameW
SetSecurityDescriptorDacl
RegEnumValueW
OpenServiceW
CreateProcessAsUserW
RegOpenKeyExW
InitializeSecurityDescriptor
FreeSid
OpenProcessToken
RegSetValueExW
RegEnumKeyExW
ControlService
DeleteService
RegCreateKeyExW
SetEntriesInAclW
AllocateAndInitializeSid
OpenSCManagerW
CloseServiceHandle
QueryServiceStatus
SetFileSecurityW
RegCloseKey

Sections

.text
Size: 476KB - Virtual size: 475KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nftdi32.sys
.sys windows:6 windows x86 arch:x86

76c69bae38bdd5bdc4a08a9bd7c3df11

Code Sign

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/06/2022, 18:08

Not After

01/06/2023, 18:08

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

af:64:26:56:ab:53:7a:4a:db:aa:0e:2d:ff:95:32:0d:15:73:7c:29:77:a2:36:fd:63:93:60:26:e2:7d:0b:56
Signer

Actual PE Digest

af:64:26:56:ab:53:7a:4a:db:aa:0e:2d:ff:95:32:0d:15:73:7c:29:77:a2:36:fd:63:93:60:26:e2:7d:0b:56

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\projects\projectsj\nfsdk2_1.6\driver_tdi\demo\objfre_wxp_x86\i386\netfilter2.pdb

Imports

ntoskrnl.exe

IoCreateSymbolicLink
IoCreateDevice
IoDeleteSymbolicLink
IofCompleteRequest
ZwClose
ObfDereferenceObject
ObOpenObjectByPointer
PsLookupProcessByProcessId
MmGetSystemRoutineAddress
RtlInitUnicodeString
IoDetachDevice
IofCallDriver
ProbeForWrite
IoFreeMdl
memcpy
MmBuildMdlForNonPagedPool
IoBuildDeviceIoControlRequest
IoAllocateMdl
RtlDowncaseUnicodeString
PsGetCurrentProcessId
KeWaitForSingleObject
KeInitializeEvent
KeInsertQueueDpc
IoReleaseCancelSpinLock
IoDeleteDevice
IoFreeIrp
MmMapLockedPagesSpecifyCache
IoAllocateIrp
KeInitializeTimer
KeInitializeDpc
RtlAppendUnicodeToString
IoAttachDeviceToDeviceStack
IoGetDeviceObjectPointer
KeSetTimer
MmFreePagesFromMdl
MmUnmapLockedPages
MmAllocatePagesForMdl
ZwQueryValueKey
ZwOpenKey
ZwSetSecurityObject
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
RtlLengthSid
SeExports
KeTickCount
KeBugCheckEx
_aullrem
ExFreePoolWithTag
memset
ObReferenceObjectByHandle
ExAllocatePoolWithTag
RtlUnwind

hal

KfAcquireSpinLock
KfReleaseSpinLock

tdi.sys

TdiMapUserRequest

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nfwfp32.sys
.sys windows:6 windows x86 arch:x86

a65ef72ae30959ac4919b9570eff3a27

Code Sign

33:00:00:00:69:9d:42:c9:76:75:b5:08:82:00:00:00:00:00:69
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/01/2024, 20:09

Not After

10/01/2025, 20:09

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:9c:21:38:30:2a:1d:d3:71:93:17:ca:1a:d9:3c:d8:79:0d:58:0c:27:d4:7d:d0:0a:57:56:16:b5:22:2d:e1
Signer

Actual PE Digest

2d:9c:21:38:30:2a:1d:d3:71:93:17:ca:1a:d9:3c:d8:79:0d:58:0c:27:d4:7d:d0:0a:57:56:16:b5:22:2d:e1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\projects\projectsJ\nfsdk2_1.6\driver_wfp\msvc\Win8ReleaseDemo\Win32\netfilter2.pdb

Imports

fwpkclnt.sys

FwpsFreeNetBufferList0

ndis.sys

NdisGetDataBuffer
NdisAllocateGenericObject
NdisFreeGenericObject
NdisAdvanceNetBufferDataStart
NdisWaitEvent
NdisAllocateNetBufferListPool
NdisFreeNetBufferListPool
NdisRetreatNetBufferDataStart
NdisInitializeEvent

ntoskrnl.exe

memcpy
memset
RtlInitUnicodeString
MmGetSystemRoutineAddress
RtlAppendUnicodeToString
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
ExFreePoolWithTag
InterlockedPopEntrySList
InterlockedPushEntrySList
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
MmBuildMdlForNonPagedPool
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
MmAllocatePagesForMdl
MmFreePagesFromMdl
PsCreateSystemThread
PsTerminateSystemThread
swprintf_s
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoFreeMdl
IoReleaseCancelSpinLock
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
ZwOpenKey
ZwQueryValueKey
PsGetCurrentProcessId
ZwSetInformationThread
RtlLengthSid
RtlCreateAcl
RtlAddAccessAllowedAce
PsLookupProcessByProcessId
ObOpenObjectByPointer
ZwSetSecurityObject
SeExports
RtlGetVersion
KeQuerySystemTime
_allmul
_aulldiv
_aullrem
RtlValidSid
_stricmp
ZwQuerySystemInformation
RtlUnwind
KeTickCount
KeBugCheckEx
ExUuidCreate
ExAllocatePoolWithTag
RtlCompareMemory
IoAllocateMdl

hal

KeReleaseInStackQueuedSpinLock
KeGetCurrentIrql
KeAcquireInStackQueuedSpinLock

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nfwfp64.sys
.sys windows:6 windows x64 arch:x64

bf49958382ca6b93c13a5627ef967bcd

Code Sign

33:00:00:00:69:9d:42:c9:76:75:b5:08:82:00:00:00:00:00:69
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/01/2024, 20:09

Not After

10/01/2025, 20:09

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d4:3d:55:ca:b7:cf:f7:d0:d1:1f:bf:6c:f4:dd:ce:84:23:c3:e3:04:d7:0f:c0:3f:fd:0b:78:af:29:a5:22:f9
Signer

Actual PE Digest

d4:3d:55:ca:b7:cf:f7:d0:d1:1f:bf:6c:f4:dd:ce:84:23:c3:e3:04:d7:0f:c0:3f:fd:0b:78:af:29:a5:22:f9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\projects\projectsJ\nfsdk2_1.6\driver_wfp\msvc\Win8ReleaseDemo\x64\netfilter2.pdb

Imports

fwpkclnt.sys

FwpsFreeNetBufferList0

ndis.sys

NdisFreeGenericObject
NdisFreeNetBufferListPool
NdisRetreatNetBufferDataStart
NdisAdvanceNetBufferDataStart
NdisGetDataBuffer
NdisAllocateGenericObject
NdisInitializeEvent
NdisWaitEvent
NdisAllocateNetBufferListPool

ntoskrnl.exe

RtlCompareMemory
KeAcquireInStackQueuedSpinLock
KeReleaseInStackQueuedSpinLock
ExAllocatePoolWithTag
ExUuidCreate
swprintf_s
__C_specific_handler
RtlInitUnicodeString
MmGetSystemRoutineAddress
RtlAppendUnicodeToString
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
ExFreePoolWithTag
ExQueryDepthSList
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
MmBuildMdlForNonPagedPool
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
MmAllocatePagesForMdl
MmFreePagesFromMdl
PsCreateSystemThread
PsTerminateSystemThread
IoAllocateMdl
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoFreeMdl
IoReleaseCancelSpinLock
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
ZwOpenKey
ZwQueryValueKey
PsGetCurrentProcessId
ZwSetInformationThread
RtlLengthSid
RtlCreateAcl
RtlAddAccessAllowedAce
PsLookupProcessByProcessId
ObOpenObjectByPointer
ZwSetSecurityObject
SeExports
RtlGetVersion
RtlValidSid
_stricmp
ZwQuerySystemInformation
KeBugCheckEx

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 602B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nfwfp64_win7.sys
.sys windows:6 windows x64 arch:x64

bf49958382ca6b93c13a5627ef967bcd

Code Sign

01
Certificate

Issuer

CN=Microsoft Authenticode(tm) Root Authority,O=MSFT,C=US

Not Before

01/01/1995, 08:00

Not After

31/12/1999, 23:59

Subject

CN=Microsoft Authenticode(tm) Root Authority,O=MSFT,C=US

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:2d:cc:39:18:5a:9c:0b:9a:4e:98:4b:ba:9b:8e:e3
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

79:ad:16:a1:4a:a0:a5:ad:4c:73:58:f4:07:13:2e:65
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

09/05/2001, 23:19

Not After

09/05/2021, 23:28

Subject

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

72:94:04:10:1f:3e:0c:a3:47:83:7f:ca:17:5a:84:38
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/11/2005, 13:46

Not After

01/11/2025, 13:54

Subject

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

e5:13:ac:35:01:71:71:3d:2c:90:db:64:50:d7:7f:8e:56:b5:2a:21
Signer

Actual PE Digest

e5:13:ac:35:01:71:71:3d:2c:90:db:64:50:d7:7f:8e:56:b5:2a:21

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\projects\projectsJ\nfsdk2_1.6\driver_wfp\msvc\Win8ReleaseDemo\x64\netfilter2.pdb

Imports

fwpkclnt.sys

FwpsFreeNetBufferList0

ndis.sys

NdisFreeGenericObject
NdisFreeNetBufferListPool
NdisRetreatNetBufferDataStart
NdisAdvanceNetBufferDataStart
NdisGetDataBuffer
NdisAllocateGenericObject
NdisInitializeEvent
NdisWaitEvent
NdisAllocateNetBufferListPool

ntoskrnl.exe

RtlCompareMemory
KeAcquireInStackQueuedSpinLock
KeReleaseInStackQueuedSpinLock
ExAllocatePoolWithTag
ExUuidCreate
swprintf_s
__C_specific_handler
RtlInitUnicodeString
MmGetSystemRoutineAddress
RtlAppendUnicodeToString
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
ExFreePoolWithTag
ExQueryDepthSList
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
MmBuildMdlForNonPagedPool
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
MmAllocatePagesForMdl
MmFreePagesFromMdl
PsCreateSystemThread
PsTerminateSystemThread
IoAllocateMdl
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoFreeMdl
IoReleaseCancelSpinLock
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
ZwOpenKey
ZwQueryValueKey
PsGetCurrentProcessId
ZwSetInformationThread
RtlLengthSid
RtlCreateAcl
RtlAddAccessAllowedAce
PsLookupProcessByProcessId
ObOpenObjectByPointer
ZwSetSecurityObject
SeExports
RtlGetVersion
RtlValidSid
_stricmp
ZwQuerySystemInformation
KeBugCheckEx

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nnagent32.dll
.dll windows:5 windows x86 arch:x86

543349eff07ec01705b2884cb9d4fdab

Code Sign

0f:2d:cc:39:18:5a:9c:0b:9a:4e:98:4b:ba:9b:8e:e3
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:2d:8c:51:24:3c:49:35:1a:b9:89:cc:ef:19:b5:29
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

a1:db:4d:c6:c6:72:fe:7a:9c:81:fc:ce:0b:03:32:07:8d:20:03:08:a7:3f:fa:3e:fa:24:97:45:96:ca:8a:c6
Signer

Actual PE Digest

a1:db:4d:c6:c6:72:fe:7a:9c:81:fc:ce:0b:03:32:07:8d:20:03:08:a7:3f:fa:3e:fa:24:97:45:96:ca:8a:c6

Digest Algorithm

sha256

PE Digest Matches

true

39:70:fe:98:60:5f:5a:fa:41:e8:0d:5e:72:bc:b6:ae:20:fa:56:33
Signer

Actual PE Digest

39:70:fe:98:60:5f:5a:fa:41:e8:0d:5e:72:bc:b6:ae:20:fa:56:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\nnagent\Release\nnagent32.pdb

Imports

kernel32

CloseHandle
GetProcAddress
GetLastError
GetModuleFileNameW
lstrcpynW
Sleep
LoadLibraryW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetModuleHandleW
DisableThreadLibraryCalls
lstrcmpA
CreateFileA
VirtualQuery
HeapAlloc
GetCurrentProcess
HeapFree
GetTickCount
WriteFile
InitializeCriticalSection
OpenProcess
WideCharToMultiByte
LeaveCriticalSection
TerminateProcess
ReadFile
CreateFileW
GetACP
MultiByteToWideChar
lstrlenW
SetLastError
EnterCriticalSection
LoadLibraryA
Process32FirstW
ProcessIdToSessionId
Module32FirstW
Process32NextW
lstrcmpiW
GetModuleHandleA
CreateToolhelp32Snapshot
GetFileAttributesExW
Module32NextW
GetCurrentProcessId
lstrcpyW
lstrcpyA
CreateThread
GetWindowsDirectoryW
SetFilePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
GetStdHandle
GetModuleFileNameA
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
VirtualAlloc
HeapSize
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetLocaleInfoW
GetLocaleInfoA
InterlockedExchange
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW

shell32

ShellExecuteA

shlwapi

wvnsprintfW
wnsprintfW
SHGetValueW
SHSetValueW
StrChrA
wnsprintfA
wvnsprintfA
PathFindFileNameW
PathAppendW
PathFileExistsW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

advapi32

CreateProcessAsUserW
OpenProcessToken

Exports

Exports

ShowDeviceRegisterPage

Sections

.text
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
npcap_inst.exe
.exe windows:4 windows x86 arch:x86

16cdca0a54bf8076dc7e57fab55dbc5b

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:25:63:14:06:9e:7e:6a:88:cb:82:30:75:c0:d9:c9
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/05/2020, 00:00

Not After

07/05/2021, 12:00

Subject

SERIALNUMBER=200010310013,CN=Insecure.Com LLC,O=Insecure.Com LLC,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

80:33:52:e4:67:8a:3f:cd:44:36:99:0d:5f:46:e6:18:26:d1:1b:68:37:71:35:be:c6:85:e9:f2:6a:58:12:39
Signer

Actual PE Digest

80:33:52:e4:67:8a:3f:cd:44:36:99:0d:5f:46:e6:18:26:d1:1b:68:37:71:35:be:c6:85:e9:f2:6a:58:12:39

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetShortPathNameA
GetFullPathNameA
MoveFileA
GetLastError
SetCurrentDirectoryA
GetFileAttributesA
SearchPathA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
CompareFileTime
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrcatA
GetSystemDirectoryA
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetTempPathA
GetWindowsDirectoryA
GetProcAddress
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
SetFilePointer
ReadFile
WriteFile
GetPrivateProfileStringA
WritePrivateProfileStringA
MultiByteToWideChar
FreeLibrary
MulDiv
LoadLibraryExA
GetModuleHandleA

user32

GetWindowRect
EnableMenuItem
GetSystemMenu
ScreenToClient
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SystemParametersInfoA
RegisterClassA
EndDialog
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
SetTimer
OpenClipboard
SetWindowTextA
GetDC
LoadImageA
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
SetClipboardData
EmptyClipboard
DestroyWindow
ExitWindowsEx
SetForegroundWindow
PostQuitMessage
CreateDialogParamA

gdi32

SelectObject
SetTextColor
SetBkMode
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegDeleteValueA
SetFileSecurityA
RegOpenKeyExA
RegDeleteKeyA
RegEnumValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_Destroy
ord17
ImageList_AddMasked

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

738dc9bb91549f627cf1953c2000e1d6

Code Sign

ee:6d:f2:fc:b5:4a:8b:58:0c:72:af:81:b4:64:47:1a
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

06/11/2019, 00:00

Not After

05/11/2022, 23:59

Subject

SERIALNUMBER=200010310013,CN=Insecure.Com LLC,O=Insecure.Com LLC,POSTALCODE=98104-2205,STREET=113 Cherry St #1337,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/12/2014, 00:00

Not After

02/12/2029, 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:76:e2:23:e1:ed:ec:62:c9:50:78:71:8d:ac:be:b6:44:0c:6f:27:cb:1c:b7:74:f8:f8:fd:7f:d6:c9:8e:e9
Signer

Actual PE Digest

79:76:e2:23:e1:ed:ec:62:c9:50:78:71:8d:ac:be:b6:44:0c:6f:27:cb:1c:b7:74:f8:f8:fd:7f:d6:c9:8e:e9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentDirectoryA
MultiByteToWideChar
SetCurrentDirectoryA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalAlloc
GlobalUnlock
GlobalLock

user32

GetDlgCtrlID
CloseClipboard
GetClipboardData
MapWindowPoints
LoadCursorA
GetClientRect
SetWindowRgn
LoadIconA
GetWindowLongA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
SetCursor
PtInRect
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
EnableMenuItem
DrawTextA
GetSystemMenu
OpenClipboard
LoadImageA

gdi32

SetTextColor
DeleteObject
CombineRgn
CreateRectRgn
GetDIBits
SelectObject
CreateCompatibleDC
GetObjectA

shell32

SHGetPathFromIDListA
ShellExecuteA
SHBrowseForFolderA
SHGetDesktopFolder

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SimpleSC.dll
.dll windows:4 windows x86 arch:x86

Code Sign

ee:6d:f2:fc:b5:4a:8b:58:0c:72:af:81:b4:64:47:1a
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

06/11/2019, 00:00

Not After

05/11/2022, 23:59

Subject

SERIALNUMBER=200010310013,CN=Insecure.Com LLC,O=Insecure.Com LLC,POSTALCODE=98104-2205,STREET=113 Cherry St #1337,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/12/2014, 00:00

Not After

02/12/2029, 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2a:d4:87:31:b0:61:ac:c3:c0:e4:d7:82:5a:1d:cf:7b:ff:ef:be:b6:0d:27:13:35:99:e8:08:73:09:d8:93:72
Signer

Actual PE Digest

2a:d4:87:31:b0:61:ac:c3:c0:e4:d7:82:5a:1d:cf:7b:ff:ef:be:b6:0d:27:13:35:99:e8:08:73:09:d8:93:72

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

ContinueService
ExistsService
GetErrorMessage
GetServiceBinaryPath
GetServiceDelayedAutoStartInfo
GetServiceDescription
GetServiceDisplayName
GetServiceFailure
GetServiceFailureFlag
GetServiceLogon
GetServiceName
GetServiceStartType
GetServiceStatus
GrantServiceLogonPrivilege
InstallService
PauseService
RemoveService
RemoveServiceLogonPrivilege
RestartService
ServiceIsPaused
ServiceIsRunning
ServiceIsStopped
SetServiceBinaryPath
SetServiceDelayedAutoStartInfo
SetServiceDescription
SetServiceFailure
SetServiceFailureFlag
SetServiceLogon
SetServiceStartType
StartService
StopService

Sections

CODE
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 950B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SysRestore.dll
.dll windows:6 windows x86 arch:x86

85e5ccd224baa6cdcd31e3be33a1d2bc

Code Sign

ee:6d:f2:fc:b5:4a:8b:58:0c:72:af:81:b4:64:47:1a
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

06/11/2019, 00:00

Not After

05/11/2022, 23:59

Subject

SERIALNUMBER=200010310013,CN=Insecure.Com LLC,O=Insecure.Com LLC,POSTALCODE=98104-2205,STREET=113 Cherry St #1337,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/12/2014, 00:00

Not After

02/12/2029, 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:6c:36:9c:20:00:fb:a6:94:a3:d8:76:38:34:5d:e6:bc:5a:a3:f2:1e:c4:f8:19:a2:dd:ee:fd:ce:28:1c:c3
Signer

Actual PE Digest

38:6c:36:9c:20:00:fb:a6:94:a3:d8:76:38:34:5d:e6:bc:5a:a3:f2:1e:c4:f8:19:a2:dd:ee:fd:ce:28:1c:c3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
lstrcpyA
lstrcpynA
GetLastError
SetLastError
GetSystemDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryExW
LocalAlloc
LocalFree
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess

user32

wsprintfA

Exports

Exports

FinishRestorePoint
RemoveRestorePoint
StartRestorePoint
StartUnRestorePoint

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 938B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

f2ac1ab587d5531d5f1bf76c094aef4c

Code Sign

ee:6d:f2:fc:b5:4a:8b:58:0c:72:af:81:b4:64:47:1a
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

06/11/2019, 00:00

Not After

05/11/2022, 23:59

Subject

SERIALNUMBER=200010310013,CN=Insecure.Com LLC,O=Insecure.Com LLC,POSTALCODE=98104-2205,STREET=113 Cherry St #1337,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/12/2014, 00:00

Not After

02/12/2029, 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8d:21:79:58:2a:d2:fd:70:ec:a8:a7:c7:8f:49:cc:9b:25:7e:62:da:77:d9:ad:e7:bd:7a:a0:3b:cb:7f:80:9f
Signer

Actual PE Digest

8d:21:79:58:2a:d2:fd:70:ec:a8:a7:c7:8f:49:cc:9b:25:7e:62:da:77:d9:ad:e7:bd:7a:a0:3b:cb:7f:80:9f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
GlobalAlloc
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 510B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/final.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

8abe046ef411de4d3e6e831b6b1ee264

Code Sign

ee:6d:f2:fc:b5:4a:8b:58:0c:72:af:81:b4:64:47:1a
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

06/11/2019, 00:00

Not After

05/11/2022, 23:59

Subject

SERIALNUMBER=200010310013,CN=Insecure.Com LLC,O=Insecure.Com LLC,POSTALCODE=98104-2205,STREET=113 Cherry St #1337,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/12/2014, 00:00

Not After

02/12/2029, 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

dd:bf:5f:d2:36:3b:47:5b:3a:ce:58:90:e6:4e:cd:27:2b:ad:86:df:1a:59:1e:2c:37:11:61:51:6c:28:64:04
Signer

Actual PE Digest

dd:bf:5f:d2:36:3b:47:5b:3a:ce:58:90:e6:4e:cd:27:2b:ad:86:df:1a:59:1e:2c:37:11:61:51:6c:28:64:04

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
Sleep
TerminateProcess
lstrcpyA
lstrcpynA
GlobalReAlloc
GetExitCodeProcess
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
GetProcAddress
GetModuleHandleA
lstrcmpiA
lstrlenA
GetCurrentProcess
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
DeleteFileA
GlobalLock
lstrcatA

user32

SendMessageA
OemToCharBuffA
FindWindowExA
CharNextA
wsprintfA
CharPrevA

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 410B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/options.ini
DiagReport.bat
.bat .vbs
DiagReport.ps1
FixInstall.bat
LICENSE
NpcapHelper.exe
.exe windows:6 windows x86 arch:x86

56a29ee32c45f19895b1e6f87646a0ba

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:25:63:14:06:9e:7e:6a:88:cb:82:30:75:c0:d9:c9
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/05/2020, 00:00

Not After

07/05/2021, 12:00

Subject

SERIALNUMBER=200010310013,CN=Insecure.Com LLC,O=Insecure.Com LLC,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:64:ca:9d:a5:ab:ef:f1:c6:1f:23:ce:ce:b6:18:b0:1a:31:2a:53:77:49:3e:ec:e2:c3:de:5c:4a:03:49:26
Signer

Actual PE Digest

79:64:ca:9d:a5:ab:ef:f1:c6:1f:23:ce:ce:b6:18:b0:1a:31:2a:53:77:49:3e:ec:e2:c3:de:5c:4a:03:49:26

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\nmap\Source\Repos\npcap\packetWin7\vs14\Release\NpcapHelper.pdb

Imports

kernel32

GetLastError
CreateFileA
CloseHandle
CreateThread
OpenProcess
GetProcessHeap
ConnectNamedPipe
FlushFileBuffers
CreateFileW
DisconnectNamedPipe
DuplicateHandle
TerminateProcess
WriteFile
GetCurrentProcess
HeapFree
CreateNamedPipeA
HeapAlloc
ReadFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
GetStdHandle
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
CompareStringW
LCMapStringW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
HeapSize
HeapReAlloc
GetConsoleOutputCP
DecodePointer
WriteConsoleW

advapi32

IsValidSid
OpenProcessToken
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
AddAccessAllowedAce
GetTokenInformation
SetSecurityDescriptorDacl

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Packet.dll
.dll windows:6 windows x86 arch:x86

c32f23f62c3e927bb603b2fec6e876ed

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:25:63:14:06:9e:7e:6a:88:cb:82:30:75:c0:d9:c9
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/05/2020, 00:00

Not After

07/05/2021, 12:00

Subject

SERIALNUMBER=200010310013,CN=Insecure.Com LLC,O=Insecure.Com LLC,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bd:11:9e:5a:4c:81:db:77:d5:ca:e0:28:bf:5a:01:a7:7a:12:85:75:5a:89:90:ae:b7:25:e7:91:06:ac:90:6f
Signer

Actual PE Digest

bd:11:9e:5a:4c:81:db:77:d5:ca:e0:28:bf:5a:01:a7:7a:12:85:75:5a:89:90:ae:b7:25:e7:91:06:ac:90:6f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\nmap\Source\Repos\npcap\packetWin7\vs14\Release\Packet.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

inet_pton
InetPtonW

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo

kernel32

GlobalReAlloc
InitializeCriticalSectionEx
GetLastError
RaiseException
DecodePointer
DeleteCriticalSection
ReadFile
GetModuleFileNameA
SetNamedPipeHandleState
SetLastError
GetFullPathNameW
WriteFile
DeviceIoControl
GetModuleFileNameW
CreateMutexW
GlobalAlloc
CreateEventW
MultiByteToWideChar
GlobalLock
CreateFileA
SetEvent
QueryPerformanceFrequency
CloseHandle
LoadLibraryW
GetProcAddress
GetCurrentProcessId
FreeLibrary
WideCharToMultiByte
QueryPerformanceCounter
ReleaseMutex
WaitForSingleObject
GlobalHandle
GlobalUnlock
Sleep
GlobalFree
GetConsoleOutputCP
GetConsoleMode
GetProcessHeap
CreateFileW
HeapSize
WriteConsoleW
GetSystemDirectoryW
LCMapStringW
FlushFileBuffers
SetStdHandle
GetStringTypeW
SetFilePointerEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
InterlockedFlushSList
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc

advapi32

QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
AllocateAndInitializeSid
ControlService
FreeSid
StartServiceW
CheckTokenMembership
RegOpenKeyExA
OpenServiceA
RegCloseKey
RegEnumKeyW
RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW

shell32

ShellExecuteExA

shlwapi

PathFileExistsA

Exports

Exports

PacketAllocatePacket
PacketCloseAdapter
PacketFreePacket
PacketGetAdapterNames
PacketGetAirPcapHandle
PacketGetDriverName
PacketGetDriverVersion
PacketGetMonitorMode
PacketGetNetInfoEx
PacketGetNetType
PacketGetReadEvent
PacketGetStats
PacketGetStatsEx
PacketGetTimestampModes
PacketGetVersion
PacketInitPacket
PacketIsDumpEnded
PacketIsLoopbackAdapter
PacketIsMonitorModeSupported
PacketLibraryVersion
PacketOpenAdapter
PacketReceivePacket
PacketRequest
PacketSendPacket
PacketSendPackets
PacketSetBpf
PacketSetBuff
PacketSetDumpLimits
PacketSetDumpName
PacketSetHwFilter
PacketSetLoopbackBehavior
PacketSetMinToCopy
PacketSetMode
PacketSetMonitorMode
PacketSetNumWrites
PacketSetReadTimeout
PacketSetSnapLen
PacketSetTimestampMode
PacketStopDriver

Sections

.text
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WlanHelper.exe
.exe windows:6 windows x86 arch:x86

f80d7719c04f12a0b7416e5c7e5c32e0

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:25:63:14:06:9e:7e:6a:88:cb:82:30:75:c0:d9:c9
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/05/2020, 00:00

Not After

07/05/2021, 12:00

Subject

SERIALNUMBER=200010310013,CN=Insecure.Com LLC,O=Insecure.Com LLC,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

25:76:0c:c0:ac:80:0f:9e:5a:d3:1e:59:bc:bd:b0:8d:46:f8:a6:3e:2c:72:85:37:19:68:73:c6:32:33:03:02
Signer

Actual PE Digest

25:76:0c:c0:ac:80:0f:9e:5a:d3:1e:59:bc:bd:b0:8d:46:f8:a6:3e:2c:72:85:37:19:68:73:c6:32:33:03:02

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\nmap\Source\Repos\npcap\packetWin7\vs14\Release\WlanHelper.pdb

Imports

rpcrt4

RpcStringFreeW
UuidToStringW

wlanapi

WlanFreeMemory
WlanEnumInterfaces
WlanQueryInterface
WlanOpenHandle
WlanSetInterface
WlanCloseHandle

kernel32

GetStdHandle
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
GlobalHandle
FormatMessageW
GetLastError
GlobalAlloc
GlobalFree
LoadLibraryW
GetProcAddress
GlobalLock
LocalFree
FreeLibrary
WideCharToMultiByte
GlobalUnlock
UnhandledExceptionFilter
ReadConsoleW
SetConsoleTitleW
IsProcessorFeaturePresent
IsDebuggerPresent

msvcp140

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

vcruntime140

__current_exception
__current_exception_context
_except_handler4_common
__std_exception_copy
__std_exception_destroy
memcpy
_CxxThrowException
__CxxFrameHandler3
memset
memmove

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__stdio_common_vsprintf_s
__acrt_iob_func
_pclose
__stdio_common_vswprintf_s
feof
fgetws
_wpopen
__p__commode
__stdio_common_vfwprintf
__stdio_common_vswscanf
_putws

api-ms-win-crt-convert-l1-1-0

_wtoi
_itow_s

api-ms-win-crt-string-l1-1-0

tolower

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_crt_atexit
_invalid_parameter_noinfo_noreturn
_seh_filter_exe
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_initterm
_initterm_e
exit
_exit
_set_app_type
__p___argc
_controlfp_s
_c_exit
_register_thread_local_exe_atexit_callback
_wsystem
_cexit
terminate
__p___wargv

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
npcap.cat
npcap.inf
npcap.sys
.sys windows:10 windows x86 arch:x86

ad78d21533b3b7883dfc743e073ef782

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:25:63:14:06:9e:7e:6a:88:cb:82:30:75:c0:d9:c9
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/05/2020, 00:00

Not After

07/05/2021, 12:00

Subject

SERIALNUMBER=200010310013,CN=Insecure.Com LLC,O=Insecure.Com LLC,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:3a:6a:e3:33:70:8f:da:7a:7b:00:00:00:00:00:3a
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/03/2020, 17:31

Not After

05/03/2021, 17:31

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f6:dd:7b:72:24:ec:c0:8d:43:fd:b3:1d:9c:4d:f9:e0:88:d8:92:83:01:dc:8b:89:29:81:77:4a:94:81:8a:ea
Signer

Actual PE Digest

f6:dd:7b:72:24:ec:c0:8d:43:fd:b3:1d:9c:4d:f9:e0:88:d8:92:83:01:dc:8b:89:29:81:77:4a:94:81:8a:ea

Digest Algorithm

sha256

PE Digest Matches

true

f6:dd:7b:72:24:ec:c0:8d:43:fd:b3:1d:9c:4d:f9:e0:88:d8:92:83:01:dc:8b:89:29:81:77:4a:94:81:8a:ea
Signer

Actual PE Digest

f6:dd:7b:72:24:ec:c0:8d:43:fd:b3:1d:9c:4d:f9:e0:88:d8:92:83:01:dc:8b:89:29:81:77:4a:94:81:8a:ea

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\nmap\Source\Repos\npcap\packetWin7\vs14\Win10 Release\npcap.pdb

Imports

ntoskrnl.exe

RtlSetDaclSecurityDescriptor
memcpy
IoDeviceObjectType
ZwSetValueKey
ZwCreateKey
RtlFreeUnicodeString
ZwSetSecurityObject
RtlUnwind
_allmul
MmBuildMdlForNonPagedPool
ExfInterlockedInsertTailList
KeClearEvent
ExfInterlockedRemoveHeadList
ExfInterlockedInsertHeadList
ZwOpenKey
InterlockedPopEntrySList
KeResetEvent
ZwClose
IoCreateSymbolicLink
ExEventObjectType
ExInitializeLookasideListEx
KeQuerySystemTime
IoIsWdmVersionAvailable
MmGetSystemRoutineAddress
RtlGetVersion
ObReferenceObjectByHandle
IoDeleteSymbolicLink
RtlCopyUnicodeString
IoDeleteDevice
RtlInitUnicodeString
RtlCheckRegistryKey
RtlAppendUnicodeStringToString
ExDeleteLookasideListEx
KeDelayExecutionThread
RtlCompareMemory
InterlockedPushEntrySList
IofCompleteRequest
ExFreePoolWithTag
KefAcquireSpinLockAtDpcLevel
ExAllocatePoolWithTag
KefReleaseSpinLockFromDpcLevel
KeInitializeSpinLock
ObfDereferenceObject
RtlAppendUnicodeToString
IoGetRequestorProcessId
RtlLengthSid
RtlAddAccessAllowedAce
RtlAbsoluteToSelfRelativeSD
wcschr
_wcsnicmp
RtlCreateSecurityDescriptor
SeExports
RtlLengthSecurityDescriptor
_snwprintf
SeCaptureSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetDaclSecurityDescriptor
ObOpenObjectByPointer
ZwQueryValueKey
IoCreateDevice
KeWaitForSingleObject
KeInitializeEvent
IoAllocateIrp
IoFreeIrp
KeSetEvent
MmProbeAndLockPages
MmUnlockPages
memset
MmMapLockedPagesSpecifyCache
_alldiv
_allrem

ndis.sys

NdisInitializeEvent
NdisFreeNetBufferList
NdisRetreatNetBufferListDataStart
NdisFreeMdl
NdisAllocateMdl
NdisFSendNetBufferListsComplete
NdisFIndicateReceiveNetBufferLists
NdisFSendNetBufferLists
NdisFDeregisterFilterDriver
NdisFRegisterFilterDriver
NdisFIndicateStatus
NdisReleaseRWLock
NdisFreeNetBufferListPool
NdisAcquireRWLockRead
NdisAcquireRWLockWrite
NdisSetEvent
NdisWaitEvent
NdisFCancelOidRequest
NdisFOidRequest
NdisFreeRWLock
NdisFOidRequestComplete
NdisAdvanceNetBufferListDataStart
NdisFCancelSendNetBufferLists
NdisFDevicePnPEventNotify
NdisResetEvent
NdisAllocateNetBufferListPool
NdisAllocateCloneOidRequest
NdisFNetPnPEvent
NdisAllocateRWLock
NdisFReturnNetBufferLists
NdisFSetAttributes
NdisFreeCloneOidRequest
NdisFreeNetBuffer
NdisAllocateMemoryWithTagPriority
NdisFreeMemory
NdisAllocateNetBuffer
NdisGetDataBuffer
NdisAllocateNetBufferAndNetBufferList

fwpkclnt.sys

FwpsAllocateCloneNetBufferList0
FwpmEngineClose0
FwpmFilterAdd0
FwpmCalloutAdd0
FwpsFreeCloneNetBufferList0
FwpsCalloutRegister2
FwpmTransactionAbort0
FwpmTransactionBegin0
FwpsInjectionHandleCreate0
FwpmEngineOpen0
FwpsInjectNetworkSendAsync0
FwpsInjectionHandleDestroy0
FwpmSubLayerAdd0
FwpmTransactionCommit0
FwpsQueryPacketInjectionState0
FwpsCalloutUnregisterById0

netio.sys

WskCaptureProviderNPI
WskReleaseProviderNPI
WskDeregister
WskRegister

hal

KeQueryPerformanceCounter
KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wpcap.dll
.dll windows:6 windows x86 arch:x86

0eea9165117f4b0b41ada88aaa4d34ad

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:25:63:14:06:9e:7e:6a:88:cb:82:30:75:c0:d9:c9
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/05/2020, 00:00

Not After

07/05/2021, 12:00

Subject

SERIALNUMBER=200010310013,CN=Insecure.Com LLC,O=Insecure.Com LLC,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5a:31:ad:38:ad:de:88:9e:db:45:85:ac:df:86:32:40:f0:69:a2:da:c5:1f:3f:9d:83:77:80:6d:7f:3f:11:ad
Signer

Actual PE Digest

5a:31:ad:38:ad:de:88:9e:db:45:85:ac:df:86:32:40:f0:69:a2:da:c5:1f:3f:9d:83:77:80:6d:7f:3f:11:ad

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\nmap\Source\Repos\npcap\wpcap\build-win32\run\Release\wpcap.pdb

Imports

packet

PacketSetMinToCopy
PacketCloseAdapter
PacketIsDumpEnded
PacketSetDumpLimits
PacketSetDumpName
PacketGetReadEvent
PacketRequest
PacketGetNetInfoEx
PacketGetAdapterNames
PacketSetHwFilter
PacketReceivePacket
PacketInitPacket
PacketSendPackets
PacketSendPacket
PacketOpenAdapter
PacketGetMonitorMode
PacketSetMonitorMode
PacketIsMonitorModeSupported
PacketIsLoopbackAdapter
PacketGetNetType
PacketSetBuff
PacketGetStatsEx
PacketGetStats
PacketSetLoopbackBehavior
PacketSetBpf
PacketSetReadTimeout
PacketSetMode
PacketGetVersion

ws2_32

ntohl
socket
shutdown
send
recv
listen
connect
bind
getnameinfo
getaddrinfo
setsockopt
select
getsockopt
getsockname
getpeername
closesocket
accept
WSACleanup
WSAStartup
WSAGetLastError
WSASetLastError
getprotobyname
getservbyname
getservbyport
gethostbyname
gethostbyaddr
inet_ntoa
inet_addr
htons
freeaddrinfo
htonl
ntohs

kernel32

GetCurrentProcess
WriteConsoleW
SetEndOfFile
HeapSize
CreateFileW
GetStringTypeW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetFileSizeEx
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
ReadConsoleW
GetConsoleMode
WriteFile
SetFilePointerEx
GetStdHandle
LCMapStringW
HeapFree
HeapAlloc
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
ReadFile
GetFileType
SetStdHandle
CloseHandle
RaiseException
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
RtlUnwind
FormatMessageA
GetSystemDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
GetLastError
GetVersion
FindClose
FindFirstFileA
FindNextFileA
InterlockedFlushSList
UnhandledExceptionFilter
SetUnhandledExceptionFilter
DecodePointer
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead

Exports

Exports

bpf_dump
bpf_filter
bpf_image
bpf_validate
eproto_db
pcap_activate
pcap_breakloop
pcap_bufsize
pcap_can_set_rfmon
pcap_close
pcap_compile
pcap_compile_nopcap
pcap_create
pcap_createsrcstr
pcap_datalink
pcap_datalink_ext
pcap_datalink_name_to_val
pcap_datalink_val_to_description
pcap_datalink_val_to_description_or_dlt
pcap_datalink_val_to_name
pcap_dispatch
pcap_dump
pcap_dump_close
pcap_dump_file
pcap_dump_flush
pcap_dump_ftell
pcap_dump_ftell64
pcap_dump_hopen
pcap_dump_open
pcap_dump_open_append
pcap_ether_aton
pcap_ether_hostton
pcap_file
pcap_fileno
pcap_findalldevs
pcap_findalldevs_ex
pcap_free_datalinks
pcap_free_tstamp_types
pcap_freealldevs
pcap_freecode
pcap_get_airpcap_handle
pcap_get_tstamp_precision
pcap_geterr
pcap_getevent
pcap_getnonblock
pcap_hopen_offline
pcap_hopen_offline_with_tstamp_precision
pcap_inject
pcap_is_swapped
pcap_lib_version
pcap_list_datalinks
pcap_list_tstamp_types
pcap_live_dump
pcap_live_dump_ended
pcap_lookupdev
pcap_lookupnet
pcap_loop
pcap_major_version
pcap_minor_version
pcap_nametoaddr
pcap_nametoaddrinfo
pcap_nametoeproto
pcap_nametollc
pcap_nametonetaddr
pcap_nametoport
pcap_nametoportrange
pcap_nametoproto
pcap_next
pcap_next_etherent
pcap_next_ex
pcap_offline_filter
pcap_oid_get_request
pcap_oid_set_request
pcap_open
pcap_open_dead
pcap_open_dead_with_tstamp_precision
pcap_open_live
pcap_open_offline
pcap_open_offline_with_tstamp_precision
pcap_parsesrcstr
pcap_perror
pcap_remoteact_accept
pcap_remoteact_cleanup
pcap_remoteact_close
pcap_remoteact_list
pcap_sendpacket
pcap_sendqueue_alloc
pcap_sendqueue_destroy
pcap_sendqueue_queue
pcap_sendqueue_transmit
pcap_set_buffer_size
pcap_set_datalink
pcap_set_immediate_mode
pcap_set_promisc
pcap_set_rfmon
pcap_set_snaplen
pcap_set_timeout
pcap_set_tstamp_precision
pcap_set_tstamp_type
pcap_setbuff
pcap_setdirection
pcap_setfilter
pcap_setmintocopy
pcap_setmode
pcap_setnonblock
pcap_setsampling
pcap_setuserbuffer
pcap_snapshot
pcap_stats
pcap_stats_ex
pcap_statustostr
pcap_strerror
pcap_tstamp_type_name_to_val
pcap_tstamp_type_val_to_description
pcap_tstamp_type_val_to_name
pcap_version
pcap_wsockinit

Sections

.text
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
odipus32.dll
.dll windows:5 windows x86 arch:x86

5ed426d4b20b5aa1f88de17e82ce524b

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

40:11:d8:38:73:29:b5:f1:b6:05:58:a5:1a:62:bc:ee:a5:6c:19:93:c3:63:2a:e3:f6:5b:7c:d3:3c:4d:ed:be
Signer

Actual PE Digest

40:11:d8:38:73:29:b5:f1:b6:05:58:a5:1a:62:bc:ee:a5:6c:19:93:c3:63:2a:e3:f6:5b:7c:d3:3c:4d:ed:be

Digest Algorithm

sha256

PE Digest Matches

true

58:3a:55:5d:3d:5c:b3:5b:2e:17:a7:a9:c1:b6:54:7f:bc:b1:3e:15
Signer

Actual PE Digest

58:3a:55:5d:3d:5c:b3:5b:2e:17:a7:a9:c1:b6:54:7f:bc:b1:3e:15

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\odipus\Release\odipus32.pdb

Imports

kernel32

FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
GetModuleHandleA
LoadLibraryA
GetProcAddress
CreateEventW
GetExitCodeThread
SetEvent
SystemTimeToFileTime
SetLocalTime
lstrlenA
CreateThread
GetComputerNameW
DisableThreadLibraryCalls
lstrcmpA
GetVersionExW
GetWindowsDirectoryW
GetDiskFreeSpaceExW
GetLocalTime
SetLastError
GetLastError
GetTempPathW
GetExitCodeProcess
OutputDebugStringW
GetLogicalDrives
WaitForSingleObject
GetDriveTypeW
Sleep
lstrcmpiW
DeleteFileW
SetFilePointer
lstrcpyA
lstrcpyW
LocalFree
Module32NextW
OpenEventW
CreateToolhelp32Snapshot
Process32NextW
Module32FirstW
DeviceIoControl
ProcessIdToSessionId
Process32FirstW
CloseHandle
CreateFileW
ReadFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
HeapReAlloc
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSize
ExitProcess
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoW
GetLocaleInfoA
InterlockedExchange
InitializeCriticalSectionAndSpinCount
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
GetTempFileNameW
CreateFileA
VirtualQuery
lstrcpynA
CreateProcessW
GetDriveTypeA
InitializeCriticalSection
OpenProcess
lstrcpynW
GetFileAttributesW
GetModuleFileNameW
lstrlenW
WriteConsoleW

user32

SendMessageTimeoutW
CloseWindow
GetForegroundWindow
GetWindowTextW
PostMessageW
FindWindowW
GetClassNameW
IsWindow

ole32

CoCreateGuid
CoCreateInstance
CoInitialize
CLSIDFromString

oleaut32

VariantInit
VariantClear
SysFreeString

iphlpapi

GetAdaptersInfo

oleacc

AccessibleObjectFromWindow
GetStateTextA
AccessibleChildren
GetRoleTextW

netapi32

NetUserSetInfo
NetUserEnum
NetApiBufferFree

shlwapi

StrCatW
wvnsprintfA
wnsprintfA
StrChrA
SHSetValueW
SHDeleteValueW
PathFileExistsW
PathAppendW
StrStrW
StrStrIW
SHDeleteKeyW
wvnsprintfW
PathIsDirectoryW
PathFindFileNameW
PathRemoveFileSpecW
StrChrW
wnsprintfW
SHGetValueW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

advapi32

GetUserNameW
CloseServiceHandle
OpenProcessToken
OpenSCManagerW
OpenServiceW
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
QueryServiceStatus
SetFileSecurityW
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
ControlService

shell32

ord165

Sections

.text
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
odipus64.dll
.dll windows:5 windows x64 arch:x64

30c2f15858daa0e4e286678bbd6f0821

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8d:de:f1:72:21:d4:1d:2a:46:b1:12:ca:37:e0:53:d7:15:0e:34:78:2a:b2:94:4e:60:17:d7:14:27:a6:98:0d
Signer

Actual PE Digest

8d:de:f1:72:21:d4:1d:2a:46:b1:12:ca:37:e0:53:d7:15:0e:34:78:2a:b2:94:4e:60:17:d7:14:27:a6:98:0d

Digest Algorithm

sha256

PE Digest Matches

true

ee:f7:e5:92:d6:40:5c:2b:8d:1e:fd:fd:13:73:eb:e3:f4:19:63:cd
Signer

Actual PE Digest

ee:f7:e5:92:d6:40:5c:2b:8d:1e:fd:fd:13:73:eb:e3:f4:19:63:cd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\odipus\Release\odipus64.pdb

Imports

kernel32

SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WriteConsoleA
GetConsoleOutputCP
GetModuleHandleA
LoadLibraryA
GetProcAddress
CreateEventW
GetExitCodeThread
SetEvent
SystemTimeToFileTime
SetLocalTime
lstrlenA
CreateThread
GetComputerNameW
DisableThreadLibraryCalls
lstrcmpA
GetVersionExW
GetWindowsDirectoryW
GetDiskFreeSpaceExW
GetLocalTime
SetLastError
GetLastError
GetTempPathW
GetExitCodeProcess
OutputDebugStringW
GetLogicalDrives
WaitForSingleObject
GetDriveTypeW
Sleep
lstrcmpiW
DeleteFileW
SetFilePointer
lstrcpyA
lstrcpyW
LocalFree
Module32NextW
OpenEventW
CreateToolhelp32Snapshot
Process32NextW
Module32FirstW
DeviceIoControl
ProcessIdToSessionId
Process32FirstW
CloseHandle
CreateFileW
ReadFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapFree
HeapAlloc
HeapReAlloc
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSize
GetModuleHandleW
ExitProcess
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoW
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
GetTempFileNameW
CreateFileA
VirtualQuery
lstrcpynA
CreateProcessW
GetDriveTypeA
InitializeCriticalSection
OpenProcess
lstrcpynW
GetFileAttributesW
GetModuleFileNameW
lstrlenW
WriteConsoleW

user32

SendMessageTimeoutW
GetForegroundWindow
GetWindowTextW
PostMessageW
FindWindowW
GetClassNameW
IsWindow
CloseWindow

ole32

CoCreateGuid
CoCreateInstance
CoInitialize
CLSIDFromString

oleaut32

VariantInit
VariantClear
SysFreeString

iphlpapi

GetAdaptersInfo

oleacc

AccessibleObjectFromWindow
GetStateTextA
AccessibleChildren
GetRoleTextW

netapi32

NetUserSetInfo
NetUserEnum
NetApiBufferFree

shlwapi

StrCatW
wvnsprintfA
wnsprintfA
StrChrA
SHSetValueW
SHDeleteValueW
PathFileExistsW
PathAppendW
StrStrW
StrStrIW
SHDeleteKeyW
wvnsprintfW
PathIsDirectoryW
PathFindFileNameW
PathRemoveFileSpecW
StrChrW
SHGetValueW
wnsprintfW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

advapi32

GetUserNameW
CloseServiceHandle
OpenProcessToken
OpenSCManagerW
OpenServiceW
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
QueryServiceStatus
SetFileSecurityW
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
ControlService

shell32

ord165

Sections

.text
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
patch32.dll
.dll windows:5 windows x86 arch:x86

efa114d0f32f7936fe8ae8498511d936

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3b:ad:5f:a5:09:60:bc:a3:ad:95:bf:6f:7a:a7:8c:cc:93:da:05:87:dc:57:a2:e7:20:3e:35:89:7c:26:e5:47
Signer

Actual PE Digest

3b:ad:5f:a5:09:60:bc:a3:ad:95:bf:6f:7a:a7:8c:cc:93:da:05:87:dc:57:a2:e7:20:3e:35:89:7c:26:e5:47

Digest Algorithm

sha256

PE Digest Matches

true

40:30:ac:b5:80:42:62:1e:dd:22:a5:85:bb:db:94:7e:39:ff:74:82
Signer

Actual PE Digest

40:30:ac:b5:80:42:62:1e:dd:22:a5:85:bb:db:94:7e:39:ff:74:82

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\patch\Release\patch32.pdb

Imports

kernel32

GetModuleFileNameW
MultiByteToWideChar
RaiseException
VerifyVersionInfoW
GetProcAddress
FindClose
GetLocalTime
LockResource
GetModuleHandleA
FindNextFileW
SetFileAttributesW
ExpandEnvironmentStringsW
GetSystemDirectoryW
lstrcpynW
lstrcatW
GetWindowsDirectoryW
lstrcpynA
OutputDebugStringW
lstrcmpiW
GetFileAttributesExW
lstrcpyW
GetVersionExW
SizeofResource
LoadLibraryW
WideCharToMultiByte
GetCurrentProcess
VerSetConditionMask
LoadResource
FindResourceW
FindResourceExW
GetSystemDefaultUILanguage
FindFirstFileW
InterlockedDecrement
LocalFree
FileTimeToLocalFileTime
LocalAlloc
FileTimeToSystemTime
lstrlenW
WriteFile
DisableThreadLibraryCalls
lstrlenA
lstrcmpA
CreateThread
GetCurrentProcessId
DeleteFileW
CloseHandle
DeleteCriticalSection
CreateEventW
EnterCriticalSection
GetLastError
GetTempPathW
CreateFileW
ReadFile
GetFileAttributesW
GetExitCodeProcess
LeaveCriticalSection
Sleep
InitializeCriticalSection
GetTickCount
SetEvent
MoveFileExW
lstrcpyA
Module32NextW
OpenEventW
CreateToolhelp32Snapshot
Module32FirstW
RemoveDirectoryW
GetCurrentDirectoryW
lstrcmpW
VirtualQuery
GetTempFileNameW
GetProcessHeap
SetEndOfFile
CreateFileA
GetLocaleInfoW
LoadLibraryA
SetStdHandle
WaitForSingleObject
SetFilePointer
GetFileSize
InterlockedIncrement
InterlockedExchange
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapReAlloc
GetCurrentThreadId
GetCommandLineA
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

advapi32

GetUserNameW
RegEnumValueW
RegQueryValueExW
RegEnumKeyW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW

shell32

ord165
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoSetProxyBlanket
CoCreateGuid
CoTaskMemFree
CoUninitialize
CoInitializeSecurity
CoInitializeEx

oleaut32

SafeArrayGetUBound
SysAllocString
SafeArrayGetLBound
VariantClear
SafeArrayDestroy
VariantInit
VariantChangeType
SafeArrayGetElement
SysFreeString

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WinVerifyTrust
WTHelperGetProvSignerFromChain

crypt32

CertGetNameStringW

shlwapi

StrRChrW
StrCatW
wvnsprintfA
wnsprintfA
StrChrA
StrChrW
wvnsprintfW
PathRemoveExtensionW
PathFindFileNameA
StrNCatW
PathStripToRootW
PathAddBackslashW
SHSetValueW
SHGetValueW
SHEnumValueW
PathRemoveFileSpecW
PathIsDirectoryW
SHEnumKeyExW
StrCatBuffW
StrStrIW
PathFindFileNameW
PathAppendW
wnsprintfW
PathFileExistsW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Exports

Exports

GetPatchInfos
GetUninstalledPatchDescJson

Sections

.text
Size: 462KB - Virtual size: 462KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
patch64.dll
.dll windows:5 windows x64 arch:x64

d670fff5a8f3446183db90db22cb773f

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:b6:f7:70:ef:d4:a4:71:bf:39:cb:a9:58:a0:1c:28:db:56:5b:f4:1e:de:53:0b:9b:e4:08:98:d1:81:11:97
Signer

Actual PE Digest

03:b6:f7:70:ef:d4:a4:71:bf:39:cb:a9:58:a0:1c:28:db:56:5b:f4:1e:de:53:0b:9b:e4:08:98:d1:81:11:97

Digest Algorithm

sha256

PE Digest Matches

true

8e:e1:84:9a:a2:9c:fa:07:11:50:5d:16:e2:fe:29:e8:75:ae:fd:8e
Signer

Actual PE Digest

8e:e1:84:9a:a2:9c:fa:07:11:50:5d:16:e2:fe:29:e8:75:ae:fd:8e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\patch\Release\patch64.pdb

Imports

kernel32

MultiByteToWideChar
RaiseException
VerifyVersionInfoW
GetProcAddress
FindClose
GetLocalTime
LockResource
GetModuleHandleA
FindNextFileW
SetFileAttributesW
ExpandEnvironmentStringsW
GetSystemDirectoryW
lstrcpynW
lstrcatW
GetWindowsDirectoryW
lstrcpynA
OutputDebugStringW
lstrcmpiW
GetFileAttributesExW
lstrcpyW
GetModuleFileNameW
GetVersionExW
SizeofResource
LoadLibraryW
WideCharToMultiByte
GetCurrentProcess
VerSetConditionMask
LoadResource
FindResourceW
FindResourceExW
GetSystemDefaultUILanguage
FindFirstFileW
LocalFree
FileTimeToLocalFileTime
LocalAlloc
FileTimeToSystemTime
lstrlenW
WriteFile
DisableThreadLibraryCalls
lstrlenA
lstrcmpA
CreateThread
GetCurrentProcessId
DeleteFileW
CloseHandle
DeleteCriticalSection
CreateEventW
EnterCriticalSection
GetLastError
GetTempPathW
CreateFileW
ReadFile
GetFileAttributesW
GetExitCodeProcess
LeaveCriticalSection
Sleep
InitializeCriticalSection
GetTickCount
SetEvent
MoveFileExW
lstrcpyA
Module32NextW
OpenEventW
CreateToolhelp32Snapshot
Module32FirstW
RemoveDirectoryW
GetCurrentDirectoryW
lstrcmpW
VirtualQuery
GetTempFileNameW
GetProcessHeap
SetEndOfFile
CreateFileA
GetLocaleInfoW
LoadLibraryA
SetStdHandle
WaitForSingleObject
SetFilePointer
GetFileSize
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapAlloc
HeapReAlloc
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlPcToFileHeader
RtlUnwindEx
LCMapStringA
LCMapStringW
GetCPInfo
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
HeapSetInformation
HeapCreate
HeapDestroy
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
GetModuleHandleW
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

advapi32

GetUserNameW
RegEnumValueW
RegQueryValueExW
RegEnumKeyW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW

shell32

ord165
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoSetProxyBlanket
CoCreateGuid
CoTaskMemFree
CoUninitialize
CoInitializeSecurity
CoInitializeEx

oleaut32

SafeArrayGetUBound
SysAllocString
SafeArrayGetLBound
VariantClear
SafeArrayDestroy
VariantInit
VariantChangeType
SafeArrayGetElement
SysFreeString

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WinVerifyTrust
WTHelperGetProvSignerFromChain

crypt32

CertGetNameStringW

shlwapi

StrRChrW
StrCatW
wvnsprintfA
wnsprintfA
StrChrA
StrChrW
wvnsprintfW
PathRemoveExtensionW
PathFindFileNameA
StrNCatW
PathStripToRootW
PathAddBackslashW
SHSetValueW
SHGetValueW
SHEnumValueW
PathRemoveFileSpecW
PathIsDirectoryW
SHEnumKeyExW
StrCatBuffW
StrStrIW
PathFindFileNameW
PathAppendW
wnsprintfW
PathFileExistsW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Exports

Exports

GetPatchInfos
GetUninstalledPatchDescJson

Sections

.text
Size: 599KB - Virtual size: 599KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pobus32.exe
.exe windows:5 windows x86 arch:x86

6c34ba3604ed125364fad455e6422283

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

de:76:fa:b2:af:b3:f6:3f:f7:54:e4:97:03:b7:b6:33:05:b7:50:65:3d:4f:e0:f5:92:82:82:06:24:92:d3:14
Signer

Actual PE Digest

de:76:fa:b2:af:b3:f6:3f:f7:54:e4:97:03:b7:b6:33:05:b7:50:65:3d:4f:e0:f5:92:82:82:06:24:92:d3:14

Digest Algorithm

sha256

PE Digest Matches

true

30:ad:b4:dc:8f:05:78:6c:a5:d0:8c:fe:5c:d8:bc:18:61:39:00:1d
Signer

Actual PE Digest

30:ad:b4:dc:8f:05:78:6c:a5:d0:8c:fe:5c:d8:bc:18:61:39:00:1d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\po\trunk\modules\pohost\Release\pobus32.pdb

Imports

kernel32

WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCurrentThread
CreateThread
OutputDebugStringA
SetLastError
GetFileAttributesExW
ResetEvent
GetTickCount
LocalFree
SetProcessShutdownParameters
LocalAlloc
OutputDebugStringW
MoveFileExW
lstrcpynA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
ExitThread
PeekNamedPipe
GetFileInformationByHandle
SetStdHandle
GetTempPathW
GetModuleFileNameW
CreateEventA
CopyFileW
lstrcmpA
ExitProcess
lstrcpyA
GetVolumeInformationW
SetFileAttributesW
GetWindowsDirectoryW
GetProcAddress
GetLastError
CreateFileW
ReadFile
GetFileAttributesW
LoadLibraryW
WriteFile
GetModuleHandleW
lstrlenA
lstrcpyW
lstrcatW
GetProcessId
EnterCriticalSection
lstrcpynW
LeaveCriticalSection
GetVersionExW
OpenProcess
DeleteFileW
CloseHandle
lstrcmpiW
CreateEventW
MoveFileW
lstrcmpiA
Sleep
PostQueuedCompletionStatus
CreateSemaphoreA
CreateIoCompletionPort
GetQueuedCompletionStatus
ReleaseSemaphore
QueryPerformanceFrequency
GetSystemDirectoryA
GetSystemInfo
CreateFileMappingA
FormatMessageA
LoadLibraryExA
LoadLibraryExW
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
ResumeThread
VirtualProtect
InterlockedCompareExchange
SetFilePointer
InitializeCriticalSection
SetEvent
WaitForSingleObject
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind
HeapAlloc
HeapFree
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
GetStdHandle
GetModuleFileNameA
HeapSize
DeleteCriticalSection
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
GetLocaleInfoW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetTimeZoneInformation
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetTempFileNameW
CreateFileA
FindFirstFileW
MapViewOfFile
UnmapViewOfFile
VirtualQuery
SetEndOfFile
CreateProcessW
GlobalSize
GlobalLock
GetLogicalDrives
GetProcessHeap
IsBadReadPtr
GetDriveTypeA
FileTimeToSystemTime
lstrcmpW
lstrlenW
GetFileSizeEx
GetCurrentDirectoryW
FindClose
GetLocalTime
Process32FirstW
ProcessIdToSessionId
CreateFileMappingW
RemoveDirectoryW
QueryDosDeviceW
DeviceIoControl
Module32FirstW
Process32NextW
GetModuleHandleA
FindNextFileW
CreateToolhelp32Snapshot
OpenEventW
Module32NextW
FileTimeToLocalFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetFileSize

user32

GetSystemMetrics
wsprintfA
wsprintfW

advapi32

RegCloseKey
GetTokenInformation
CreateServiceW
CloseServiceHandle
OpenSCManagerW
StartServiceCtrlDispatcherW
DeleteService
RegSetValueExA
RegCreateKeyExW
CreateProcessAsUserW
InitializeSecurityDescriptor
SetTokenInformation
SetSecurityDescriptorDacl
RegCreateKeyExA
LookupPrivilegeValueW
StartServiceW
DuplicateTokenEx
QueryServiceStatus
SetFileSecurityW
AllocateAndInitializeSid
SetEntriesInAclW
RegEnumValueW
FreeSid
RegSetKeySecurity
ControlService
AdjustTokenPrivileges
RegSetValueExW
GetUserNameW
CryptGenRandom
CryptAcquireContextA
OpenServiceW
QueryServiceConfigW
RegNotifyChangeKeyValue
RegOpenKeyExW
SetServiceStatus
ChangeServiceConfigW
ChangeServiceConfig2W
QueryServiceConfig2W
RegisterServiceCtrlHandlerExW
OpenProcessToken

shell32

SHGetSpecialFolderLocation
ord165
SHGetPathFromIDListW

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

shlwapi

wnsprintfW
StrStrIA
StrStrIW
PathFileExistsW
StrNCatA
StrNCatW
SHDeleteValueW
SHDeleteKeyW
PathQuoteSpacesW
PathFindFileNameW
PathAppendW
PathFindExtensionW
PathMatchSpecW
PathRemoveExtensionW
wvnsprintfW
PathIsDirectoryW
SHGetValueA
PathRemoveFileSpecW
SHSetValueA
StrChrW
SHGetValueW
StrCmpNIW
SHSetValueW
StrChrA
wnsprintfA
wvnsprintfA
SHDeleteValueA
PathFileExistsA
SHCreateStreamOnFileW
StrRChrW
StrCatBuffW

version

VerQueryValueW
GetFileVersionInfoW

ws2_32

setsockopt
bind
closesocket
socket
select
htons
WSAGetLastError
connect
WSAIoctl
recvfrom
WSAStartup
shutdown
getnameinfo
WSASetLastError
getsockopt
listen
send
recv
ioctlsocket
WSASend
WSARecv
ntohl
ntohs
getservbyname
getprotobynumber
freeaddrinfo
getaddrinfo
accept
getsockname
htonl
getpeername
WSAGetOverlappedResult

psapi

GetProcessImageFileNameW

ole32

GetHGlobalFromStream
CoInitializeEx
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateGuid
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantChangeType
VariantClear

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

Exports

Exports

A0746EA1
A0746EA2
A0746EA3
A0E6108C
A0bE45C8
A24F1852
A86B40F2
AF30E1CF
B30715A7
B30715A8
B30715A9
BAC55B0A
C1FB4838
C3206E88
CA68EAC2
CC35024C
D1B7856C
E1034A78
E2FE52CB
E43697C5
E7248970
E7248971
E7248972
E7248973
E7248974
E7248975
E7248976
E7248977
F247DB7F
F3814E8B
FB7C34E6

Sections

.text
Size: 525KB - Virtual size: 525KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pobus64.exe
.exe windows:5 windows x64 arch:x64

5470786ec23024288e11369382a00236

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

96:f3:ba:67:b0:01:8a:89:3c:f8:e8:c8:c5:ed:c7:a0:04:59:1b:45:07:2e:27:fb:4f:dc:ac:09:60:94:26:a4
Signer

Actual PE Digest

96:f3:ba:67:b0:01:8a:89:3c:f8:e8:c8:c5:ed:c7:a0:04:59:1b:45:07:2e:27:fb:4f:dc:ac:09:60:94:26:a4

Digest Algorithm

sha256

PE Digest Matches

true

92:bf:64:35:36:0e:94:b5:7f:59:0d:d4:e5:55:ce:65:d4:ec:6f:53
Signer

Actual PE Digest

92:bf:64:35:36:0e:94:b5:7f:59:0d:d4:e5:55:ce:65:d4:ec:6f:53

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

e:\po\trunk\modules\pohost\Release\pobus64.pdb

Imports

kernel32

WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateThread
OutputDebugStringA
SetLastError
GetFileAttributesExW
ResetEvent
GetTickCount
LocalFree
SetProcessShutdownParameters
LocalAlloc
OutputDebugStringW
MoveFileExW
lstrcpynA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
ResumeThread
ExitThread
PeekNamedPipe
GetFileInformationByHandle
SetStdHandle
GetTempPathW
GetModuleFileNameW
CreateEventA
CopyFileW
lstrcmpA
ExitProcess
lstrcpyA
GetVolumeInformationW
SetFileAttributesW
GetWindowsDirectoryW
GetProcAddress
GetLastError
CreateFileW
ReadFile
GetFileAttributesW
LoadLibraryW
WriteFile
GetModuleHandleW
lstrlenA
lstrcpyW
lstrcatW
GetProcessId
EnterCriticalSection
lstrcpynW
LeaveCriticalSection
GetVersionExW
OpenProcess
DeleteFileW
CloseHandle
lstrcmpiW
CreateEventW
MoveFileW
lstrcmpiA
Sleep
PostQueuedCompletionStatus
CreateSemaphoreA
CreateIoCompletionPort
GetQueuedCompletionStatus
ReleaseSemaphore
QueryPerformanceFrequency
GetSystemDirectoryA
GetSystemInfo
CreateFileMappingA
FormatMessageA
SetFilePointer
GetFileSize
GetDiskFreeSpaceExW
GetDriveTypeW
FileTimeToLocalFileTime
Module32NextW
OpenEventW
CreateToolhelp32Snapshot
InitializeCriticalSection
SetEvent
WaitForSingleObject
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoW
RaiseException
RtlPcToFileHeader
RtlUnwindEx
HeapAlloc
HeapFree
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
GetCurrentThreadId
FlsAlloc
GetStdHandle
GetModuleFileNameA
HeapSize
DeleteCriticalSection
SetConsoleCtrlHandler
FreeLibrary
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoW
GetLocaleInfoA
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetTimeZoneInformation
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetTempFileNameW
CreateFileA
FindFirstFileW
MapViewOfFile
UnmapViewOfFile
VirtualQuery
SetEndOfFile
CreateProcessW
GlobalSize
GlobalLock
GetLogicalDrives
GetProcessHeap
IsBadReadPtr
GetDriveTypeA
FileTimeToSystemTime
lstrcmpW
lstrlenW
GetFileSizeEx
GetCurrentDirectoryW
FindClose
GetLocalTime
Process32FirstW
ProcessIdToSessionId
CreateFileMappingW
RemoveDirectoryW
QueryDosDeviceW
DeviceIoControl
Module32FirstW
Process32NextW
GetModuleHandleA
FindNextFileW

user32

wsprintfW
GetSystemMetrics
wsprintfA

advapi32

GetTokenInformation
CreateServiceW
CloseServiceHandle
OpenSCManagerW
StartServiceCtrlDispatcherW
DeleteService
RegSetValueExA
RegCreateKeyExW
CreateProcessAsUserW
InitializeSecurityDescriptor
SetTokenInformation
SetSecurityDescriptorDacl
RegCreateKeyExA
LookupPrivilegeValueW
StartServiceW
DuplicateTokenEx
QueryServiceStatus
SetFileSecurityW
AllocateAndInitializeSid
SetEntriesInAclW
RegEnumValueW
FreeSid
RegSetKeySecurity
ControlService
AdjustTokenPrivileges
RegSetValueExW
GetUserNameW
CryptGenRandom
CryptAcquireContextA
OpenServiceW
RegCloseKey
QueryServiceConfigW
RegNotifyChangeKeyValue
RegOpenKeyExW
SetServiceStatus
ChangeServiceConfigW
ChangeServiceConfig2W
QueryServiceConfig2W
RegisterServiceCtrlHandlerExW
OpenProcessToken

shell32

SHGetPathFromIDListW
ord165
SHGetSpecialFolderLocation

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

shlwapi

wnsprintfW
StrStrIA
StrStrIW
PathFileExistsW
StrNCatW
SHDeleteValueW
SHDeleteKeyW
PathQuoteSpacesW
PathFindFileNameW
PathAppendW
PathFindExtensionW
PathMatchSpecW
PathRemoveExtensionW
wvnsprintfW
PathIsDirectoryW
SHGetValueA
PathRemoveFileSpecW
SHSetValueA
StrChrW
SHGetValueW
StrCmpNIW
SHSetValueW
StrChrA
wnsprintfA
wvnsprintfA
SHDeleteValueA
PathFileExistsA
SHCreateStreamOnFileW
StrRChrW
StrNCatA
StrCatBuffW

version

VerQueryValueW
GetFileVersionInfoW

ws2_32

bind
recvfrom
closesocket
socket
setsockopt
htons
WSAGetLastError
connect
WSAIoctl
WSAStartup
shutdown
getnameinfo
WSASetLastError
getsockopt
listen
send
recv
ioctlsocket
WSASend
WSARecv
ntohl
ntohs
getservbyname
getprotobynumber
freeaddrinfo
getaddrinfo
accept
getsockname
htonl
getpeername
select
WSAGetOverlappedResult

psapi

GetProcessImageFileNameW

ole32

GetHGlobalFromStream
CoInitializeEx
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateGuid
CoCreateInstance

oleaut32

SysAllocString
VariantClear
SysFreeString
VariantChangeType
VariantInit

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

Exports

Exports

A0746EA1
A0746EA2
A0746EA3
A0E6108C
A0bE45C8
A24F1852
A86B40F2
AF30E1CF
B30715A7
B30715A8
B30715A9
BAC55B0A
C1FB4838
C3206E88
CA68EAC2
CC35024C
D1B7856C
E1034A78
E2FE52CB
E43697C5
E7248970
E7248971
E7248972
E7248973
E7248974
E7248975
E7248976
E7248977
F247DB7F
F3814E8B
FB7C34E6

Sections

.text
Size: 728KB - Virtual size: 728KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
poda32.exe
.exe windows:5 windows x86 arch:x86

08469ec67f817f7166fe925d0b3376cf

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

88:5e:b9:2d:62:e1:4a:b7:c3:47:88:90:fc:88:be:7d:19:33:d5:64:b8:a2:a9:38:62:9d:7f:69:18:da:7f:04
Signer

Actual PE Digest

88:5e:b9:2d:62:e1:4a:b7:c3:47:88:90:fc:88:be:7d:19:33:d5:64:b8:a2:a9:38:62:9d:7f:69:18:da:7f:04

Digest Algorithm

sha256

PE Digest Matches

true

7c:9f:40:25:40:7c:ca:d4:a8:42:79:7f:3b:2f:c2:d1:f9:7f:57:0e
Signer

Actual PE Digest

7c:9f:40:25:40:7c:ca:d4:a8:42:79:7f:3b:2f:c2:d1:f9:7f:57:0e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\po\trunk\modules\poagent\Release\poda32.pdb

Imports

kernel32

GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
lstrcpyA
CreateThread
lstrlenW
GetCurrentThread
lstrcpynA
lstrcpyW
DeleteFileW
SetProcessShutdownParameters
lstrcatW
OpenEventA
GetLastError
GetTempPathW
CreateEventA
WaitForSingleObject
lstrcpynW
LoadLibraryExA
LoadLibraryExW
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
ResumeThread
VirtualProtect
InterlockedCompareExchange
SetFilePointer
OutputDebugStringW
GetFileSize
GetWindowsDirectoryW
SetFileAttributesW
Module32NextW
OpenEventW
CreateToolhelp32Snapshot
FindNextFileW
Process32NextW
Module32FirstW
CloseHandle
Sleep
lstrcmpA
RemoveDirectoryW
CreateFileMappingW
ProcessIdToSessionId
Process32FirstW
FindClose
lstrcmpiA
GetCurrentDirectoryW
GetFileSizeEx
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
ExitProcess
GetStartupInfoW
RaiseException
RtlUnwind
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapFree
HeapAlloc
HeapSize
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoW
GetLocaleInfoA
VirtualAlloc
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetEvent
GetLocalTime
CreateEventW
GetFileAttributesExW
lstrcmpiW
GetModuleHandleA
CreateFileA
FindFirstFileW
lstrlenA
MapViewOfFile
UnmapViewOfFile
VirtualQuery
CreateProcessW
GlobalSize
GlobalLock
GetProcessHeap
IsBadReadPtr
InitializeCriticalSection
OpenProcess
LoadLibraryW
CopyFileW
GetFileAttributesW
ReadFile
CreateFileW
lstrcmpW

user32

wsprintfW
GetMessageW
TranslateMessage
RegisterClassExW
IsWindow
CreateWindowExW
DispatchMessageA
MessageBoxW
UpdateWindow
RegisterHotKey
DefWindowProcW

gdi32

GetStockObject

advapi32

CreateProcessAsUserW
RegEnumValueW
RegOpenKeyExW
OpenProcessToken
RegCreateKeyExW
LookupPrivilegeValueW
RegSetValueExW
RegCloseKey
AdjustTokenPrivileges
GetUserNameW
ImpersonateLoggedOnUser
RegOpenCurrentUser
RevertToSelf

shell32

SHGetDesktopFolder
SHGetSpecialFolderPathW
SHOpenFolderAndSelectItems
ord165

ole32

CreateStreamOnHGlobal
CoTaskMemFree
CoCreateGuid
GetHGlobalFromStream
CoInitialize

wtsapi32

WTSQueryUserToken

secur32

GetUserNameExW

shlwapi

PathFileExistsW
StrChrW
StrStrIW
PathAddBackslashW
SHGetValueW
SHDeleteKeyW
PathRemoveFileSpecW
StrCatBuffW
wnsprintfW
SHDeleteValueW
PathIsDirectoryW
StrNCatW
PathAppendW
PathQuoteSpacesW
wnsprintfA
wvnsprintfW
PathFindFileNameW
wvnsprintfA
StrStrIA
PathRemoveExtensionW
PathFindExtensionW
SHGetValueA
SHCreateStreamOnFileW
PathFileExistsA
StrNCatA
StrRChrW
StrChrA
SHSetValueW

version

VerQueryValueW
GetFileVersionInfoW

ws2_32

htons
bind
WSAGetLastError
socket
WSAStartup
recvfrom

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

libcurl32

curl_easy_init
curl_slist_append
curl_free
curl_easy_setopt
curl_easy_perform
curl_easy_strerror
curl_easy_cleanup
curl_global_init
curl_easy_reset
curl_slist_free_all
curl_formfree
curl_formadd
curl_easy_getinfo
curl_easy_escape

Exports

Exports

A0746EA1
A0746EA2
A0746EA3
A0E6108C
A0bE45C8
A24F1852
A86B40F2
AE399B5D
AF30E1CF
B30715A7
B30715A8
B30715A9
C3206E88
CA68EAC2
CC35024C
D3E5EE71
E1034A78
E2FE52CB
E43697C5
E7248970
E7248971
E7248972
E7248973
E7248974
E7248975
E7248976
E7248977
F247DB7F
F3814E8B
FB7C34E6

Sections

.text
Size: 261KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
poda64.exe
.exe windows:5 windows x64 arch:x64

cbb4398522ea0dc551d39ffa3f87d2a4

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d6:fa:7e:0e:4c:b0:7f:89:4a:f1:84:89:2b:2d:ce:37:65:d0:ed:ad:86:63:47:dd:b4:f9:f1:a8:54:45:4a:27
Signer

Actual PE Digest

d6:fa:7e:0e:4c:b0:7f:89:4a:f1:84:89:2b:2d:ce:37:65:d0:ed:ad:86:63:47:dd:b4:f9:f1:a8:54:45:4a:27

Digest Algorithm

sha256

PE Digest Matches

true

67:ce:7e:93:02:03:cc:4a:bb:0c:74:ba:a1:95:84:dc:57:ef:cb:22
Signer

Actual PE Digest

67:ce:7e:93:02:03:cc:4a:bb:0c:74:ba:a1:95:84:dc:57:ef:cb:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

e:\po\trunk\modules\poagent\Release\poda64.pdb

Imports

kernel32

GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
lstrcpyA
lstrlenW
GetCurrentThread
lstrcpynA
lstrcpyW
DeleteFileW
SetProcessShutdownParameters
lstrcatW
GetLastError
GetTempPathW
CreateEventA
WaitForSingleObject
lstrcpynW
LoadLibraryExA
LoadLibraryExW
VirtualAlloc
SuspendThread
VirtualFree
GetThreadContext
SetThreadContext
FlushInstructionCache
ResumeThread
VirtualProtect
SetFilePointer
OutputDebugStringW
GetFileSize
GetWindowsDirectoryW
SetFileAttributesW
Module32NextW
OpenEventW
CreateToolhelp32Snapshot
FindNextFileW
CloseHandle
Sleep
lstrcmpA
Process32NextW
Module32FirstW
RemoveDirectoryW
CreateFileMappingW
ProcessIdToSessionId
Process32FirstW
FindClose
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
GetProcAddress
ExitProcess
GetStartupInfoW
RaiseException
RtlPcToFileHeader
RtlUnwindEx
WriteFile
GetStdHandle
GetModuleFileNameA
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
HeapFree
HeapAlloc
HeapSize
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoW
GetLocaleInfoA
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetEvent
GetLocalTime
CreateEventW
GetFileAttributesExW
CreateThread
lstrcmpiW
GetModuleHandleA
CreateFileA
FindFirstFileW
lstrlenA
MapViewOfFile
UnmapViewOfFile
VirtualQuery
CreateProcessW
GlobalSize
GlobalLock
GetProcessHeap
IsBadReadPtr
InitializeCriticalSection
OpenProcess
LoadLibraryW
CopyFileW
GetFileAttributesW
ReadFile
CreateFileW
lstrcmpW
GetFileSizeEx
GetCurrentDirectoryW
lstrcmpiA

user32

wsprintfW
GetMessageW
TranslateMessage
RegisterClassExW
IsWindow
CreateWindowExW
DispatchMessageA
MessageBoxW
UpdateWindow
DefWindowProcW

gdi32

GetStockObject

advapi32

CreateProcessAsUserW
RegEnumValueW
OpenProcessToken
RegCreateKeyExW
RegOpenKeyExW
LookupPrivilegeValueW
RegSetValueExW
RegCloseKey
AdjustTokenPrivileges
GetUserNameW
ImpersonateLoggedOnUser
RegOpenCurrentUser
RevertToSelf

shell32

SHGetDesktopFolder
SHGetSpecialFolderPathW
SHOpenFolderAndSelectItems
ord165

ole32

CreateStreamOnHGlobal
CoTaskMemFree
CoCreateGuid
GetHGlobalFromStream
CoInitialize

wtsapi32

WTSQueryUserToken

shlwapi

SHDeleteKeyW
SHGetValueW
PathFileExistsW
StrChrW
StrStrIW
PathAddBackslashW
StrCatBuffW
wnsprintfW
SHDeleteValueW
PathIsDirectoryW
StrNCatW
PathAppendW
wnsprintfA
wvnsprintfW
PathFindFileNameW
wvnsprintfA
StrStrIA
PathRemoveExtensionW
PathFindExtensionW
SHGetValueA
PathRemoveFileSpecW
SHCreateStreamOnFileW
PathFileExistsA
StrNCatA
StrRChrW
StrChrA
SHSetValueW

version

VerQueryValueW
GetFileVersionInfoW

ws2_32

htons
bind
WSAGetLastError
socket
WSAStartup
recvfrom

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

libcurl64

curl_easy_init
curl_slist_append
curl_free
curl_easy_setopt
curl_easy_perform
curl_easy_strerror
curl_easy_cleanup
curl_global_init
curl_easy_reset
curl_slist_free_all
curl_formfree
curl_formadd
curl_easy_getinfo
curl_easy_escape

Exports

Exports

A0746EA1
A0746EA2
A0746EA3
A0E6108C
A0bE45C8
A24F1852
A86B40F2
AE399B5D
AF30E1CF
B30715A7
B30715A8
B30715A9
C3206E88
CA68EAC2
CC35024C
D3E5EE71
E1034A78
E2FE52CB
E43697C5
E7248970
E7248971
E7248972
E7248973
E7248974
E7248975
E7248976
E7248977
F247DB7F
F3814E8B
FB7C34E6

Sections

.text
Size: 358KB - Virtual size: 358KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
podumper32.dll
.dll windows:5 windows x86 arch:x86

5cfe27b2e5d59cfab06cb80771f8da85

Code Sign

0f:2d:cc:39:18:5a:9c:0b:9a:4e:98:4b:ba:9b:8e:e3
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:2d:8c:51:24:3c:49:35:1a:b9:89:cc:ef:19:b5:29
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:1f:44:bb:56:bb:56:e8:3d:4b:9e:e5:85:a4:82:6b:2f:c2:44:5b:c2:1d:95:17:6d:79:ed:df:7d:59:b2:1b
Signer

Actual PE Digest

13:1f:44:bb:56:bb:56:e8:3d:4b:9e:e5:85:a4:82:6b:2f:c2:44:5b:c2:1d:95:17:6d:79:ed:df:7d:59:b2:1b

Digest Algorithm

sha256

PE Digest Matches

true

0b:e9:a0:68:e4:0c:f6:c5:8d:f5:e9:c0:c8:0b:c4:db:e0:9a:d9:4d
Signer

Actual PE Digest

0b:e9:a0:68:e4:0c:f6:c5:8d:f5:e9:c0:c8:0b:c4:db:e0:9a:d9:4d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\podumper\Release\podumper32.pdb

Imports

kernel32

GetCurrentProcessId
FileTimeToLocalFileTime
CloseHandle
GetLocalTime
GetProcAddress
lstrlenW
CreateFileW
GetModuleFileNameW
FileTimeToSystemTime
GetFileAttributesW
LoadLibraryW
GetSystemDirectoryW
OpenProcess
GetProcessTimes
GetCurrentThread
GetModuleHandleW
WaitForSingleObject
GetCurrentProcess
LoadLibraryExA
LoadLibraryExW
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
ResumeThread
VirtualProtect
InterlockedCompareExchange
OutputDebugStringW
SetFileAttributesW
SetUnhandledExceptionFilter
DisableThreadLibraryCalls
lstrcmpA
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
HeapAlloc
GetLastError
HeapFree
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
HeapSize
CreateFileA
InitializeCriticalSectionAndSpinCount
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
SetStdHandle
FlushFileBuffers
FreeLibrary
InterlockedExchange
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetEndOfFile
GetProcessHeap
ReadFile
FindFirstFileW
lstrlenA
VirtualQuery
CreateProcessW
InitializeCriticalSection
GetVersionExW
lstrcpynW
lstrcmpW
GetCurrentDirectoryW
FindClose
Process32FirstW
RemoveDirectoryW
Module32FirstW
Process32NextW
lstrcmpiW
GetModuleHandleA
FindNextFileW
CreateToolhelp32Snapshot
Module32NextW
DeleteFileW
lstrcpyW

user32

MessageBoxW

shell32

SHCreateDirectoryExW

shlwapi

wvnsprintfW
PathFindFileNameW
PathFileExistsW
SHGetValueW
StrCmpNIW
wvnsprintfA
StrCatW
wnsprintfW
PathAppendW

Exports

Exports

InitCrashHandler
RundllFun
Test

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
podumper64.dll
.dll windows:5 windows x64 arch:x64

d11fa07a19b5e71ef12b30ec447f6056

Code Sign

0f:2d:cc:39:18:5a:9c:0b:9a:4e:98:4b:ba:9b:8e:e3
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:2d:8c:51:24:3c:49:35:1a:b9:89:cc:ef:19:b5:29
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

bc:86:5c:70:a4:e7:c9:76:5c:fa:7d:65:60:ab:54:81:06:dc:4d:39:8b:dd:b3:4f:81:a5:01:7c:96:df:a9:c0
Signer

Actual PE Digest

bc:86:5c:70:a4:e7:c9:76:5c:fa:7d:65:60:ab:54:81:06:dc:4d:39:8b:dd:b3:4f:81:a5:01:7c:96:df:a9:c0

Digest Algorithm

sha256

PE Digest Matches

true

dc:bc:c0:9c:62:cf:11:a0:49:9e:83:01:f9:2c:30:13:cf:1a:89:e6
Signer

Actual PE Digest

dc:bc:c0:9c:62:cf:11:a0:49:9e:83:01:f9:2c:30:13:cf:1a:89:e6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\podumper\Release\podumper64.pdb

Imports

kernel32

GetCurrentProcessId
FileTimeToLocalFileTime
CloseHandle
GetLocalTime
GetProcAddress
lstrlenW
CreateFileW
GetModuleFileNameW
FileTimeToSystemTime
GetFileAttributesW
LoadLibraryW
GetSystemDirectoryW
OpenProcess
GetProcessTimes
GetCurrentThread
GetModuleHandleW
WaitForSingleObject
GetCurrentProcess
OutputDebugStringW
SetFileAttributesW
lstrcpyW
DeleteFileW
Module32NextW
CreateToolhelp32Snapshot
FindNextFileW
SetUnhandledExceptionFilter
DisableThreadLibraryCalls
lstrcmpA
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
HeapAlloc
GetLastError
HeapFree
WriteFile
GetStdHandle
GetModuleFileNameA
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
HeapSize
CreateFileA
InitializeCriticalSectionAndSpinCount
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
SetStdHandle
FlushFileBuffers
HeapReAlloc
FreeLibrary
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetEndOfFile
GetProcessHeap
ReadFile
VirtualQuery
VirtualProtect
ResumeThread
FlushInstructionCache
SetThreadContext
GetThreadContext
VirtualFree
SuspendThread
VirtualAlloc
LoadLibraryExW
LoadLibraryExA
FindFirstFileW
lstrlenA
CreateProcessW
InitializeCriticalSection
GetVersionExW
lstrcpynW
lstrcmpW
GetCurrentDirectoryW
FindClose
Process32FirstW
RemoveDirectoryW
Module32FirstW
Process32NextW
lstrcmpiW
GetModuleHandleA

user32

MessageBoxW

shell32

SHCreateDirectoryExW

shlwapi

wvnsprintfW
PathFindFileNameW
PathFileExistsW
SHGetValueW
StrCmpNIW
wvnsprintfA
StrCatW
wnsprintfW
PathAppendW

Exports

Exports

InitCrashHandler
RundllFun
Test

Sections

.text
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
poflt32.sys
.sys windows:6 windows x86 arch:x86

38fe47ff1ab13be87731fb7741418312

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4a:8d:04:60:a6:dd:14:97:df:a0:46:a6:5f:38:87:85:39:ec:e6:e4
Signer

Actual PE Digest

4a:8d:04:60:a6:dd:14:97:df:a0:46:a6:5f:38:87:85:39:ec:e6:e4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\po\trunk\modules\poflt\sys\Debug\i386\poflt32.pdb

Imports

ntoskrnl.exe

_wcsicmp
_stricmp
wcsncmp
memmove
RtlCompareUnicodeString
ExAllocatePoolWithTag
ExFreePoolWithTag
wcsstr
_vsnwprintf
PsSetCreateProcessNotifyRoutine
_vsnprintf
MmGetSystemRoutineAddress
RtlInitUnicodeString
ObfDereferenceObject
memcpy
PsLookupProcessByProcessId
ZwClose
ZwCreateFile
ZwReadFile
ZwQueryInformationFile
KeTickCount
KeQueryTimeIncrement
_alldiv
_allmul
KeBugCheckEx
RtlUnwind
PsGetCurrentProcessId
memset
MmIsAddressValid
IoDeleteSymbolicLink
IoDeleteDevice
RtlAssert
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
ObOpenObjectByPointer
DbgPrint

hal

KeGetCurrentIrql

fltmgr.sys

FltStartFiltering
FltUnregisterFilter
FltCreateFile
FltClose
FltGetFileNameInformation
FltParseFileNameInformation
FltReleaseFileNameInformation
FltRegisterFilter

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
poflt64.sys
.sys windows:6 windows x64 arch:x64

e5e37374456e5f4f3f3e614869606fbd

Code Sign

33:00:00:00:62:f4:5c:f9:9e:58:a9:6a:89:00:00:00:00:00:62
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/04/2023, 19:16

Not After

03/04/2024, 19:16

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

17:98:99:99:55:70:f3:c5:39:65:c3:c2:2b:2e:06:66:79:56:c0:e4:f7:7c:1b:91:9d:0c:c3:d9:98:9b:7f:85
Signer

Actual PE Digest

17:98:99:99:55:70:f3:c5:39:65:c3:c2:2b:2e:06:66:79:56:c0:e4:f7:7c:1b:91:9d:0c:c3:d9:98:9b:7f:85

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

e:\po\trunk\modules\poflt\sys\Debug\amd64\poflt64.pdb

Imports

ntoskrnl.exe

_stricmp
_wcsicmp
ExAllocatePoolWithTag
ExFreePoolWithTag
wcsstr
_vsnwprintf
RtlCompareUnicodeString
wcsncmp
PsSetCreateProcessNotifyRoutine
PsLookupProcessByProcessId
MmIsAddressValid
RtlInitUnicodeString
MmGetSystemRoutineAddress
ZwCreateFile
_vsnprintf
KeQueryTimeIncrement
ZwClose
ObfDereferenceObject
ZwQueryInformationFile
ObOpenObjectByPointer
KeBugCheckEx
PsGetCurrentProcessId
DbgPrint
RtlAssert
IoCreateDevice
IoCreateSymbolicLink
IofCompleteRequest
IoDeleteDevice
ZwReadFile
IoDeleteSymbolicLink
__C_specific_handler

fltmgr.sys

FltParseFileNameInformation
FltReleaseFileNameInformation
FltRegisterFilter
FltUnregisterFilter
FltGetFileNameInformation
FltClose
FltCreateFile
FltStartFiltering

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
poflt64_win7.sys
.sys windows:6 windows x64 arch:x64

e5e37374456e5f4f3f3e614869606fbd

Code Sign

01
Certificate

Issuer

CN=Microsoft Authenticode(tm) Root Authority,O=MSFT,C=US

Not Before

01/01/1995, 08:00

Not After

31/12/1999, 23:59

Subject

CN=Microsoft Authenticode(tm) Root Authority,O=MSFT,C=US

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:2d:cc:39:18:5a:9c:0b:9a:4e:98:4b:ba:9b:8e:e3
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

79:ad:16:a1:4a:a0:a5:ad:4c:73:58:f4:07:13:2e:65
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

09/05/2001, 23:19

Not After

09/05/2021, 23:28

Subject

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

72:94:04:10:1f:3e:0c:a3:47:83:7f:ca:17:5a:84:38
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/11/2005, 13:46

Not After

01/11/2025, 13:54

Subject

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

c1:a9:2d:5a:fc:24:44:c1:fd:8e:3a:60:4e:78:bc:ac:da:f8:da:d1
Signer

Actual PE Digest

c1:a9:2d:5a:fc:24:44:c1:fd:8e:3a:60:4e:78:bc:ac:da:f8:da:d1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

e:\po\trunk\modules\poflt\sys\Debug\amd64\poflt64.pdb

Imports

ntoskrnl.exe

_stricmp
_wcsicmp
ExAllocatePoolWithTag
ExFreePoolWithTag
wcsstr
_vsnwprintf
RtlCompareUnicodeString
wcsncmp
PsSetCreateProcessNotifyRoutine
PsLookupProcessByProcessId
MmIsAddressValid
RtlInitUnicodeString
MmGetSystemRoutineAddress
ZwCreateFile
_vsnprintf
KeQueryTimeIncrement
ZwClose
ObfDereferenceObject
ZwQueryInformationFile
ObOpenObjectByPointer
KeBugCheckEx
PsGetCurrentProcessId
DbgPrint
RtlAssert
IoCreateDevice
IoCreateSymbolicLink
IofCompleteRequest
IoDeleteDevice
ZwReadFile
IoDeleteSymbolicLink
__C_specific_handler

fltmgr.sys

FltParseFileNameInformation
FltReleaseFileNameInformation
FltRegisterFilter
FltUnregisterFilter
FltGetFileNameInformation
FltClose
FltCreateFile
FltStartFiltering

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pomqc3.dll
.dll windows:5 windows x86 arch:x86

227910cfacfe1c59467a7fc01c7bdff8

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:e1:2d:af:eb:bc:98:9e:4c:f1:72:a6:43:f4:09:13:e0:67:54:e5:50:5f:41:f9:d1:c4:39:c5:3b:16:f6:5c
Signer

Actual PE Digest

11:e1:2d:af:eb:bc:98:9e:4c:f1:72:a6:43:f4:09:13:e0:67:54:e5:50:5f:41:f9:d1:c4:39:c5:3b:16:f6:5c

Digest Algorithm

sha256

PE Digest Matches

true

23:eb:9d:6a:56:38:0f:ad:b9:48:0d:b1:71:8c:5e:bc:9b:2f:08:1a
Signer

Actual PE Digest

23:eb:9d:6a:56:38:0f:ad:b9:48:0d:b1:71:8c:5e:bc:9b:2f:08:1a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\po\trunk\modules\pomqc3\Release\pomqc3.pdb

Imports

shlwapi

wnsprintfW
wvnsprintfW
wvnsprintfA
SHGetValueA
PathFindFileNameW
StrChrA
SHGetValueW
SHSetValueW
StrCmpNIA
SHSetValueA
wnsprintfA
SHDeleteValueA
PathAppendW
StrStrIA

ws2_32

WSAGetOverlappedResult
setsockopt
WSAGetLastError
htons
WSAWaitForMultipleEvents
send
recv
connect
WSASocketW
WSACreateEvent
WSACloseEvent
closesocket
WSAIoctl
bind
inet_ntoa
inet_addr
WSAStartup
socket

iphlpapi

GetAdaptersInfo

dnsapi

DnsQuery_A
DnsFree

kernel32

VirtualFree
VirtualAlloc
LoadLibraryExW
FreeLibraryAndExitThread
FreeLibrary
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
VirtualProtect
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ReleaseSemaphore
CreateTimerQueueTimer
GetSystemDirectoryW
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
GetProcessAffinityMask
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
InterlockedPopEntrySList
ChangeTimerQueueTimer
InterlockedPushEntrySList
lstrlenW
CreateEventW
GetWindowsDirectoryW
GetCurrentProcessId
lstrcpyA
lstrcpyW
SetLastError
GetModuleFileNameW
GetCurrentThreadId
lstrcmpA
GetModuleHandleA
CreateThread
GetProcAddress
ReadFile
WriteFile
CreateFileW
Sleep
CloseHandle
GetLastError
LoadLibraryW
GetModuleHandleW
CancelIo
HeapFree
EnterCriticalSection
InterlockedFlushSList
GetCurrentProcess
TerminateProcess
LeaveCriticalSection
InitializeCriticalSection
lstrlenA
FindClose
WaitForSingleObject
GetVersionExW
GetACP
CreateToolhelp32Snapshot
MultiByteToWideChar
GetFileAttributesExW
SetEvent
HeapAlloc
Module32FirstW
GetLocalTime
SetFilePointerEx
GetProcessHeap
WideCharToMultiByte
lstrcmpiA
Module32NextW
GetTickCount
DisableThreadLibraryCalls
TerminateThread
DeleteCriticalSection
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DecodePointer
EncodePointer
GetExitCodeThread
GetCurrentThread
WaitForSingleObjectEx
DuplicateHandle
QueryPerformanceCounter
TryEnterCriticalSection
QueryDepthSList
UnregisterWaitEx
RaiseException
RtlUnwind
ExitThread
GetModuleHandleExW
HeapReAlloc
ExitProcess
GetModuleFileNameA
GetStdHandle
GetFileType
GetConsoleMode
ReadConsoleW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
WriteConsoleW
HeapSize
VirtualQuery

user32

MessageBoxA

advapi32

CryptReleaseContext
CryptGenRandom
CryptAcquireContextW

Exports

Exports

InitWinSock22
T
cui_test
mqAlloc
mqClose
mqCreate
mqDel
mqFree
mqGet
mqKeys
mqPublish
mqPublishEx
mqRequest
mqSet
mqSubscribe
mqSupportRequest
mqUnsubscribe
mqUnsupportRequest
mqUnwatch
mqWatch

Sections

.text
Size: 443KB - Virtual size: 442KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pomqc364.dll
.dll windows:5 windows x64 arch:x64

5d5b9358878f4cb4b007dd2ecf83ea69

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:c1:0a:c7:92:c4:59:a6:4a:41:e7:59:60:2d:3d:02:da:78:eb:1e:be:27:1f:2c:ff:50:2a:36:61:2b:52:cb
Signer

Actual PE Digest

57:c1:0a:c7:92:c4:59:a6:4a:41:e7:59:60:2d:3d:02:da:78:eb:1e:be:27:1f:2c:ff:50:2a:36:61:2b:52:cb

Digest Algorithm

sha256

PE Digest Matches

true

7c:c5:28:79:eb:ca:b8:0b:75:b8:2d:36:4d:e6:d7:0d:9a:c8:91:55
Signer

Actual PE Digest

7c:c5:28:79:eb:ca:b8:0b:75:b8:2d:36:4d:e6:d7:0d:9a:c8:91:55

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\po\trunk\modules\pomqc3\Release\pomqc364.pdb

Imports

shlwapi

wnsprintfW
wvnsprintfW
wvnsprintfA
SHGetValueA
PathFindFileNameW
StrChrA
SHGetValueW
SHSetValueW
StrCmpNIA
SHSetValueA
wnsprintfA
SHDeleteValueA
PathAppendW
StrStrIA

ws2_32

WSACreateEvent
WSAWaitForMultipleEvents
WSAGetOverlappedResult
setsockopt
WSAGetLastError
htons
WSASocketW
connect
socket
send
WSACloseEvent
closesocket
WSAIoctl
bind
inet_ntoa
inet_addr
WSAStartup
recv

iphlpapi

GetAdaptersInfo

dnsapi

DnsQuery_A
DnsFree

kernel32

VirtualFree
VirtualAlloc
LoadLibraryExW
FreeLibraryAndExitThread
FreeLibrary
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
VirtualProtect
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ReleaseSemaphore
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
GetProcessAffinityMask
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
InterlockedPopEntrySList
ChangeTimerQueueTimer
InterlockedPushEntrySList
lstrlenW
CreateEventW
GetWindowsDirectoryW
GetCurrentProcessId
lstrcpyA
lstrcpyW
SetLastError
GetModuleFileNameW
GetCurrentThreadId
lstrcmpA
GetModuleHandleA
CreateThread
GetProcAddress
ReadFile
WriteFile
CreateFileW
Sleep
CloseHandle
GetModuleHandleExW
GetLastError
LoadLibraryW
CancelIo
HeapFree
EnterCriticalSection
InterlockedFlushSList
TerminateProcess
LeaveCriticalSection
InitializeCriticalSection
lstrlenA
FindClose
WaitForSingleObject
GetVersionExW
GetACP
CreateToolhelp32Snapshot
MultiByteToWideChar
GetFileAttributesExW
SetEvent
HeapAlloc
Module32FirstW
GetLocalTime
SetFilePointerEx
GetProcessHeap
GetModuleHandleW
WideCharToMultiByte
lstrcmpiA
Module32NextW
GetTickCount
VirtualQuery
DisableThreadLibraryCalls
TerminateThread
DeleteCriticalSection
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DecodePointer
EncodePointer
GetExitCodeThread
GetCurrentThread
WaitForSingleObjectEx
DuplicateHandle
QueryPerformanceCounter
TryEnterCriticalSection
QueryDepthSList
UnregisterWaitEx
RtlPcToFileHeader
RaiseException
RtlUnwindEx
ExitThread
HeapReAlloc
ExitProcess
GetModuleFileNameA
GetStdHandle
GetFileType
GetConsoleMode
ReadConsoleW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
WriteConsoleW
HeapSize
GetCurrentProcess

user32

MessageBoxA

advapi32

CryptReleaseContext
CryptGenRandom
CryptAcquireContextW

Exports

Exports

InitWinSock22
T
cui_test
mqAlloc
mqClose
mqCreate
mqDel
mqFree
mqGet
mqKeys
mqPublish
mqPublishEx
mqRequest
mqSet
mqSubscribe
mqSupportRequest
mqUnsubscribe
mqUnsupportRequest
mqUnwatch
mqWatch

Sections

.text
Size: 521KB - Virtual size: 521KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
poprotect32.dll
.dll windows:5 windows x86 arch:x86

85e82dca0be3242fa52d51efd92eb02e

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

86:ee:b5:2d:23:c7:a3:8a:a5:bf:d8:7d:af:d5:6a:ab:d0:cb:d6:73:73:2b:fc:df:d4:06:1b:89:e4:f9:c7:ca
Signer

Actual PE Digest

86:ee:b5:2d:23:c7:a3:8a:a5:bf:d8:7d:af:d5:6a:ab:d0:cb:d6:73:73:2b:fc:df:d4:06:1b:89:e4:f9:c7:ca

Digest Algorithm

sha256

PE Digest Matches

true

59:70:6e:41:c2:ea:c5:15:2b:83:34:39:1d:86:5f:7e:45:68:9c:d4
Signer

Actual PE Digest

59:70:6e:41:c2:ea:c5:15:2b:83:34:39:1d:86:5f:7e:45:68:9c:d4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\poprotect\release\poprotect32.pdb

Imports

kernel32

GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
DeleteCriticalSection
CreateEventW
EnterCriticalSection
SetLastError
GetTempPathW
LeaveCriticalSection
InitializeCriticalSection
OutputDebugStringW
WaitForSingleObject
lstrlenW
lstrcpynW
OpenProcess
DeviceIoControl
CreateThread
GetWindowsDirectoryW
GetSystemDirectoryW
CloseHandle
CreateFileW
Sleep
SetFilePointer
lstrcpyA
lstrcpyW
LocalFree
DeleteFileW
Module32NextW
OpenEventW
GetFileAttributesExW
CreateToolhelp32Snapshot
lstrcatW
GetModuleHandleA
DisableThreadLibraryCalls
lstrcmpA
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
HeapAlloc
HeapFree
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
HeapSize
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
LoadLibraryA
GetLocaleInfoW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
InterlockedExchange
InitializeCriticalSectionAndSpinCount
CreateFileA
lstrlenA
VirtualQuery
lstrcpynA
CreateProcessW
SetEvent
GetLogicalDrives
LoadLibraryW
FormatMessageW
GetVersionExW
GetFileAttributesW
ReadFile
GetModuleFileNameW
GetLocalTime
Process32FirstW
ProcessIdToSessionId
QueryDosDeviceW
Module32FirstW
Process32NextW
lstrcmpiW
WriteConsoleW

user32

GetWindowRect
GetDesktopWindow
IsWindow
MoveWindow
SetTimer
GetWindowTextLengthA
SendMessageA
GetWindowTextA
InvalidateRect
GetDlgItem
EndDialog
SetWindowTextA
DialogBoxParamA
SetWindowTextW

advapi32

RegOpenKeyExW
ControlService
CreateServiceW
CloseServiceHandle
OpenProcessToken
DeleteService
OpenSCManagerW
OpenServiceW
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
StartServiceW
QueryServiceStatus
SetFileSecurityW
AllocateAndInitializeSid
SetEntriesInAclW
RegEnumValueW
FreeSid
GetUserNameW
RegCreateKeyExW
RegNotifyChangeKeyValue
RegCloseKey

shlwapi

PathFindFileNameW
PathMatchSpecW
PathFileExistsW
wnsprintfW
SHDeleteKeyW
PathAppendW
wvnsprintfW
PathIsDirectoryW
PathFindExtensionW
StrNCatW
PathRemoveFileSpecW
StrChrW
SHGetValueW
StrCmpNIW
SHSetValueW
StrChrA
wnsprintfA
wvnsprintfA
StrCatW
StrStrIA
StrStrIW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

psapi

GetProcessImageFileNameW

shell32

ord165

ole32

CoCreateGuid

Exports

Exports

Test

Sections

.text
Size: 259KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
poprotect532.sys
.sys windows:6 windows x86 arch:x86

9066601dbfbaf243fce2b34e0ba80598

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

28:5a:ac:c6:dd:be:0a:ab:ad:5e:91:65:fb:97:34:72:d9:15:dd:df
Signer

Actual PE Digest

28:5a:ac:c6:dd:be:0a:ab:ad:5e:91:65:fb:97:34:72:d9:15:dd:df

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\po\trunk\modules\poprotect\Debug\i386\poprotect532.pdb

Imports

ntoskrnl.exe

_allmul
memset
ExFreePoolWithTag
ZwClose
PsLookupThreadByThreadId
PsCreateSystemThread
KeInitializeMutex
KeInitializeEvent
ExAllocatePoolWithTag
DbgPrint
PsTerminateSystemThread
KeResetEvent
KeWaitForSingleObject
ZwCreateFile
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
_vsnwprintf
ZwQueryInformationFile
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwWriteFile
KeReleaseMutex
ObfDereferenceObject
_alldiv
memcpy
MmGetSystemRoutineAddress
ObOpenObjectByPointer
PsLookupProcessByProcessId
RtlAssert
ZwSetValueKey
ZwCreateKey
PsSetCreateProcessNotifyRoutine
ZwDeleteKey
ZwQueryKey
IoCreateSymbolicLink
IoCreateDevice
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
ZwDeleteValueKey
PsGetCurrentProcessId
ZwQueryObject
KeServiceDescriptorTable
ZwOpenProcess
KeTickCount
KeBugCheckEx
KeSetEvent
_allrem
RtlUnwind

hal

KeGetCurrentIrql

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 407KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
poprotect632.sys
.sys windows:6 windows x86 arch:x86

320c27af019f2287474068c36cca9746

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:53:8a:ef:d7:27:a3:0b:b1:e6:97:2e:7f:a1:af:51:11:7a:cf:8e
Signer

Actual PE Digest

0e:53:8a:ef:d7:27:a3:0b:b1:e6:97:2e:7f:a1:af:51:11:7a:cf:8e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\po\trunk\modules\poprotect\Debug\i386\poprotect632.pdb

Imports

ntoskrnl.exe

_allmul
memset
ExFreePoolWithTag
ZwClose
PsLookupThreadByThreadId
PsCreateSystemThread
KeInitializeMutex
KeInitializeEvent
ExAllocatePoolWithTag
DbgPrint
PsTerminateSystemThread
KeResetEvent
KeWaitForSingleObject
ZwCreateFile
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
_vsnwprintf
ZwQueryInformationFile
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwWriteFile
KeReleaseMutex
ObfDereferenceObject
KeSetEvent
memcpy
_alldiv
MmGetSystemRoutineAddress
ObOpenObjectByPointer
PsLookupProcessByProcessId
ZwSetValueKey
ZwCreateKey
PsSetCreateProcessNotifyRoutine
ZwDeleteKey
ZwQueryKey
IoCreateSymbolicLink
IoCreateDevice
IofCompleteRequest
RtlAssert
IoDeleteDevice
IoDeleteSymbolicLink
PsGetCurrentProcessId
CmCallbackGetKeyObjectID
CmRegisterCallbackEx
CmUnRegisterCallback
PsThreadType
PsProcessType
PsGetProcessId
IoThreadToProcess
KeTickCount
KeBugCheckEx
_allrem

hal

KeGetCurrentIrql

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 358B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
poprotect64.dll
.dll windows:5 windows x64 arch:x64

2614edbae2e520b98440fdcfd073f54a

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d9:59:bb:3c:ee:ee:80:d6:b2:ce:e3:a4:7b:22:1c:22:77:40:64:20:8e:92:c8:f2:50:83:85:86:95:9a:55:6d
Signer

Actual PE Digest

d9:59:bb:3c:ee:ee:80:d6:b2:ce:e3:a4:7b:22:1c:22:77:40:64:20:8e:92:c8:f2:50:83:85:86:95:9a:55:6d

Digest Algorithm

sha256

PE Digest Matches

true

23:1e:9f:75:a9:4c:2a:f5:f2:2d:97:43:3a:eb:45:93:c6:c8:c6:e0
Signer

Actual PE Digest

23:1e:9f:75:a9:4c:2a:f5:f2:2d:97:43:3a:eb:45:93:c6:c8:c6:e0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\poprotect\release\poprotect64.pdb

Imports

kernel32

GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
DeleteCriticalSection
CreateEventW
EnterCriticalSection
SetLastError
GetTempPathW
LeaveCriticalSection
InitializeCriticalSection
OutputDebugStringW
WaitForSingleObject
lstrlenW
lstrcpynW
OpenProcess
DeviceIoControl
CreateThread
GetWindowsDirectoryW
GetSystemDirectoryW
CloseHandle
CreateFileW
Sleep
SetFilePointer
lstrcpyA
lstrcpyW
LocalFree
DeleteFileW
Module32NextW
OpenEventW
GetFileAttributesExW
CreateToolhelp32Snapshot
lstrcatW
GetModuleHandleA
lstrcmpiW
DisableThreadLibraryCalls
lstrcmpA
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
HeapAlloc
HeapFree
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
HeapSize
GetModuleHandleW
GetProcAddress
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryA
GetLocaleInfoW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
InitializeCriticalSectionAndSpinCount
CreateFileA
lstrlenA
VirtualQuery
lstrcpynA
CreateProcessW
SetEvent
GetLogicalDrives
FormatMessageW
GetVersionExW
GetFileAttributesW
ReadFile
GetModuleFileNameW
GetLocalTime
Process32FirstW
ProcessIdToSessionId
QueryDosDeviceW
Module32FirstW
Process32NextW
WriteConsoleW

user32

GetWindowRect
GetDesktopWindow
IsWindow
MoveWindow
SetTimer
GetWindowTextLengthA
SendMessageA
GetWindowTextA
InvalidateRect
GetDlgItem
EndDialog
SetWindowTextA
DialogBoxParamA
SetWindowTextW

advapi32

StartServiceW
RegOpenKeyExW
ControlService
CreateServiceW
CloseServiceHandle
OpenProcessToken
DeleteService
OpenSCManagerW
OpenServiceW
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
QueryServiceStatus
SetFileSecurityW
AllocateAndInitializeSid
SetEntriesInAclW
RegEnumValueW
GetUserNameW
RegCreateKeyExW
RegNotifyChangeKeyValue
RegCloseKey
FreeSid

shlwapi

PathFindFileNameW
PathMatchSpecW
PathFileExistsW
wnsprintfW
SHDeleteKeyW
PathAppendW
wvnsprintfW
PathIsDirectoryW
PathFindExtensionW
StrNCatW
PathRemoveFileSpecW
StrChrW
SHGetValueW
StrCmpNIW
SHSetValueW
StrChrA
wnsprintfA
wvnsprintfA
StrCatW
StrStrIA
StrStrIW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

psapi

GetProcessImageFileNameW

shell32

ord165

ole32

CoCreateGuid

Exports

Exports

Test

Sections

.text
Size: 351KB - Virtual size: 350KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
poprotect664.sys
.sys windows:6 windows x64 arch:x64

ac4976b0116eee1e3b1ec55e44aaf183

Code Sign

33:00:00:00:62:f4:5c:f9:9e:58:a9:6a:89:00:00:00:00:00:62
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/04/2023, 19:16

Not After

03/04/2024, 19:16

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6b:89:2c:12:18:6b:ef:4e:c8:13:d4:8f:34:8c:8f:ed:55:28:86:8b:9f:2e:b5:cb:10:34:1e:bf:6e:f6:86:79
Signer

Actual PE Digest

6b:89:2c:12:18:6b:ef:4e:c8:13:d4:8f:34:8c:8f:ed:55:28:86:8b:9f:2e:b5:cb:10:34:1e:bf:6e:f6:86:79

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

e:\po\trunk\modules\poprotect\Debug\amd64\poprotect664.pdb

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
ExFreePoolWithTag
KeResetEvent
KeInitializeMutex
RtlInitUnicodeString
KeSetEvent
KeInitializeEvent
KeReleaseMutex
ZwCreateFile
PsCreateSystemThread
ExSystemTimeToLocalTime
ZwQueryValueKey
PsTerminateSystemThread
_vsnwprintf
ZwClose
KeWaitForSingleObject
RtlTimeToTimeFields
ObfDereferenceObject
ZwQueryInformationFile
ZwWriteFile
DbgPrint
PsLookupThreadByThreadId
ZwOpenKey
ZwCreateKey
PsLookupProcessByProcessId
MmGetSystemRoutineAddress
ZwSetValueKey
ObOpenObjectByPointer
PsSetCreateProcessNotifyRoutine
ZwDeleteKey
ZwQueryKey
IoDeleteSymbolicLink
IoDeleteDevice
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
RtlAssert
CmRegisterCallbackEx
PsGetCurrentProcessId
CmCallbackGetKeyObjectID
CmUnRegisterCallback
IoThreadToProcess
PsProcessType
PsThreadType
PsGetProcessId
KeBugCheckEx

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
poprotect664_win7.sys
.sys windows:6 windows x64 arch:x64

ac4976b0116eee1e3b1ec55e44aaf183

Code Sign

01
Certificate

Issuer

CN=Microsoft Authenticode(tm) Root Authority,O=MSFT,C=US

Not Before

01/01/1995, 08:00

Not After

31/12/1999, 23:59

Subject

CN=Microsoft Authenticode(tm) Root Authority,O=MSFT,C=US

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:2d:cc:39:18:5a:9c:0b:9a:4e:98:4b:ba:9b:8e:e3
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

79:ad:16:a1:4a:a0:a5:ad:4c:73:58:f4:07:13:2e:65
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

09/05/2001, 23:19

Not After

09/05/2021, 23:28

Subject

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

72:94:04:10:1f:3e:0c:a3:47:83:7f:ca:17:5a:84:38
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/11/2005, 13:46

Not After

01/11/2025, 13:54

Subject

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

c9:1a:cb:9c:7e:14:f7:48:bd:08:b1:38:01:77:dc:b5:7f:91:1f:01
Signer

Actual PE Digest

c9:1a:cb:9c:7e:14:f7:48:bd:08:b1:38:01:77:dc:b5:7f:91:1f:01

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

e:\po\trunk\modules\poprotect\Debug\amd64\poprotect664.pdb

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
ExFreePoolWithTag
KeResetEvent
KeInitializeMutex
RtlInitUnicodeString
KeSetEvent
KeInitializeEvent
KeReleaseMutex
ZwCreateFile
PsCreateSystemThread
ExSystemTimeToLocalTime
ZwQueryValueKey
PsTerminateSystemThread
_vsnwprintf
ZwClose
KeWaitForSingleObject
RtlTimeToTimeFields
ObfDereferenceObject
ZwQueryInformationFile
ZwWriteFile
DbgPrint
PsLookupThreadByThreadId
ZwOpenKey
ZwCreateKey
PsLookupProcessByProcessId
MmGetSystemRoutineAddress
ZwSetValueKey
ObOpenObjectByPointer
PsSetCreateProcessNotifyRoutine
ZwDeleteKey
ZwQueryKey
IoDeleteSymbolicLink
IoDeleteDevice
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
RtlAssert
CmRegisterCallbackEx
PsGetCurrentProcessId
CmCallbackGetKeyObjectID
CmUnRegisterCallback
IoThreadToProcess
PsProcessType
PsThreadType
PsGetProcessId
KeBugCheckEx

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
poscsaver.exe
.exe windows:5 windows x86 arch:x86

41e00b6fa32009ef34da6e4208049d1e

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:65:f6:ad:bd:22:98:4a:95:1a:09:33:5d:b5:8d:71:5c:80:71:10:94:40:76:28:a7:c6:f7:15:85:c4:d3:ab
Signer

Actual PE Digest

05:65:f6:ad:bd:22:98:4a:95:1a:09:33:5d:b5:8d:71:5c:80:71:10:94:40:76:28:a7:c6:f7:15:85:c4:d3:ab

Digest Algorithm

sha256

PE Digest Matches

true

72:35:11:62:1e:d5:71:66:5b:d0:0d:b2:12:dd:81:f0:83:ff:3b:4e
Signer

Actual PE Digest

72:35:11:62:1e:d5:71:66:5b:d0:0d:b2:12:dd:81:f0:83:ff:3b:4e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\po\trunk\modules\deskmgr\Release\poscsaver.pdb

Imports

kernel32

SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
IsDebuggerPresent
GetFileAttributesW
CloseHandle
Module32NextW
CreateToolhelp32Snapshot
Module32FirstW
lstrlenW
GetModuleFileNameW
lstrcpynW
LocalFree
lstrcmpiW
GetCommandLineW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapFree
HeapAlloc
Sleep
HeapSize
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryA
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
VirtualAlloc
HeapReAlloc
InitializeCriticalSectionAndSpinCount
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
OutputDebugStringW
lstrcpyW
CreateFileA
VirtualQuery
FlushFileBuffers

user32

CreateWindowExW
IsWindow
MessageBoxW
SetWindowPos
DispatchMessageW
DefWindowProcW
UpdateWindow
GetUserObjectInformationW
ShowWindow
ReleaseDC
RegisterClassExW
ShowCursor
TranslateMessage
GetDC
CloseDesktop
GetClientRect
OpenInputDesktop
KillTimer
PostMessageW
PostQuitMessage
GetMessageW
GetSystemMetrics
DestroyWindow
SetTimer
LockWorkStation

gdi32

BitBlt
DeleteDC
CreateDIBSection
DeleteObject
SelectObject
CreateCompatibleDC

shell32

CommandLineToArgvW

gdiplus

GdiplusStartup
GdipCloneImage
GdipCreateFromHDC
GdipFree
GdipDeleteGraphics
GdipDrawImageRectI
GdipLoadImageFromFile
GdiplusShutdown
GdipDisposeImage
GdipAlloc

shlwapi

PathFindFileNameW
StrToIntW
wnsprintfW
wvnsprintfW
StrCatW
PathAppendW
SHGetValueW
StrChrW
StrCmpNIW

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
potdi323.sys
.sys windows:6 windows x86 arch:x86

ebb3ce730688ac60f576ca03bfbdad6e

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

35:27:5f:16:60:79:4c:9c:84:63:98:fb:04:7a:de:59:60:c3:2b:f0
Signer

Actual PE Digest

35:27:5f:16:60:79:4c:9c:84:63:98:fb:04:7a:de:59:60:c3:2b:f0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\po\trunk\modules\powall\driver\Debug\i386\potdi323.pdb

Imports

ntoskrnl.exe

ExFreePoolWithTag
DbgPrint
wcsncmp
memcpy
memmove
strstr
_vsnprintf
_wcsicmp
strncmp
MmGetSystemRoutineAddress
RtlInitUnicodeString
ObfDereferenceObject
ObOpenObjectByPointer
PsLookupProcessByProcessId
RtlAssert
KeTickCount
KeQueryTimeIncrement
ExAllocatePoolWithTag
_allmul
PsGetCurrentProcessId
KeWaitForSingleObject
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
IoGetDeviceObjectPointer
IoCreateSymbolicLink
IoCreateDevice
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
KeBugCheckEx
RtlGetVersion
memset
_alldiv
PsSetCreateProcessNotifyRoutine

hal

KeGetCurrentIrql

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 286B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 254KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
powall32.dll
.dll windows:5 windows x86 arch:x86

a9509763262a9f201daa40ddaf940049

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cd:a7:35:c9:a7:47:c2:69:92:b7:bf:08:92:f6:94:ac:ee:60:d5:c5:5e:73:6d:54:28:c3:40:05:ff:20:21:2d
Signer

Actual PE Digest

cd:a7:35:c9:a7:47:c2:69:92:b7:bf:08:92:f6:94:ac:ee:60:d5:c5:5e:73:6d:54:28:c3:40:05:ff:20:21:2d

Digest Algorithm

sha256

PE Digest Matches

true

1f:1e:94:9f:a8:fd:b1:72:41:c5:e1:21:31:57:c9:09:15:6a:be:ab
Signer

Actual PE Digest

1f:1e:94:9f:a8:fd:b1:72:41:c5:e1:21:31:57:c9:09:15:6a:be:ab

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\powall\Release\powall32.pdb

Imports

kernel32

LocalAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
lstrcpyW
GetProcAddress
lstrcmpW
GetFileAttributesW
CopyFileW
LoadLibraryW
GetModuleHandleW
lstrcpynA
ExpandEnvironmentStringsW
lstrcmpiW
CreateThread
DeleteFileW
DisableThreadLibraryCalls
Sleep
lstrcmpA
CloseHandle
DeviceIoControl
SetFilePointer
OutputDebugStringW
GetWindowsDirectoryW
lstrcpyA
Module32NextW
GetFileAttributesExW
CreateToolhelp32Snapshot
FindNextFileW
lstrcatW
GetModuleHandleA
Process32NextW
Module32FirstW
GetLastError
CreateFileW
lstrcpynW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
HeapReAlloc
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
CreateFileA
FindFirstFileW
lstrlenA
VirtualQuery
GetLogicalDrives
InitializeCriticalSection
OpenProcess
GetVersionExW
ReadFile
GetModuleFileNameW
lstrlenW
GetFileSizeEx
GetCurrentDirectoryW
lstrcmpiA
FindClose
Process32FirstW
QueryDosDeviceW
WriteConsoleW

user32

GetWindowRect
GetWindowTextW
GetDesktopWindow
IsWindow
InvalidateRect
GetWindowTextA
MoveWindow
GetDlgItem
EndDialog
SetWindowTextA
SendMessageW
DialogBoxParamA
LoadIconW
SendMessageA
GetWindowTextLengthA
PostMessageW
SetTimer

iphlpapi

GetExtendedUdpTable
GetExtendedTcpTable
GetAdaptersInfo

ws2_32

htons
ntohl
inet_ntoa
htonl
inet_addr

shlwapi

wvnsprintfA
wnsprintfA
StrChrA
StrCatW
StrCmpNW
StrCmpNIW
SHGetValueW
StrChrW
SHSetValueW
StrStrIA
StrStrW
StrStrIW
StrStrA
PathFileExistsW
PathAppendW
PathMatchSpecW
wnsprintfW
wvnsprintfW
PathIsDirectoryW
PathFindExtensionW
StrNCatW
PathFindFileNameW

psapi

GetProcessImageFileNameW

dnsapi

DnsFree
DnsQuery_A

advapi32

ControlService
CreateServiceW
CloseServiceHandle
DeleteService
OpenSCManagerW
OpenServiceW
StartServiceW
QueryServiceStatus

Exports

Exports

Test

Sections

.text
Size: 421KB - Virtual size: 421KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 545KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
powall64.dll
.dll windows:5 windows x64 arch:x64

d49f52b8151b1b4f1d22ac570f89c9d8

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:ff:34:45:bb:78:ce:39:f0:b2:42:04:61:8a:5f:42:cf:1f:38:74:24:d1:69:e4:06:c2:53:6d:2e:3c:af:0c
Signer

Actual PE Digest

1b:ff:34:45:bb:78:ce:39:f0:b2:42:04:61:8a:5f:42:cf:1f:38:74:24:d1:69:e4:06:c2:53:6d:2e:3c:af:0c

Digest Algorithm

sha256

PE Digest Matches

true

9a:7f:7e:ee:d8:c0:b8:e1:7a:69:c8:4a:f4:40:0d:ac:aa:3b:6c:2f
Signer

Actual PE Digest

9a:7f:7e:ee:d8:c0:b8:e1:7a:69:c8:4a:f4:40:0d:ac:aa:3b:6c:2f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\powall\Release\powall64.pdb

Imports

kernel32

LocalAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
lstrcpyW
GetProcAddress
lstrcmpW
GetFileAttributesW
CopyFileW
LoadLibraryW
GetModuleHandleW
lstrcpynA
ExpandEnvironmentStringsW
lstrcmpiW
CreateThread
DeleteFileW
DisableThreadLibraryCalls
Sleep
lstrcmpA
CloseHandle
DeviceIoControl
SetFilePointer
OutputDebugStringW
GetWindowsDirectoryW
lstrcpyA
Module32NextW
GetFileAttributesExW
CreateToolhelp32Snapshot
FindNextFileW
lstrcatW
GetModuleHandleA
Process32NextW
Module32FirstW
QueryDosDeviceW
GetLastError
CreateFileW
lstrcpynW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapFree
HeapAlloc
HeapReAlloc
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
CreateFileA
FindFirstFileW
lstrlenA
VirtualQuery
GetLogicalDrives
InitializeCriticalSection
OpenProcess
GetVersionExW
ReadFile
GetModuleFileNameW
lstrlenW
GetFileSizeEx
GetCurrentDirectoryW
lstrcmpiA
FindClose
Process32FirstW
WriteConsoleW

user32

GetWindowRect
GetWindowTextW
GetDesktopWindow
IsWindow
InvalidateRect
MoveWindow
GetDlgItem
EndDialog
SetWindowTextA
SendMessageW
DialogBoxParamA
GetWindowTextA
LoadIconW
SendMessageA
GetWindowTextLengthA
PostMessageW
SetTimer

iphlpapi

GetExtendedUdpTable
GetExtendedTcpTable
GetAdaptersInfo

ws2_32

ntohl
inet_ntoa
htons
htonl
inet_addr

shlwapi

wvnsprintfA
wnsprintfA
StrChrA
SHSetValueW
StrCmpNW
StrCmpNIW
SHGetValueW
StrChrW
PathFindFileNameW
StrStrIA
StrStrW
StrStrIW
StrStrA
PathFileExistsW
PathAppendW
PathMatchSpecW
wnsprintfW
wvnsprintfW
PathIsDirectoryW
PathFindExtensionW
StrNCatW
StrCatW

psapi

GetProcessImageFileNameW

dnsapi

DnsFree
DnsQuery_A

advapi32

ControlService
CreateServiceW
CloseServiceHandle
DeleteService
OpenSCManagerW
OpenServiceW
StartServiceW
QueryServiceStatus

Exports

Exports

Test

Sections

.text
Size: 532KB - Virtual size: 532KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 549KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
powfp323.sys
.sys windows:6 windows x86 arch:x86

1345329aa1db494e9486bfdd1a63b1b5

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

83:a5:31:d1:9e:33:e1:da:23:9f:23:8f:f8:ff:4a:66:ce:e6:11:7d
Signer

Actual PE Digest

83:a5:31:d1:9e:33:e1:da:23:9f:23:8f:f8:ff:4a:66:ce:e6:11:7d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\po\trunk\modules\powall\driver\Debug\i386\powfp323.pdb

Imports

ntoskrnl.exe

ObOpenObjectByPointer
PsLookupProcessByProcessId
KeTickCount
KeQueryTimeIncrement
_alldiv
_allmul
ObfDereferenceObject
KeDelayExecutionThread
IoCreateSymbolicLink
IoCreateDevice
IofCompleteRequest
RtlAssert
IoDeleteDevice
IoDeleteSymbolicLink
MmIsAddressValid
KeBugCheckEx
RtlUnwind
RtlInitUnicodeString
MmGetSystemRoutineAddress
strncmp
_wcsicmp
_vsnprintf
strstr
memmove
memcpy
wcsncmp
DbgPrint
ExFreePoolWithTag
ExAllocatePoolWithTag
RtlGetVersion
memset
_aulldiv
PsSetCreateProcessNotifyRoutine

hal

KeGetCurrentIrql

fwpkclnt.sys

FwpmTransactionCommit0
FwpmTransactionAbort0
FwpmFilterDeleteById0
FwpmTransactionBegin0
FwpsCalloutRegister0
FwpmCalloutAdd0
FwpmFilterAdd0
FwpsCalloutUnregisterById0
FwpmEngineOpen0
FwpsFreeCloneNetBufferList0
FwpmEngineClose0
FwpsAllocateCloneNetBufferList0

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
powfp643.sys
.sys windows:6 windows x64 arch:x64

5b09ea1afbd4d79691ffcaafaf67f5ad

Code Sign

33:00:00:00:69:9d:42:c9:76:75:b5:08:82:00:00:00:00:00:69
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/01/2024, 20:09

Not After

10/01/2025, 20:09

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a3:81:ea:08:4a:99:b4:d8:3f:2b:c4:af:b4:4b:f1:17:b7:8c:93:34:fc:2b:fb:55:10:8f:1b:c2:b8:b3:44:ea
Signer

Actual PE Digest

a3:81:ea:08:4a:99:b4:d8:3f:2b:c4:af:b4:4b:f1:17:b7:8c:93:34:fc:2b:fb:55:10:8f:1b:c2:b8:b3:44:ea

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

e:\po\trunk\modules\powall\driver\Debug\amd64\powfp643.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
MmGetSystemRoutineAddress
KeQueryTimeIncrement
ObfDereferenceObject
ObOpenObjectByPointer
PsLookupProcessByProcessId
IoDeleteSymbolicLink
IoDeleteDevice
KeDelayExecutionThread
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
RtlAssert
MmIsAddressValid
KeBugCheckEx
strncmp
DbgPrint
wcsncmp
_vsnprintf
RtlGetVersion
strstr
ExFreePoolWithTag
ExAllocatePoolWithTag
_wcsicmp
PsSetCreateProcessNotifyRoutine
__C_specific_handler

fwpkclnt.sys

FwpsAllocateCloneNetBufferList0
FwpsCalloutUnregisterById0
FwpmTransactionCommit0
FwpmCalloutAdd0
FwpsCalloutRegister0
FwpmTransactionAbort0
FwpmEngineOpen0
FwpmFilterAdd0
FwpmTransactionBegin0
FwpmEngineClose0
FwpmFilterDeleteById0
FwpsFreeCloneNetBufferList0

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
powfp643_win7.sys
.sys windows:6 windows x64 arch:x64

5b09ea1afbd4d79691ffcaafaf67f5ad

Code Sign

01
Certificate

Issuer

CN=Microsoft Authenticode(tm) Root Authority,O=MSFT,C=US

Not Before

01/01/1995, 08:00

Not After

31/12/1999, 23:59

Subject

CN=Microsoft Authenticode(tm) Root Authority,O=MSFT,C=US

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:2d:cc:39:18:5a:9c:0b:9a:4e:98:4b:ba:9b:8e:e3
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

79:ad:16:a1:4a:a0:a5:ad:4c:73:58:f4:07:13:2e:65
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

09/05/2001, 23:19

Not After

09/05/2021, 23:28

Subject

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

72:94:04:10:1f:3e:0c:a3:47:83:7f:ca:17:5a:84:38
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/11/2005, 13:46

Not After

01/11/2025, 13:54

Subject

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

ba:86:93:3e:26:54:db:86:de:db:17:a8:a0:7e:aa:f0:80:09:19:9c
Signer

Actual PE Digest

ba:86:93:3e:26:54:db:86:de:db:17:a8:a0:7e:aa:f0:80:09:19:9c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

e:\po\trunk\modules\powall\driver\Debug\amd64\powfp643.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
MmGetSystemRoutineAddress
KeQueryTimeIncrement
ObfDereferenceObject
ObOpenObjectByPointer
PsLookupProcessByProcessId
IoDeleteSymbolicLink
IoDeleteDevice
KeDelayExecutionThread
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
RtlAssert
MmIsAddressValid
KeBugCheckEx
strncmp
DbgPrint
wcsncmp
_vsnprintf
RtlGetVersion
strstr
ExFreePoolWithTag
ExAllocatePoolWithTag
_wcsicmp
PsSetCreateProcessNotifyRoutine
__C_specific_handler

fwpkclnt.sys

FwpsAllocateCloneNetBufferList0
FwpsCalloutUnregisterById0
FwpmTransactionCommit0
FwpmCalloutAdd0
FwpsCalloutRegister0
FwpmTransactionAbort0
FwpmEngineOpen0
FwpmFilterAdd0
FwpmTransactionBegin0
FwpmEngineClose0
FwpmFilterDeleteById0
FwpsFreeCloneNetBufferList0

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
powol32.dll
.dll windows:5 windows x86 arch:x86

4aa0a9489d282d805adcb196167b2c4a

Code Sign

0f:2d:cc:39:18:5a:9c:0b:9a:4e:98:4b:ba:9b:8e:e3
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:2d:8c:51:24:3c:49:35:1a:b9:89:cc:ef:19:b5:29
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:64:e2:53:bd:d0:4b:91:4d:5c:5d:15:fc:13:d8:85:51:53:71:8b:61:89:c8:fa:93:ee:5d:16:4e:01:e0:51
Signer

Actual PE Digest

0f:64:e2:53:bd:d0:4b:91:4d:5c:5d:15:fc:13:d8:85:51:53:71:8b:61:89:c8:fa:93:ee:5d:16:4e:01:e0:51

Digest Algorithm

sha256

PE Digest Matches

true

eb:30:a7:31:f3:f2:48:a6:f9:19:24:5c:68:9a:c1:d6:00:1c:f6:c1
Signer

Actual PE Digest

eb:30:a7:31:f3:f2:48:a6:f9:19:24:5c:68:9a:c1:d6:00:1c:f6:c1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\powol\Release\powol32.pdb

Imports

kernel32

CloseHandle
GetLocalTime
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
FlushFileBuffers
Sleep
DisableThreadLibraryCalls
lstrcmpA
GetModuleFileNameW
GetProcAddress
GetModuleHandleA
lstrcpyW
CreateThread
lstrcpyA
lstrlenA
VirtualQuery
HeapAlloc
SystemTimeToFileTime
GetCurrentProcess
HeapFree
GetModuleHandleW
GetTickCount
WriteFile
InitializeCriticalSection
WideCharToMultiByte
LeaveCriticalSection
lstrcpynW
TerminateProcess
ReadFile
CreateFileW
GetACP
MultiByteToWideChar
lstrlenW
GetLastError
SetLastError
EnterCriticalSection
LoadLibraryA
Module32FirstW
CreateToolhelp32Snapshot
GetFileAttributesExW
Module32NextW
GetCurrentProcessId
CreateFileA
SetFilePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
HeapReAlloc
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapSize
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
VirtualAlloc
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetLocaleInfoW
GetLocaleInfoA
InterlockedExchange
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode

shlwapi

wnsprintfW
PathAppendW
wvnsprintfW
PathFindFileNameW
wnsprintfA
SHGetValueW
StrChrA
wvnsprintfA

ws2_32

setsockopt
htons
WSAGetLastError
socket
closesocket
sendto

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
powol64.dll
.dll windows:5 windows x64 arch:x64

865bbc8edf938592bae75ab9bfaafee0

Code Sign

0f:2d:cc:39:18:5a:9c:0b:9a:4e:98:4b:ba:9b:8e:e3
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:2d:8c:51:24:3c:49:35:1a:b9:89:cc:ef:19:b5:29
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

27:a5:1c:a9:68:e2:f1:80:e0:b2:7c:d3:a3:01:fd:5c:6c:cf:37:ff:d0:a3:85:72:70:91:d3:cd:4e:69:90:4c
Signer

Actual PE Digest

27:a5:1c:a9:68:e2:f1:80:e0:b2:7c:d3:a3:01:fd:5c:6c:cf:37:ff:d0:a3:85:72:70:91:d3:cd:4e:69:90:4c

Digest Algorithm

sha256

PE Digest Matches

true

b0:f2:44:d3:81:16:e5:1d:ab:30:40:3b:af:fc:9b:bd:db:b4:14:26
Signer

Actual PE Digest

b0:f2:44:d3:81:16:e5:1d:ab:30:40:3b:af:fc:9b:bd:db:b4:14:26

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\powol\Release\powol64.pdb

Imports

kernel32

CloseHandle
GetLocalTime
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
FlushFileBuffers
Sleep
DisableThreadLibraryCalls
lstrcmpA
GetModuleFileNameW
GetProcAddress
GetModuleHandleA
lstrcpyW
CreateThread
lstrcpyA
lstrlenA
VirtualQuery
HeapAlloc
SystemTimeToFileTime
GetCurrentProcess
HeapFree
GetModuleHandleW
GetTickCount
WriteFile
InitializeCriticalSection
WideCharToMultiByte
LeaveCriticalSection
lstrcpynW
TerminateProcess
ReadFile
CreateFileW
GetACP
MultiByteToWideChar
lstrlenW
GetLastError
SetLastError
EnterCriticalSection
LoadLibraryA
Module32FirstW
CreateToolhelp32Snapshot
GetFileAttributesExW
Module32NextW
GetCurrentProcessId
CreateFileA
SetFilePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
HeapReAlloc
GetStdHandle
GetModuleFileNameA
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
HeapSize
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetLocaleInfoW
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode

shlwapi

wnsprintfW
PathAppendW
wvnsprintfW
SHGetValueW
StrChrA
wvnsprintfA
wnsprintfA
PathFindFileNameW

ws2_32

closesocket
sendto
setsockopt
htons
WSAGetLastError
socket

Sections

.text
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
prntmgr32.dll
.dll windows:5 windows x86 arch:x86

7bec2c76667e618be07080675f25c22c

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b0:65:48:39:38:3f:d6:75:d9:ae:4b:54:8a:a8:7e:93:0c:ca:41:03:68:76:4a:5d:6a:51:12:53:63:ae:a0:2c
Signer

Actual PE Digest

b0:65:48:39:38:3f:d6:75:d9:ae:4b:54:8a:a8:7e:93:0c:ca:41:03:68:76:4a:5d:6a:51:12:53:63:ae:a0:2c

Digest Algorithm

sha256

PE Digest Matches

true

02:c9:4a:a3:48:55:9f:44:1b:86:81:5b:34:1c:40:b0:19:f8:4a:7d
Signer

Actual PE Digest

02:c9:4a:a3:48:55:9f:44:1b:86:81:5b:34:1c:40:b0:19:f8:4a:7d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\prntmgr\Release\prntmgr32.pdb

Imports

kernel32

GetLocalTime
GetComputerNameW
Sleep
CreateThread
DisableThreadLibraryCalls
GetModuleFileNameW
lstrcmpA
CloseHandle
lstrcatW
lstrcmpiW
EnterCriticalSection
lstrcmpiA
SetLastError
GetCurrentDirectoryW
GetLastError
GetTempPathW
lstrlenW
lstrcpynW
LeaveCriticalSection
InitializeCriticalSection
GetCurrentThread
GetTickCount
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LoadLibraryExA
LoadLibraryExW
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
ResumeThread
VirtualProtect
InterlockedCompareExchange
SetFilePointer
GetWindowsDirectoryW
lstrcpyA
lstrcpyW
LocalFree
DeleteFileW
OutputDebugStringW
lstrlenA
Module32NextW
GetFileAttributesExW
CreateToolhelp32Snapshot
GetModuleHandleA
Process32NextW
Module32FirstW
ProcessIdToSessionId
Process32FirstW
CreateFileW
ReadFile
GetFileAttributesW
OpenProcess
CreateProcessW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
HeapAlloc
HeapFree
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
CreateFileA
VirtualQuery
lstrcpynA
WriteConsoleW

user32

GetDC
GetMessageW
PostQuitMessage
LoadCursorW
CallNextHookEx
TranslateMessage
RegisterClassExW
LoadIconW
IsWindow
CreateWindowExW
DispatchMessageA
SetWindowsHookExW
UpdateWindow
DefWindowProcW

gdi32

GetObjectA
GetStockObject
GetDeviceCaps

winspool.drv

EnumPrintersW

advapi32

SetEntriesInAclW
FreeSid
RegOpenKeyExW
OpenProcessToken
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumValueW
SetFileSecurityW
AllocateAndInitializeSid
GetUserNameW
RevertToSelf
ImpersonateLoggedOnUser
RegCloseKey

shlwapi

StrCatW
wvnsprintfA
wnsprintfA
StrChrA
SHSetValueW
PathFindExtensionW
PathFindFileNameW
StrStrIW
PathFileExistsW
PathAppendW
wnsprintfW
wvnsprintfW
PathIsDirectoryW
SHGetValueA
PathRemoveFileSpecW
StrChrW
SHGetValueW

ws2_32

socket
sendto
WSAStartup

wtsapi32

WTSQueryUserToken

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

gdiplus

GdipCloneBrush
GdipDeleteGraphics
GdipCreateTexture
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateFromHDC
GdipFillRectangleI
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipGraphicsClear
GdipCreateSolidFill
GdipDrawImageI
GdipDisposeImage
GdipCloneImage
GdipGetImageWidth
GdipFillEllipseI
GdipScaleWorldTransform
GdipSetInterpolationMode
GdipCreateFontFromLogfontA
GdipMeasureString
GdipSetStringFormatLineAlign
GdipSetTextRenderingHint
GdipDeleteFont
GdipSetStringFormatAlign
GdipSetSmoothingMode
GdipSetPageUnit
GdipTranslateTextureTransform
GdipDeleteFontFamily
GdipCreateFont
GdipRotateWorldTransform
GdipResetWorldTransform
GdipGetGenericFontFamilySansSerif
GdipDrawImagePointRect
GdipDrawString
GdipTranslateWorldTransform
GdipCreateFontFamilyFromName
GdipCreateLineBrushI
GdipCreateStringFormat
GdipDeleteStringFormat
GdipCreateFontFromDC
GdipDrawImageRectI
GdipLoadImageFromFile
GdipDrawImageRectRectI
GdiplusStartup

shell32

ord165
SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CoTaskMemFree
CoCreateGuid

Sections

.text
Size: 337KB - Virtual size: 337KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
prntmgr64.dll
.dll windows:5 windows x64 arch:x64

0a18b2a067b19b3cf743ef82cc332014

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4b:d4:8d:37:3f:1f:55:ab:a5:a7:18:da:82:63:ff:93:2b:f0:2f:37:c5:5d:49:96:97:51:d8:54:a5:3d:09:dd
Signer

Actual PE Digest

4b:d4:8d:37:3f:1f:55:ab:a5:a7:18:da:82:63:ff:93:2b:f0:2f:37:c5:5d:49:96:97:51:d8:54:a5:3d:09:dd

Digest Algorithm

sha256

PE Digest Matches

true

38:4e:fb:6b:0a:9c:ef:78:b9:a5:95:db:2c:b4:49:ac:d3:00:e3:d5
Signer

Actual PE Digest

38:4e:fb:6b:0a:9c:ef:78:b9:a5:95:db:2c:b4:49:ac:d3:00:e3:d5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\prntmgr\Release\prntmgr64.pdb

Imports

kernel32

GetLocalTime
GetComputerNameW
Sleep
CreateThread
DisableThreadLibraryCalls
GetModuleFileNameW
lstrcmpA
CloseHandle
lstrcatW
lstrcmpiW
EnterCriticalSection
lstrcmpiA
SetLastError
GetCurrentDirectoryW
GetLastError
GetTempPathW
lstrlenW
lstrcpynW
LeaveCriticalSection
InitializeCriticalSection
GetCurrentThread
GetTickCount
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LoadLibraryExA
LoadLibraryExW
VirtualAlloc
SuspendThread
VirtualFree
GetThreadContext
SetThreadContext
FlushInstructionCache
ResumeThread
VirtualProtect
SetFilePointer
GetWindowsDirectoryW
lstrcpyA
lstrcpyW
LocalFree
OutputDebugStringW
lstrlenA
DeleteFileW
Module32NextW
GetFileAttributesExW
CreateToolhelp32Snapshot
GetModuleHandleA
Process32NextW
Module32FirstW
ProcessIdToSessionId
Process32FirstW
CreateFileW
ReadFile
GetFileAttributesW
OpenProcess
CreateProcessW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
HeapAlloc
HeapFree
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
HeapSize
GetModuleHandleW
GetProcAddress
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapReAlloc
FreeLibrary
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
CreateFileA
VirtualQuery
lstrcpynA
WriteConsoleW

user32

GetDC
GetMessageW
PostQuitMessage
LoadCursorW
CallNextHookEx
TranslateMessage
RegisterClassExW
LoadIconW
IsWindow
CreateWindowExW
DispatchMessageA
SetWindowsHookExW
UpdateWindow
DefWindowProcW

gdi32

GetObjectA
GetStockObject
GetDeviceCaps

winspool.drv

EnumPrintersW

advapi32

SetEntriesInAclW
FreeSid
RegOpenKeyExW
OpenProcessToken
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumValueW
SetFileSecurityW
AllocateAndInitializeSid
GetUserNameW
RevertToSelf
ImpersonateLoggedOnUser
RegCloseKey

shlwapi

StrCatW
wvnsprintfA
wnsprintfA
StrChrA
SHSetValueW
PathFindExtensionW
PathFindFileNameW
StrStrIW
PathFileExistsW
PathAppendW
wnsprintfW
wvnsprintfW
PathIsDirectoryW
SHGetValueA
PathRemoveFileSpecW
StrChrW
SHGetValueW

ws2_32

socket
sendto
WSAStartup

wtsapi32

WTSQueryUserToken

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

gdiplus

GdipCloneBrush
GdipDeleteGraphics
GdipCreateTexture
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateFromHDC
GdipFillRectangleI
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipGraphicsClear
GdipCreateSolidFill
GdipDrawImageI
GdipDisposeImage
GdipCloneImage
GdipGetImageWidth
GdipFillEllipseI
GdipScaleWorldTransform
GdipSetInterpolationMode
GdipCreateFontFromLogfontA
GdipMeasureString
GdipSetStringFormatLineAlign
GdipSetTextRenderingHint
GdipDeleteFont
GdipSetStringFormatAlign
GdipSetSmoothingMode
GdipSetPageUnit
GdipTranslateTextureTransform
GdipDeleteFontFamily
GdipCreateFont
GdipRotateWorldTransform
GdipResetWorldTransform
GdipGetGenericFontFamilySansSerif
GdipDrawImagePointRect
GdipDrawString
GdipTranslateWorldTransform
GdipCreateFontFamilyFromName
GdipCreateLineBrushI
GdipCreateStringFormat
GdipDeleteStringFormat
GdipCreateFontFromDC
GdipDrawImageRectI
GdipLoadImageFromFile
GdipDrawImageRectRectI
GdiplusStartup

shell32

ord165
SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CoTaskMemFree
CoCreateGuid

Sections

.text
Size: 451KB - Virtual size: 451KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
procmgr32.dll
.dll windows:5 windows x86 arch:x86

1276c70a2f1ba42288379f286af7f635

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2f:c4:51:46:a2:df:1a:93:75:bf:35:3a:f4:24:99:53:16:95:d7:47:4d:66:5b:0d:94:2d:af:21:33:ed:91:9b
Signer

Actual PE Digest

2f:c4:51:46:a2:df:1a:93:75:bf:35:3a:f4:24:99:53:16:95:d7:47:4d:66:5b:0d:94:2d:af:21:33:ed:91:9b

Digest Algorithm

sha256

PE Digest Matches

true

f8:30:9a:fc:07:84:44:72:27:ed:da:b5:bb:09:32:3a:4d:fd:3c:37
Signer

Actual PE Digest

f8:30:9a:fc:07:84:44:72:27:ed:da:b5:bb:09:32:3a:4d:fd:3c:37

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\procmgr\Release\procmgr32.pdb

Imports

kernel32

GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
lstrlenA
lstrlenW
GetTickCount
CreateThread
CreateEventW
SetEvent
TerminateProcess
FileTimeToLocalFileTime
GetWindowsDirectoryW
GetLocalTime
FileTimeToSystemTime
OpenProcess
GetProcessTimes
SystemTimeToFileTime
DisableThreadLibraryCalls
lstrcmpA
LocalFree
CloseHandle
lstrcmpiW
SetLastError
GetFileSizeEx
GetTempPathW
CreateFileW
ReadFile
Sleep
OutputDebugStringW
WaitForSingleObject
lstrcpyW
DeleteFileW
DeleteCriticalSection
EnterCriticalSection
GetLastError
GetFileAttributesW
SetFilePointer
lstrcpyA
Module32NextW
OpenEventW
GetFileAttributesExW
CreateToolhelp32Snapshot
lstrcatW
GetModuleHandleA
Process32NextW
Module32FirstW
QueryDosDeviceW
ProcessIdToSessionId
Process32FirstW
GetModuleFileNameW
lstrcpynW
GetVersionExW
LeaveCriticalSection
CopyFileW
InitializeCriticalSection
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
HeapReAlloc
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
CreateFileA
VirtualQuery
lstrcpynA
CreateProcessW
GetLogicalDrives
WriteConsoleW

user32

SendMessageTimeoutW
EnumWindows
GetWindowRect
GetForegroundWindow
EnumChildWindows
IsWindow
GetWindowThreadProcessId

advapi32

RegCreateKeyExW
RegOpenKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ImpersonateLoggedOnUser
SetFileSecurityW
AllocateAndInitializeSid
SetEntriesInAclW
RegEnumValueW
FreeSid
RegEnumKeyExW
RevertToSelf
GetUserNameW

shell32

CommandLineToArgvW
ord165

msi

ord159
ord92
ord74
ord32
ord118
ord8
ord232
ord160

wtsapi32

WTSQueryUserToken

shlwapi

StrStrW
PathIsDirectoryW
SHSetValueW
SHGetValueW
PathMatchSpecW
SHDeleteKeyW
PathAppendW
wnsprintfW
PathFindFileNameW
StrCatW
wnsprintfA
StrChrA
StrCmpNIW
PathRemoveFileSpecW
wvnsprintfW
wvnsprintfA
StrNCatW
StrStrIW
PathFileExistsW

sqlcipher32

sqlite3_exec
sqlite3_close
sqlite3_open

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

psapi

GetProcessImageFileNameW

ole32

CoSetProxyBlanket
CoCreateGuid
CoCreateInstance
CoInitializeEx

oleaut32

VariantInit
VariantClear

Sections

.text
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
procmgr64.dll
.dll windows:5 windows x64 arch:x64

fe7baa44a552fa736335b61ada3928eb

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

97:df:12:81:14:ed:71:85:23:41:e6:84:d8:c3:93:ef:b1:ca:05:2d:40:b0:94:f7:dc:fd:60:8f:19:7d:43:ca
Signer

Actual PE Digest

97:df:12:81:14:ed:71:85:23:41:e6:84:d8:c3:93:ef:b1:ca:05:2d:40:b0:94:f7:dc:fd:60:8f:19:7d:43:ca

Digest Algorithm

sha256

PE Digest Matches

true

7d:8b:8c:3c:06:13:34:0d:88:38:fc:2e:1c:b2:b5:ce:58:3c:7e:32
Signer

Actual PE Digest

7d:8b:8c:3c:06:13:34:0d:88:38:fc:2e:1c:b2:b5:ce:58:3c:7e:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\procmgr\Release\procmgr64.pdb

Imports

kernel32

GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
lstrlenA
lstrlenW
GetTickCount
CreateThread
CreateEventW
SetEvent
TerminateProcess
FileTimeToLocalFileTime
GetWindowsDirectoryW
GetLocalTime
FileTimeToSystemTime
OpenProcess
GetProcessTimes
SystemTimeToFileTime
DisableThreadLibraryCalls
lstrcmpA
LocalFree
CloseHandle
lstrcmpiW
SetLastError
GetFileSizeEx
GetTempPathW
CreateFileW
ReadFile
Sleep
OutputDebugStringW
WaitForSingleObject
lstrcpyW
DeleteFileW
DeleteCriticalSection
EnterCriticalSection
GetLastError
GetFileAttributesW
SetFilePointer
lstrcpyA
Module32NextW
OpenEventW
GetFileAttributesExW
CreateToolhelp32Snapshot
lstrcatW
GetModuleHandleA
Process32NextW
Module32FirstW
QueryDosDeviceW
ProcessIdToSessionId
Process32FirstW
GetModuleFileNameW
lstrcpynW
GetVersionExW
LeaveCriticalSection
CopyFileW
InitializeCriticalSection
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapFree
HeapAlloc
HeapReAlloc
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
HeapSize
GetModuleHandleW
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
CreateFileA
VirtualQuery
lstrcpynA
CreateProcessW
GetLogicalDrives
WriteConsoleW

user32

SendMessageTimeoutW
EnumWindows
GetWindowRect
GetForegroundWindow
EnumChildWindows
IsWindow
GetWindowThreadProcessId

advapi32

RegCreateKeyExW
RegOpenKeyW
RegQueryInfoKeyW
RegOpenKeyExW
OpenProcessToken
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetUserNameW
SetFileSecurityW
AllocateAndInitializeSid
SetEntriesInAclW
RegEnumValueW
FreeSid
RegEnumKeyExW
RevertToSelf
ImpersonateLoggedOnUser
RegCloseKey

shell32

CommandLineToArgvW
ord165

msi

ord159
ord92
ord8
ord74
ord32
ord118
ord232
ord160

wtsapi32

WTSQueryUserToken

shlwapi

PathIsDirectoryW
SHSetValueW
SHGetValueW
PathMatchSpecW
StrStrW
SHDeleteKeyW
PathAppendW
wnsprintfW
PathFindFileNameW
StrCatW
wnsprintfA
StrChrA
StrCmpNIW
PathRemoveFileSpecW
StrNCatW
wvnsprintfW
wvnsprintfA
StrStrIW
PathFileExistsW

sqlcipher64

sqlite3_exec
sqlite3_close
sqlite3_open

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

psapi

GetProcessImageFileNameW

ole32

CoCreateGuid
CoCreateInstance
CoInitializeEx
CoSetProxyBlanket

oleaut32

VariantInit
VariantClear

Sections

.text
Size: 455KB - Virtual size: 454KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
protocolfilters.dll
.dll windows:6 windows x86 arch:x86

5d803c2873f2962fc2918f6bc0878e1e

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a5:ad:61:64:34:64:26:b6:0e:9c:27:1b:7b:d9:06:f7:cb:e6:b5:4c:0d:9c:ff:76:58:c1:d2:6e:9d:28:bf:7d
Signer

Actual PE Digest

a5:ad:61:64:34:64:26:b6:0e:9c:27:1b:7b:d9:06:f7:cb:e6:b5:4c:0d:9c:ff:76:58:c1:d2:6e:9d:28:bf:7d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\projects\projectsJ\nfsdk2_1.6\protocolfilters\build\release_demo\win32\protocolfilters.pdb

Imports

kernel32

ProcessIdToSessionId
FreeLibrary
GetVersion
LoadLibraryA
CreateEventA
CreateMutexA
SetEvent
GetLastError
GetFileAttributesW
DeleteFileW
CreateDirectoryW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
OpenProcess
QueryPerformanceFrequency
QueryPerformanceCounter
GetTempFileNameW
CreateProcessW
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
CloseHandle
GetShortPathNameW
FindNextFileW
FindFirstFileW
FindClose
GetProcAddress
ExpandEnvironmentStringsW
GetFileAttributesExW
LoadLibraryW
OutputDebugStringW
CreateFileW
WriteConsoleW
GetTimeZoneInformation
SetConsoleCtrlHandler
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
FlushFileBuffers
HeapSize
AreFileApisANSI
GetModuleHandleExW
ExitProcess
SetStdHandle
GetCurrentProcessId
GetModuleFileNameW
GetConsoleCP
WriteFile
GetFileType
GetStdHandle
SetFilePointerEx
SetFilePointer
ReadConsoleW
GetConsoleMode
GetOEMCP
GetACP
IsValidCodePage
GetCurrentThread
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
CreateSemaphoreW
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
FatalAppExitA
InitializeCriticalSectionAndSpinCount
GetCommandLineA
GetSystemTimeAsFileTime
MoveFileExW
LoadLibraryExW
ExitThread
GetCurrentThreadId
CreateThread
HeapReAlloc
GetProcessHeap
HeapFree
HeapAlloc
SetEndOfFile
GetTempPathA
ReadFile
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwind
RaiseException
GetStringTypeW
MultiByteToWideChar
DecodePointer
EncodePointer
InterlockedExchange
Sleep
WideCharToMultiByte
SetEnvironmentVariableA

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
GetTokenInformation
LookupAccountSidA
LookupAccountSidW
DuplicateTokenEx
ImpersonateLoggedOnUser
RevertToSelf
RegEnumKeyExW

crypt32

CertCloseStore
CertFreeCertificateContext
CertAddEncodedCertificateToStore
CertEnumCertificatesInStore
CertSetCertificateContextProperty
CertOpenSystemStoreA
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertFindCertificateInStore
CertAddCertificateContextToStore
CertOpenStore
PFXExportCertStoreEx

libssl-3

SSL_CTX_set_security_level
SSL_CTX_enable_ct
SSL_set_accept_state
SSL_set_connect_state
TLS_client_method
TLS_server_method
SSL_free
SSL_new
SSL_CTX_get_default_passwd_cb_userdata
SSL_CTX_get_default_passwd_cb
SSL_CTX_use_certificate
SSL_CTX_use_PrivateKey
SSL_set_bio
SSL_CTX_new
SSL_CTX_set_options
SSL_get0_peer_scts
SSL_get_session
SSL_client_version
SSL_version
SSL_get_shutdown
SSL_shutdown
SSL_renegotiate_pending
SSL_renegotiate
SSL_do_handshake
SSL_get_ciphers
SSL_get_error
SSL_CTX_callback_ctrl
SSL_CTX_ctrl
SSL_ctrl
SSL_write
SSL_read
SSL_connect
SSL_accept
SSL_get_peer_cert_chain
SSL_get1_peer_certificate
SSL_set_session
SSL_set_verify
SSL_set_cipher_list
SSL_CIPHER_get_name
SSL_CTX_set_cipher_list
SSL_is_init_finished
SSL_get_servername
SSL_get0_alpn_selected
SSL_CTX_set_alpn_select_cb
SSL_set_alpn_protos
SSL_select_next_proto
SSL_CTX_set_client_cert_cb
OPENSSL_init_ssl
SSL_get1_session
SSL_SESSION_free
SSL_CTX_free
SSL_CTX_up_ref

libcrypto-3

X509_STORE_free
X509_STORE_CTX_new
X509_STORE_CTX_free
X509_STORE_CTX_init
X509_STORE_add_cert
X509_STORE_load_locations
X509_STORE_CTX_get_error
X509_verify_cert_error_string
X509_sign
X509_digest
X509_cmp_time
X509_gmtime_adj
X509_EXTENSION_free
X509_new
EVP_sha256
X509_get_signature_nid
X509_NAME_oneline
X509_set_version
X509_set_serialNumber
X509_get_serialNumber
X509_set_issuer_name
X509_get_issuer_name
X509_set_subject_name
X509_get_subject_name
X509_getm_notBefore
X509_set1_notBefore
X509_getm_notAfter
X509_set1_notAfter
X509_set_pubkey
X509_NAME_get_index_by_NID
X509_NAME_get_entry
X509_NAME_delete_entry
X509_NAME_add_entry_by_txt
X509_NAME_ENTRY_get_data
X509_get_ext_by_NID
X509_get_ext
X509_delete_ext
X509_add_ext
X509_get_ext_d2i
X509_find_by_subject
PEM_write_bio_X509_AUX
X509V3_EXT_conf_nid
X509_STORE_new
AES_set_encrypt_key
AES_set_decrypt_key
AES_cbc_encrypt
OCSP_cert_to_id
OCSP_response_status
OCSP_response_get1_basic
OCSP_resp_get0_certs
OCSP_resp_find_status
OCSP_check_validity
OCSP_basic_add1_cert
OCSP_BASICRESP_free
OCSP_basic_verify
OPENSSL_sk_pop_free
BIO_write
OBJ_obj2nid
EVP_PKEY_get_id
EVP_PKEY_get_bits
EVP_PKEY_CTX_new
EVP_PKEY_CTX_free
EVP_PKEY_param_check
PKCS7_free
X509_NAME_get_text_by_NID
PKCS8_PRIV_KEY_INFO_free
EVP_PKCS82PKEY
ERR_get_error
ERR_error_string
PKCS12_SAFEBAG_get_nid
PKCS12_SAFEBAG_get_bag_nid
PKCS12_SAFEBAG_get1_cert
PKCS12_SAFEBAG_get0_safes
PKCS12_SAFEBAG_get0_p8inf
PKCS12_decrypt_skey
PKCS12_unpack_p7data
PKCS12_unpack_p7encdata
PKCS12_unpack_authsafes
PKCS12_free
PKCS12_SAFEBAG_free
d2i_PKCS12_bio
BIO_f_buffer
PEM_read_bio_X509
PEM_read_bio_PrivateKey
X509_verify_cert
EVP_PKEY_Q_keygen
i2d_PrivateKey
d2i_AutoPrivateKey
EVP_PKEY_free
EVP_PKEY_dup
X509V3_set_ctx
EVP_get_digestbyname
EVP_sha1
OBJ_nid2sn
ASN1_STRING_to_UTF8
BN_to_ASN1_INTEGER
i2a_ASN1_INTEGER
BN_free
BN_new
BN_pseudo_rand
BIO_free_all
BIO_new_file
CRYPTO_free
CRYPTO_malloc
OPENSSL_sk_push
OPENSSL_sk_free
OPENSSL_sk_new_null
OPENSSL_sk_value
OPENSSL_sk_num
PEM_write_bio_X509
d2i_X509
X509_free
BIO_s_mem
BIO_ctrl
BIO_read
BIO_free
BIO_new
i2d_X509

ws2_32

WSAStartup
htons
ntohs
ntohl
htonl
WSAAddressToStringA
WSACleanup

Exports

Exports

?PFObject_create@ProtocolFilters@@YAPAVPFObject@1@HH@Z
?pf_addFilter@ProtocolFilters@@YAH_KW4_PF_FilterType@1@KW4_PF_OpTarget@1@1@Z
?pf_canDisableFiltering@ProtocolFilters@@YAH_K@Z
?pf_deleteExceptions@ProtocolFilters@@YAXW4_eEXCEPTION_CLASS@1@@Z
?pf_deleteFilter@ProtocolFilters@@YAH_KW4_PF_FilterType@1@@Z
?pf_free@ProtocolFilters@@YAXXZ
?pf_getFilterCount@ProtocolFilters@@YAH_K@Z
?pf_getNFEventHandler@ProtocolFilters@@YAPAVNF_EventHandler@nfapi@@XZ
?pf_getProcessOwnerA@ProtocolFilters@@YAHKPADH@Z
?pf_getProcessOwnerW@ProtocolFilters@@YAHKPA_WH@Z
?pf_getRootSSLCertFileName@ProtocolFilters@@YAHPA_WH@Z
?pf_importCompleted@ProtocolFilters@@YAHXZ
?pf_init@ProtocolFilters@@YAHPAVPFEvents@1@PB_W@Z
?pf_isFilterActive@ProtocolFilters@@YAH_KW4_PF_FilterType@1@@Z
?pf_loadCAStore@ProtocolFilters@@YAHPBD@Z
?pf_postObject@ProtocolFilters@@YAH_KPAVPFObject@1@@Z
?pf_setExceptionsTimeout@ProtocolFilters@@YAXW4_eEXCEPTION_CLASS@1@_K@Z
?pf_setRootSSLCertImportFlags@ProtocolFilters@@YAXK@Z
?pf_setRootSSLCertSubject@ProtocolFilters@@YAXPBD@Z
?pf_setRootSSLCertSubjectEx@ProtocolFilters@@YAXPBD0H0H@Z
?pf_startLog@ProtocolFilters@@YAHPBD@Z
?pf_stopLog@ProtocolFilters@@YAXXZ
?pf_unzipStream@ProtocolFilters@@YAHPAVPFStream@1@@Z
?pf_waitForImportCompletion@ProtocolFilters@@YAXXZ

Sections

.text
Size: 772KB - Virtual size: 772KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rptcache32.dll
.dll windows:5 windows x86 arch:x86

bbcfa51e5487a88c6a876787b75fdb50

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ee:5e:40:6c:90:b8:37:f0:65:74:e8:4a:74:b0:29:0c:84:9d:73:a6:b3:af:f3:c7:6b:6d:ab:c1:75:ad:98:41
Signer

Actual PE Digest

ee:5e:40:6c:90:b8:37:f0:65:74:e8:4a:74:b0:29:0c:84:9d:73:a6:b3:af:f3:c7:6b:6d:ab:c1:75:ad:98:41

Digest Algorithm

sha256

PE Digest Matches

true

de:af:28:09:68:6a:4b:d1:0d:50:36:b5:d7:f1:b0:52:5a:2c:ef:7d
Signer

Actual PE Digest

de:af:28:09:68:6a:4b:d1:0d:50:36:b5:d7:f1:b0:52:5a:2c:ef:7d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\rptcache\Release\rptcache32.pdb

Imports

kernel32

GetLastError
CopyFileW
DeleteFileW
CloseHandle
GetLocalTime
EnterCriticalSection
lstrcmpW
LeaveCriticalSection
Sleep
InitializeCriticalSection
WaitForSingleObject
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
FlushFileBuffers
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
InterlockedExchange
GetLocaleInfoA
GetLocaleInfoW
lstrlenA
DisableThreadLibraryCalls
lstrcmpA
CreateFileA
FindFirstFileW
VirtualQuery
HeapAlloc
SystemTimeToFileTime
GetCurrentProcess
HeapFree
SetEvent
GetModuleHandleW
GetTickCount
WriteFile
WideCharToMultiByte
lstrcpynW
GetFileAttributesW
TerminateProcess
FileTimeToSystemTime
ReadFile
GetModuleFileNameW
CreateFileW
GetACP
MultiByteToWideChar
lstrlenW
GetCurrentDirectoryW
SetLastError
GetProcAddress
FindClose
LoadLibraryA
CreateEventW
RemoveDirectoryW
Module32FirstW
GetModuleHandleA
FindNextFileW
CreateToolhelp32Snapshot
GetFileAttributesExW
OpenEventW
Module32NextW
FileTimeToLocalFileTime
GetCurrentProcessId
LocalFree
lstrcpyW
SetFileAttributesW
lstrcpyA
GetCurrentThreadId
CreateThread
GetWindowsDirectoryW
SetFilePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
RaiseException
RtlUnwind
HeapReAlloc
GetSystemTimeAsFileTime
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
GetStdHandle
GetModuleFileNameA
HeapSize
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
VirtualAlloc
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyW
RegDeleteValueW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegSetKeySecurity
FreeSid
RegEnumValueW
SetEntriesInAclW
AllocateAndInitializeSid
SetFileSecurityW
RegCreateKeyExW

shlwapi

wnsprintfW
SHDeleteValueW
PathFileExistsW
SHDeleteKeyW
StrStrIW
PathFindFileNameW
PathAppendW
SHGetValueW
SHSetValueW
StrChrA
wnsprintfA
wvnsprintfA
StrCatBuffW
SHGetValueA
PathIsDirectoryW
wvnsprintfW

ws2_32

WSAGetLastError
recvfrom
WSAStartup
bind
socket

shell32

SHGetSpecialFolderLocation
ord165
SHGetPathFromIDListW

ole32

CoCreateGuid
CoTaskMemFree

Sections

.text
Size: 235KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rptcache64.dll
.dll windows:5 windows x64 arch:x64

2c3df3d94827569b7474b4b747d0e3cc

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f0:2e:4e:14:be:26:0b:1f:de:5b:70:9c:cc:4a:4e:b7:4f:17:8b:49:90:04:87:53:14:56:1a:a9:f4:bc:3d:76
Signer

Actual PE Digest

f0:2e:4e:14:be:26:0b:1f:de:5b:70:9c:cc:4a:4e:b7:4f:17:8b:49:90:04:87:53:14:56:1a:a9:f4:bc:3d:76

Digest Algorithm

sha256

PE Digest Matches

true

05:7a:f0:07:6b:df:a2:6c:04:4b:62:7e:6e:50:bf:db:33:0a:14:e7
Signer

Actual PE Digest

05:7a:f0:07:6b:df:a2:6c:04:4b:62:7e:6e:50:bf:db:33:0a:14:e7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\rptcache\Release\rptcache64.pdb

Imports

kernel32

GetLastError
CopyFileW
DeleteFileW
CloseHandle
GetLocalTime
EnterCriticalSection
lstrcmpW
LeaveCriticalSection
Sleep
InitializeCriticalSection
WaitForSingleObject
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
FlushFileBuffers
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetLocaleInfoW
LCMapStringW
lstrlenA
DisableThreadLibraryCalls
lstrcmpA
CreateFileA
FindFirstFileW
VirtualQuery
HeapAlloc
SystemTimeToFileTime
GetCurrentProcess
HeapFree
SetEvent
GetModuleHandleW
GetTickCount
WriteFile
WideCharToMultiByte
lstrcpynW
GetFileAttributesW
TerminateProcess
FileTimeToSystemTime
ReadFile
GetModuleFileNameW
CreateFileW
GetACP
MultiByteToWideChar
lstrlenW
GetCurrentDirectoryW
SetLastError
GetProcAddress
FindClose
LoadLibraryA
CreateEventW
RemoveDirectoryW
Module32FirstW
GetModuleHandleA
FindNextFileW
CreateToolhelp32Snapshot
GetFileAttributesExW
OpenEventW
Module32NextW
FileTimeToLocalFileTime
GetCurrentProcessId
LocalFree
lstrcpyW
SetFileAttributesW
lstrcpyA
GetCurrentThreadId
CreateThread
GetWindowsDirectoryW
SetFilePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
HeapReAlloc
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
GetStdHandle
GetModuleFileNameA
HeapSize
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyW
RegDeleteValueW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegSetKeySecurity
FreeSid
RegEnumValueW
SetEntriesInAclW
AllocateAndInitializeSid
SetFileSecurityW
RegCreateKeyExW

shlwapi

wnsprintfW
SHDeleteValueW
PathFileExistsW
SHDeleteKeyW
StrStrIW
PathFindFileNameW
PathAppendW
wvnsprintfW
PathIsDirectoryW
SHGetValueW
SHSetValueW
StrChrA
wnsprintfA
wvnsprintfA
StrCatBuffW
SHGetValueA

ws2_32

recvfrom
WSAStartup
WSAGetLastError
bind
socket

shell32

ord165
SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CoCreateGuid
CoTaskMemFree

Sections

.text
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rtfile32.dll
.dll windows:5 windows x86 arch:x86

e1c77070a91b1064d146d43b4cae9d30

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:e8:5a:2a:68:1a:57:57:17:89:fe:9a:ba:4c:7f:79:e5:73:e8:ff:67:fc:87:aa:ca:11:72:af:19:61:9b:99
Signer

Actual PE Digest

6d:e8:5a:2a:68:1a:57:57:17:89:fe:9a:ba:4c:7f:79:e5:73:e8:ff:67:fc:87:aa:ca:11:72:af:19:61:9b:99

Digest Algorithm

sha256

PE Digest Matches

true

56:79:2e:96:b7:5c:fb:fb:28:68:fc:eb:16:cc:16:69:14:81:65:74
Signer

Actual PE Digest

56:79:2e:96:b7:5c:fb:fb:28:68:fc:eb:16:cc:16:69:14:81:65:74

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\po\trunk\modules\rtfile\Release\rtfile32.pdb

Imports

kernel32

GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateThread
GetVolumeInformationW
FileTimeToLocalFileTime
GetWindowsDirectoryW
CloseHandle
GetCurrentThreadId
GetFileAttributesExW
GetModuleHandleA
lstrcmpiW
CreateEventW
LoadLibraryA
ResetEvent
EnterCriticalSection
GetProcAddress
FileTimeToSystemTime
lstrcpynW
LeaveCriticalSection
InitializeCriticalSection
GetLogicalDrives
SetEvent
WaitForSingleObject
GetDriveTypeW
DisableThreadLibraryCalls
lstrcmpA
DeleteFileW
GetFileSize
SetFilePointer
MoveFileExW
SetFileAttributesW
LocalFree
Module32NextW
OpenEventW
CreateToolhelp32Snapshot
FindNextFileW
lstrcatW
GetLastError
GetFileAttributesW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
RaiseException
RtlUnwind
HeapAlloc
HeapFree
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
InterlockedExchange
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetModuleFileNameW
lstrlenW
lstrcpyW
lstrcpyA
GetTempFileNameW
CreateFileA
FindFirstFileW
VirtualQuery
lstrcpynA
SetEndOfFile
GetDriveTypeA
OpenProcess
LoadLibraryW
FormatMessageW
ReadFile
CreateFileW
lstrcmpW
GetTempPathW
GetCurrentDirectoryW
FindClose
GetLocalTime
Process32FirstW
ProcessIdToSessionId
RemoveDirectoryW
DeviceIoControl
Module32FirstW
Process32NextW
WriteConsoleW

advapi32

RegEnumValueW
RegCloseKey
RegSetValueExW
GetUserNameW
OpenProcessToken
RegCreateKeyExW
CreateProcessAsUserW
ImpersonateLoggedOnUser
RevertToSelf
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW
ord165

shlwapi

PathRemoveBackslashW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW
PathIsDirectoryW
PathRemoveFileSpecW
StrStrIW
StrChrW
SHGetValueW
PathAppendW
SHSetValueW
StrChrA
wvnsprintfA
wvnsprintfW
wnsprintfA
wnsprintfW
SHGetValueA

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

ole32

CoCreateGuid
CoInitialize
CoCreateInstance

Sections

.text
Size: 270KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rtfile64.dll
.dll windows:5 windows x64 arch:x64

7ff223a86d240b5bdf7a9dbfbacb7990

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

26:a0:7b:b8:0d:3f:e7:76:53:dd:11:43:5a:3c:35:63:16:86:c2:32:81:2b:10:27:a6:d9:44:9b:2d:ac:ed:68
Signer

Actual PE Digest

26:a0:7b:b8:0d:3f:e7:76:53:dd:11:43:5a:3c:35:63:16:86:c2:32:81:2b:10:27:a6:d9:44:9b:2d:ac:ed:68

Digest Algorithm

sha256

PE Digest Matches

true

05:d0:00:9d:62:63:bc:37:2c:6d:4a:81:24:5e:c8:7f:02:0f:f5:07
Signer

Actual PE Digest

05:d0:00:9d:62:63:bc:37:2c:6d:4a:81:24:5e:c8:7f:02:0f:f5:07

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\po\trunk\modules\rtfile\Release\rtfile64.pdb

Imports

kernel32

GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateThread
GetVolumeInformationW
FileTimeToLocalFileTime
GetWindowsDirectoryW
CloseHandle
GetCurrentThreadId
GetFileAttributesExW
GetModuleHandleA
lstrcmpiW
CreateEventW
LoadLibraryA
ResetEvent
EnterCriticalSection
GetProcAddress
FileTimeToSystemTime
lstrcpynW
LeaveCriticalSection
InitializeCriticalSection
GetLogicalDrives
SetEvent
WaitForSingleObject
GetDriveTypeW
DisableThreadLibraryCalls
lstrcmpA
DeleteFileW
GetFileSize
SetFilePointer
MoveFileExW
SetFileAttributesW
LocalFree
Module32NextW
OpenEventW
CreateToolhelp32Snapshot
FindNextFileW
lstrcatW
GetLastError
GetFileAttributesW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
HeapAlloc
HeapFree
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
Sleep
HeapSize
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapReAlloc
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetModuleFileNameW
lstrlenW
lstrcpyW
lstrcpyA
GetTempFileNameW
CreateFileA
FindFirstFileW
VirtualQuery
lstrcpynA
SetEndOfFile
GetDriveTypeA
OpenProcess
LoadLibraryW
FormatMessageW
ReadFile
CreateFileW
lstrcmpW
GetTempPathW
GetCurrentDirectoryW
FindClose
GetLocalTime
Process32FirstW
ProcessIdToSessionId
RemoveDirectoryW
DeviceIoControl
Module32FirstW
Process32NextW
WriteConsoleW

advapi32

RegCloseKey
RegSetValueExW
GetUserNameW
OpenProcessToken
RegCreateKeyExW
CreateProcessAsUserW
ImpersonateLoggedOnUser
RevertToSelf
RegEnumValueW
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW
ord165

shlwapi

PathFindExtensionW
PathFileExistsW
PathIsDirectoryW
PathFindFileNameW
PathRemoveBackslashW
PathRemoveFileSpecW
StrStrIW
StrChrW
SHGetValueW
PathAppendW
SHSetValueW
StrChrA
SHGetValueA
wnsprintfW
wvnsprintfA
wvnsprintfW
wnsprintfA

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

ole32

CoCreateGuid
CoCreateInstance
CoInitialize

Sections

.text
Size: 382KB - Virtual size: 382KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rtinfo32.dll
.dll windows:5 windows x86 arch:x86

75720ed06b7a1e81f62cea9ca556a8e0

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

dc:93:10:92:03:32:1e:6a:9e:bf:e4:aa:6d:32:12:54:08:34:6f:e8:16:9a:97:8d:1c:9c:99:1b:6e:4b:52:10
Signer

Actual PE Digest

dc:93:10:92:03:32:1e:6a:9e:bf:e4:aa:6d:32:12:54:08:34:6f:e8:16:9a:97:8d:1c:9c:99:1b:6e:4b:52:10

Digest Algorithm

sha256

PE Digest Matches

true

90:d9:4a:6c:29:cd:6d:5e:dc:65:d5:f3:6b:06:ce:2e:f4:d0:2f:5f
Signer

Actual PE Digest

90:d9:4a:6c:29:cd:6d:5e:dc:65:d5:f3:6b:06:ce:2e:f4:d0:2f:5f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\rtinfo\Release\rtinfo32.pdb

Imports

kernel32

GetSystemTimes
LoadLibraryW
GetTickCount
GetVolumeInformationW
GetWindowsDirectoryW
GetDiskFreeSpaceExW
ExpandEnvironmentStringsW
GetLongPathNameW
GetLogicalDrives
GetDriveTypeW
LocalFree
GetModuleHandleA
GetProcAddress
lstrlenW
GetModuleFileNameW
GetSystemDirectoryW
lstrcmpW
GetFileAttributesW
lstrcpynW
lstrcmpiW
GetVersionExW
lstrlenA
CreateThread
CreateIoCompletionPort
WaitForMultipleObjects
GetSystemInfo
CreateEventW
ResetEvent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetQueuedCompletionStatus
DeleteFileW
CloseHandle
lstrcatW
OpenEventA
DisableThreadLibraryCalls
GlobalMemoryStatusEx
OpenProcess
GetModuleHandleW
GetProcessTimes
SetLastError
GetLastError
GetTempPathW
SetComputerNameExW
CreateFileW
ReadFile
Sleep
OutputDebugStringW
SetEvent
WaitForSingleObject
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
VirtualAlloc
VirtualFree
HeapDestroy
HeapCreate
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetSystemTimeAsFileTime
HeapReAlloc
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
RaiseException
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThreadId
lstrcpyA
SetFileAttributesW
lstrcpyW
GetCurrentProcessId
Module32NextW
OpenEventW
GetFileAttributesExW
CreateToolhelp32Snapshot
FindNextFileW
Process32NextW
Module32FirstW
DeviceIoControl
QueryDosDeviceW
RemoveDirectoryW
CreateFileMappingW
ProcessIdToSessionId
Process32FirstW
LoadLibraryA
GetLocalTime
FindClose
GetCurrentProcess
SetFilePointer
GetCurrentDirectoryW
GetFileSizeEx
MultiByteToWideChar
GetACP
TerminateProcess
FormatMessageW
CopyFileW
lstrcmpA
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
DeleteCriticalSection
GetTempFileNameW
CreateFileA
FindFirstFileW
MapViewOfFile
UnmapViewOfFile
VirtualQuery
lstrcpynA
SetEndOfFile
CreateProcessW
HeapAlloc
HeapFree
GetProcessHeap
IsBadReadPtr
WriteFile
GetDriveTypeA
WideCharToMultiByte

user32

BlockInput
ExitWindowsEx
DestroyIcon
GetIconInfo

gdi32

DeleteObject
GetObjectW

advapi32

AllocateAndInitializeSid
RegCloseKey
RegEnumKeyExW
ControlService
RegOpenKeyExW
OpenProcessToken
LookupPrivilegeValueW
RegCreateKeyExW
CreateProcessAsUserW
InitializeSecurityDescriptor
SetTokenInformation
SetSecurityDescriptorDacl
StartServiceW
DuplicateTokenEx
QueryServiceStatus
SetFileSecurityW
RegSetValueExW
SetEntriesInAclW
RegEnumValueW
FreeSid
QueryServiceConfigW
EnumServicesStatusW
QueryServiceConfig2W
OpenServiceW
OpenSCManagerW
CloseServiceHandle
GetUserNameW
RevertToSelf
ImpersonateLoggedOnUser
LookupAccountSidW
LookupAccountNameW
AdjustTokenPrivileges

shell32

ord165
SHGetPathFromIDListW
SHGetSpecialFolderLocation
CommandLineToArgvW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHGetFileInfoW
ord727

ole32

CoInitialize
CoUninitialize
CoCreateGuid
CoInitializeEx
CoTaskMemFree
CoInitializeSecurity
CoCreateInstance

oleaut32

VariantInit
VariantClear
SysAllocString
VariantChangeType
SysFreeString

iphlpapi

GetExtendedUdpTable
GetAdaptersInfo
GetExtendedTcpTable

ws2_32

ioctlsocket
WSAStartup
inet_addr
WSASocketW
htons
WSARecvFrom
setsockopt
bind
closesocket
inet_ntoa
ntohs

shlwapi

SHGetValueW
PathIsDirectoryW
SHDeleteValueW
PathFileExistsW
PathAppendW
PathFindExtensionW
SHDeleteKeyA
StrCatW
wvnsprintfA
StrCmpNIA
wnsprintfA
StrChrA
SHSetValueW
StrCmpNIW
wnsprintfW
StrChrW
PathAddBackslashW
PathRemoveFileSpecW
StrStrW
SHGetValueA
wvnsprintfW
StrStrIW
PathFindFileNameW

gdiplus

GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipAlloc
GdipGetImageEncodersSize
GdipDisposeImage
GdipCreateBitmapFromHICON
GdipGetImageEncoders
GdipSaveImageToFile
GdipBitmapLockBits
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdiplusShutdown
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdipFree

netapi32

NetShareDel
NetShareEnum
NetUserEnum
NetApiBufferFree
NetUserGetInfo
NetLocalGroupAddMembers
NetUserDel
NetUserSetInfo
NetUserAdd

setupapi

SetupDiGetDeviceInfoListDetailW
SetupDiSetClassInstallParamsW
SetupDiDestroyClassImageList
SetupDiClassNameFromGuidExW
SetupDiGetClassImageList
SetupDiBuildClassInfoListExW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiLoadClassIcon
SetupDiCallClassInstaller
SetupDiGetClassImageIndex
SetupDiGetClassDevsExW
CM_Get_Device_ID_ExW
SetupDiGetDeviceInstanceIdW
SetupDiGetClassDescriptionExW
SetupDiOpenDeviceInfoW
SetupDiClassGuidsFromNameExW
SetupDiGetDeviceInstallParamsW
CM_Get_DevNode_Status_Ex

comctl32

ImageList_GetIcon

wtsapi32

WTSEnumerateSessionsW
WTSEnumerateProcessesW
WTSFreeMemory
WTSQueryUserToken

version

VerQueryValueW
GetFileVersionInfoW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

psapi

GetProcessImageFileNameW

Exports

Exports

GetDeviceInUserSession
TestAutoRun
TestDevice
TestTask

Sections

.text
Size: 376KB - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rtinfo64.dll
.dll windows:5 windows x64 arch:x64

43c5b6863354393f0ce9687eee52f127

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

88:bc:78:eb:66:40:dc:53:1b:10:89:a2:fe:16:cb:21:df:b3:73:36:a2:e6:f4:5b:0e:29:06:2c:48:18:d8:63
Signer

Actual PE Digest

88:bc:78:eb:66:40:dc:53:1b:10:89:a2:fe:16:cb:21:df:b3:73:36:a2:e6:f4:5b:0e:29:06:2c:48:18:d8:63

Digest Algorithm

sha256

PE Digest Matches

true

4f:73:df:c0:2b:ba:88:8f:ed:0d:10:0b:71:cd:4d:2c:14:18:1d:5b
Signer

Actual PE Digest

4f:73:df:c0:2b:ba:88:8f:ed:0d:10:0b:71:cd:4d:2c:14:18:1d:5b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\rtinfo\Release\rtinfo64.pdb

Imports

kernel32

GetSystemTimes
LoadLibraryW
GetTickCount
GetVolumeInformationW
GetWindowsDirectoryW
GetDiskFreeSpaceExW
ExpandEnvironmentStringsW
GetLongPathNameW
GetLogicalDrives
GetDriveTypeW
LocalFree
GetModuleHandleA
GetProcAddress
lstrlenW
GetModuleFileNameW
GetSystemDirectoryW
lstrcmpW
GetFileAttributesW
lstrcpynW
lstrcmpiW
GetVersionExW
lstrlenA
CreateThread
CreateIoCompletionPort
WaitForMultipleObjects
GetSystemInfo
CreateEventW
ResetEvent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetQueuedCompletionStatus
DeleteFileW
CloseHandle
lstrcatW
OpenEventA
DisableThreadLibraryCalls
GlobalMemoryStatusEx
OpenProcess
GetModuleHandleW
GetProcessTimes
SetLastError
GetLastError
GetTempPathW
SetComputerNameExW
CreateFileW
ReadFile
Sleep
OutputDebugStringW
SetEvent
WaitForSingleObject
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
HeapDestroy
HeapCreate
HeapSetInformation
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapSize
FlsAlloc
FlsFree
FlsGetValue
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
HeapReAlloc
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwindEx
RtlPcToFileHeader
RaiseException
GetCommandLineA
FlsSetValue
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThreadId
lstrcpyA
SetFileAttributesW
lstrcpyW
GetCurrentProcessId
Module32NextW
OpenEventW
GetFileAttributesExW
CreateToolhelp32Snapshot
FindNextFileW
Process32NextW
Module32FirstW
DeviceIoControl
QueryDosDeviceW
RemoveDirectoryW
CreateFileMappingW
ProcessIdToSessionId
GetCurrentProcess
SetFilePointer
Process32FirstW
LoadLibraryA
GetLocalTime
FindClose
GetCurrentDirectoryW
GetFileSizeEx
MultiByteToWideChar
GetACP
lstrcmpA
DeleteCriticalSection
GetTempFileNameW
CreateFileA
FindFirstFileW
MapViewOfFile
UnmapViewOfFile
VirtualQuery
lstrcpynA
SetEndOfFile
CreateProcessW
HeapAlloc
HeapFree
GetProcessHeap
IsBadReadPtr
WriteFile
GetDriveTypeA
WideCharToMultiByte
CopyFileW
FormatMessageW
TerminateProcess

user32

BlockInput
ExitWindowsEx
DestroyIcon
GetIconInfo

gdi32

DeleteObject
GetObjectW

advapi32

AllocateAndInitializeSid
RegCloseKey
RegEnumKeyExW
ControlService
RegOpenKeyExW
OpenProcessToken
LookupPrivilegeValueW
RegCreateKeyExW
CreateProcessAsUserW
InitializeSecurityDescriptor
SetTokenInformation
SetSecurityDescriptorDacl
StartServiceW
DuplicateTokenEx
QueryServiceStatus
SetFileSecurityW
RegSetValueExW
SetEntriesInAclW
RegEnumValueW
FreeSid
QueryServiceConfigW
EnumServicesStatusW
QueryServiceConfig2W
OpenServiceW
OpenSCManagerW
CloseServiceHandle
GetUserNameW
RevertToSelf
ImpersonateLoggedOnUser
LookupAccountSidW
LookupAccountNameW
AdjustTokenPrivileges

shell32

ord165
SHGetPathFromIDListW
SHGetSpecialFolderLocation
CommandLineToArgvW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHGetFileInfoW
ord727

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree
CoCreateGuid
CoInitializeEx
CoInitializeSecurity
CoUninitialize

oleaut32

VariantInit
VariantClear
SysAllocString
VariantChangeType
SysFreeString

iphlpapi

GetExtendedUdpTable
GetAdaptersInfo
GetExtendedTcpTable

ws2_32

inet_ntoa
WSAStartup
inet_addr
WSASocketW
htons
WSARecvFrom
setsockopt
bind
closesocket
ioctlsocket
ntohs

shlwapi

PathIsDirectoryW
SHDeleteValueW
PathFileExistsW
PathAppendW
PathFindExtensionW
SHDeleteKeyA
PathFindFileNameW
StrCatW
wvnsprintfA
StrCmpNIA
wnsprintfA
StrChrA
SHSetValueW
StrCmpNIW
wnsprintfW
SHGetValueW
StrChrW
PathAddBackslashW
PathRemoveFileSpecW
StrStrW
SHGetValueA
wvnsprintfW
StrStrIW

gdiplus

GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipAlloc
GdipGetImageEncodersSize
GdipDisposeImage
GdipCreateBitmapFromHICON
GdipGetImageEncoders
GdipSaveImageToFile
GdipBitmapLockBits
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdiplusShutdown
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdipFree

netapi32

NetUserSetInfo
NetShareDel
NetShareEnum
NetUserEnum
NetApiBufferFree
NetUserGetInfo
NetLocalGroupAddMembers
NetUserDel
NetUserAdd

setupapi

SetupDiOpenDeviceInfoW
SetupDiGetDeviceInfoListDetailW
SetupDiSetClassInstallParamsW
SetupDiDestroyClassImageList
SetupDiClassNameFromGuidExW
SetupDiGetClassImageList
SetupDiBuildClassInfoListExW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiLoadClassIcon
SetupDiCallClassInstaller
SetupDiGetClassImageIndex
SetupDiGetClassDevsExW
CM_Get_Device_ID_ExW
SetupDiGetDeviceInstanceIdW
SetupDiGetClassDescriptionExW
SetupDiClassGuidsFromNameExW
SetupDiGetDeviceInstallParamsW
CM_Get_DevNode_Status_Ex

comctl32

ImageList_GetIcon

wtsapi32

WTSQueryUserToken
WTSEnumerateProcessesW
WTSFreeMemory
WTSEnumerateSessionsW

version

GetFileVersionInfoW
VerQueryValueW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

psapi

GetProcessImageFileNameW

Exports

Exports

GetDeviceInUserSession
TestAutoRun
TestDevice
TestTask

Sections

.text
Size: 562KB - Virtual size: 562KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
screenhooks32.dll
.dll windows:5 windows x86 arch:x86

223c37c9528ff509e08c201bd4e12683

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:2d:cc:39:18:5a:9c:0b:9a:4e:98:4b:ba:9b:8e:e3
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:2d:8c:51:24:3c:49:35:1a:b9:89:cc:ef:19:b5:29
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

89:ba:f6:81:fb:98:e1:96:e5:34:ec:a8:89:79:db:6b:b3:d0:28:32:9a:04:88:49:57:5e:43:c3:c6:33:72:b7
Signer

Actual PE Digest

89:ba:f6:81:fb:98:e1:96:e5:34:ec:a8:89:79:db:6b:b3:d0:28:32:9a:04:88:49:57:5e:43:c3:c6:33:72:b7

Digest Algorithm

sha256

PE Digest Matches

true

84:ff:95:b0:3f:11:15:9b:59:6e:22:f0:0f:1a:51:0c:54:fb:bb:bd
Signer

Actual PE Digest

84:ff:95:b0:3f:11:15:9b:59:6e:22:f0:0f:1a:51:0c:54:fb:bb:bd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\tightvnc\Release\screenhooks32.pdb

Imports

user32

ClientToScreen
GetWindowRect
PostMessageW
CallNextHookEx
GetClientRect
SetWindowsHookExW
UnhookWindowsHookEx
GetSystemMetrics
RegisterWindowMessageW

kernel32

FreeEnvironmentStringsW
LCMapStringW
LCMapStringA
GetStringTypeW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
HeapAlloc
GetLastError
HeapFree
HeapReAlloc
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
WriteFile
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar

Exports

Exports

setHook
unsetHook

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
scrnrcd32.dll
.dll windows:5 windows x86 arch:x86

3d8d34124a49e089644b861ba94edbeb

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ab:19:a4:0e:71:da:72:d6:23:a3:60:d5:d1:0c:88:c7:2c:ae:b3:71:3f:c1:16:54:15:7e:9d:58:15:1b:e4:dc
Signer

Actual PE Digest

ab:19:a4:0e:71:da:72:d6:23:a3:60:d5:d1:0c:88:c7:2c:ae:b3:71:3f:c1:16:54:15:7e:9d:58:15:1b:e4:dc

Digest Algorithm

sha256

PE Digest Matches

true

87:f5:91:66:85:99:b7:7c:74:89:eb:2c:72:8e:f0:cf:23:12:07:16
Signer

Actual PE Digest

87:f5:91:66:85:99:b7:7c:74:89:eb:2c:72:8e:f0:cf:23:12:07:16

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\po\trunk\modules\scrnrcd\Release\scrnrcd32.pdb

Imports

kernel32

GetDiskFreeSpaceExW
RemoveDirectoryW
CreateThread
GetLastError
CloseHandle
MoveFileW
CreateFileW
ReadFile
lstrlenA
lstrcpyW
DeleteFileW
lstrcatW
lstrcmpiW
GetLocalTime
EnterCriticalSection
lstrcpynW
LeaveCriticalSection
Sleep
InitializeCriticalSection
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetLocaleInfoW
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
ExitProcess
VirtualAlloc
DeleteCriticalSection
VirtualFree
HeapDestroy
HeapCreate
GetModuleFileNameA
GetStdHandle
InterlockedDecrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetSystemTimeAsFileTime
HeapReAlloc
RtlUnwind
RaiseException
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedExchange
InterlockedIncrement
SetFilePointer
GetFileSize
OutputDebugStringW
GetWindowsDirectoryW
GetCurrentThreadId
lstrcpyA
GetTickCount
DisableThreadLibraryCalls
lstrcmpA
GetTempFileNameW
CreateFileA
FindFirstFileW
VirtualQuery
lstrcpynA
SetEndOfFile
CreateProcessW
HeapAlloc
SystemTimeToFileTime
GetCurrentProcess
HeapFree
WaitForSingleObject
SetEvent
GetLogicalDrives
GetModuleHandleW
WriteFile
OpenProcess
WideCharToMultiByte
GetExitCodeProcess
GetFileAttributesW
TerminateProcess
GetModuleFileNameW
GetACP
lstrcmpW
MultiByteToWideChar
lstrlenW
GetTempPathW
GetCurrentDirectoryW
SetLastError
GetProcAddress
FindClose
LoadLibraryA
Process32FirstW
CreateEventW
QueryDosDeviceW
Module32FirstW
Process32NextW
GetModuleHandleA
FindNextFileW
CreateToolhelp32Snapshot
GetFileAttributesExW
OpenEventW
Module32NextW
GetCurrentProcessId
SetFileAttributesW

user32

EnumDisplaySettingsW
GetSystemMetrics
EnumDisplayMonitors
DrawIconEx
LoadCursorW
GetForegroundWindow
SetRect
GetCursorPos
GetLastInputInfo
GetMonitorInfoW
GetWindowThreadProcessId
GetUserObjectInformationW
ReleaseDC
GetDC
CloseDesktop
EnumDisplaySettingsExW
OpenInputDesktop
GetWindowDC
MessageBoxW
SetThreadDesktop

gdi32

BitBlt
DeleteDC
StretchBlt
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetDIBits
GetObjectW
GetStockObject

shell32

ord165
SHGetSpecialFolderPathW

ole32

CoInitialize
CoCreateGuid
CoUninitialize

avifil32

AVIFileInit
AVIStreamRelease
AVIFileOpenW
AVIMakeCompressedStream
AVIFileCreateStreamW
AVIStreamSetFormat
AVIStreamWrite
AVIFileRelease

winmm

mmioStringToFOURCCW

gdiplus

GdipDisposeImage
GdipDeleteBrush
GdipCreateFromHDC
GdipFree
GdipFillPath
GdipSetInterpolationMode
GdipCloneImage
GdipCreateFont
GdipCreatePen1
GdipSetPenLineJoin
GdiplusStartup
GdipDeletePen
GdipStringFormatGetGenericDefault
GdipMeasureString
GdipDrawPath
GdipDeleteFont
GdipDeleteGraphics
GdipSetSmoothingMode
GdipDeleteFontFamily
GdipCreateSolidFill
GdipAlloc
GdipGetImageEncodersSize
GdipCreateFontFamilyFromName
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipDeletePath
GdipSaveImageToFile
GdipAddPathString
GdipCreatePath

shlwapi

wnsprintfW
PathAppendW
PathFindExtensionW
PathFindFileNameW
SHDeleteValueW
PathFileExistsW
PathIsDirectoryW
wvnsprintfW
SHGetValueA
StrCatW
wvnsprintfA
wnsprintfA
StrChrA
SHSetValueW
StrCmpNIW
SHGetValueW
StrChrW
StrStrIW
PathRemoveFileSpecW
StrStrW

psapi

GetProcessImageFileNameW

advapi32

GetUserNameW

Exports

Exports

Test

Sections

.text
Size: 245KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
scrnrcd64.dll
.dll windows:5 windows x64 arch:x64

e397a1c614e2fd75176b1bcace7c8f15

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c1:e9:3a:45:24:28:36:d6:92:35:00:ab:71:bf:c8:5e:4c:e4:07:8f:50:f6:a2:54:bb:f8:1c:40:96:ad:71:a5
Signer

Actual PE Digest

c1:e9:3a:45:24:28:36:d6:92:35:00:ab:71:bf:c8:5e:4c:e4:07:8f:50:f6:a2:54:bb:f8:1c:40:96:ad:71:a5

Digest Algorithm

sha256

PE Digest Matches

true

5a:db:95:f1:d0:ca:84:43:13:1a:31:1d:81:53:a4:06:47:fc:72:b6
Signer

Actual PE Digest

5a:db:95:f1:d0:ca:84:43:13:1a:31:1d:81:53:a4:06:47:fc:72:b6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\po\trunk\modules\scrnrcd\Release\scrnrcd64.pdb

Imports

kernel32

GetDiskFreeSpaceExW
RemoveDirectoryW
CreateThread
GetLastError
CloseHandle
MoveFileW
CreateFileW
ReadFile
lstrlenA
lstrcpyW
DeleteFileW
lstrcatW
lstrcmpiW
GetLocalTime
EnterCriticalSection
lstrcpynW
LeaveCriticalSection
Sleep
InitializeCriticalSection
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetLocaleInfoW
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
ExitProcess
HeapDestroy
HeapCreate
HeapSetInformation
GetModuleFileNameA
GetStdHandle
FlsAlloc
FlsFree
FlsGetValue
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
HeapReAlloc
RtlUnwindEx
RtlPcToFileHeader
RaiseException
GetCommandLineA
FlsSetValue
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetFilePointer
GetFileSize
OutputDebugStringW
GetWindowsDirectoryW
GetTickCount
DisableThreadLibraryCalls
lstrcmpA
GetTempFileNameW
CreateFileA
FindFirstFileW
VirtualQuery
lstrcpynA
SetEndOfFile
CreateProcessW
HeapAlloc
SystemTimeToFileTime
GetCurrentProcess
HeapFree
WaitForSingleObject
SetEvent
GetLogicalDrives
GetModuleHandleW
WriteFile
OpenProcess
WideCharToMultiByte
GetExitCodeProcess
GetFileAttributesW
TerminateProcess
GetModuleFileNameW
GetACP
lstrcmpW
MultiByteToWideChar
lstrlenW
GetTempPathW
GetCurrentDirectoryW
SetLastError
GetProcAddress
FindClose
LoadLibraryA
Process32FirstW
CreateEventW
QueryDosDeviceW
Module32FirstW
Process32NextW
GetModuleHandleA
FindNextFileW
CreateToolhelp32Snapshot
GetFileAttributesExW
OpenEventW
Module32NextW
GetCurrentProcessId
SetFileAttributesW
lstrcpyA
GetCurrentThreadId

user32

GetWindowThreadProcessId
ReleaseDC
GetUserObjectInformationW
EnumDisplaySettingsW
GetSystemMetrics
EnumDisplayMonitors
DrawIconEx
LoadCursorW
GetForegroundWindow
SetRect
GetCursorPos
GetLastInputInfo
GetDC
CloseDesktop
EnumDisplaySettingsExW
OpenInputDesktop
GetWindowDC
MessageBoxW
GetMonitorInfoW
SetThreadDesktop

gdi32

BitBlt
DeleteDC
StretchBlt
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetDIBits
GetObjectW
GetStockObject

shell32

ord165
SHGetSpecialFolderPathW

ole32

CoInitialize
CoCreateGuid
CoUninitialize

avifil32

AVIFileInit
AVIStreamRelease
AVIFileOpenW
AVIMakeCompressedStream
AVIFileCreateStreamW
AVIStreamSetFormat
AVIStreamWrite
AVIFileRelease

winmm

mmioStringToFOURCCW

gdiplus

GdipFree
GdipDeletePen
GdipFillPath
GdipSetInterpolationMode
GdipCloneImage
GdipCreatePath
GdipCreatePen1
GdipSetPenLineJoin
GdiplusStartup
GdipStringFormatGetGenericDefault
GdipMeasureString
GdipDrawPath
GdipDeleteFont
GdipDeleteGraphics
GdipSetSmoothingMode
GdipDeleteFontFamily
GdipCreateSolidFill
GdipAlloc
GdipGetImageEncodersSize
GdipSaveImageToFile
GdipCreateFromHDC
GdipCreateFontFamilyFromName
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipDeletePath
GdipAddPathString
GdipCreateFont
GdipDeleteBrush
GdipDisposeImage

shlwapi

wnsprintfW
PathAppendW
PathFindExtensionW
PathFindFileNameW
SHDeleteValueW
PathFileExistsW
PathIsDirectoryW
wvnsprintfW
SHGetValueA
StrCatW
wvnsprintfA
wnsprintfA
StrStrW
SHSetValueW
StrCmpNIW
SHGetValueW
StrChrA
StrChrW
StrStrIW
PathRemoveFileSpecW

psapi

GetProcessImageFileNameW

advapi32

GetUserNameW

Exports

Exports

Test

Sections

.text
Size: 335KB - Virtual size: 335KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sensinfo32.dll
.dll windows:5 windows x86 arch:x86

e45a7062d34cc769e1c67fe2c0e8315f

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:ec:4f:1c:3f:a7:b3:14:df:4c:4c:f7:ba:46:32:6a:9e:44:53:b9:7a:58:4d:ec:e5:16:79:bc:28:7d:39:d2
Signer

Actual PE Digest

78:ec:4f:1c:3f:a7:b3:14:df:4c:4c:f7:ba:46:32:6a:9e:44:53:b9:7a:58:4d:ec:e5:16:79:bc:28:7d:39:d2

Digest Algorithm

sha256

PE Digest Matches

true

20:b7:6b:bf:fa:63:29:64:7a:c8:f9:8b:03:43:e9:0f:3d:a3:e4:b2
Signer

Actual PE Digest

20:b7:6b:bf:fa:63:29:64:7a:c8:f9:8b:03:43:e9:0f:3d:a3:e4:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\sensinfo\Release\sensinfo32.pdb

Imports

kernel32

GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CloseHandle
EnterCriticalSection
SetLastError
GetLastError
GetTempPathW
lstrlenW
LeaveCriticalSection
InitializeCriticalSection
OutputDebugStringW
SetFilePointer
GetWindowsDirectoryW
lstrcpyA
DisableThreadLibraryCalls
lstrcmpA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
HeapAlloc
HeapFree
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
Sleep
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
CreateFileA
VirtualQuery
lstrcpynA
CreateProcessW
SetEvent
OpenProcess
lstrcpynW
GetFileAttributesW
ReadFile
GetModuleFileNameW
CreateFileW
GetLocalTime
Process32FirstW
ProcessIdToSessionId
Module32FirstW
Process32NextW
lstrcmpiW
GetModuleHandleA
CreateToolhelp32Snapshot
OpenEventW
Module32NextW
DeleteFileW
LocalFree
lstrcpyW
WriteConsoleW

user32

EnumWindows
SendMessageTimeoutW
GetWindowThreadProcessId

shlwapi

PathIsDirectoryW
PathFindFileNameW
PathRemoveFileSpecW
StrChrW
SHGetValueW
wvnsprintfW
SHSetValueW
StrChrA
wnsprintfA
wvnsprintfA
PathFileExistsW
StrStrIW
wnsprintfW
PathAppendW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

advapi32

SetFileSecurityW
OpenProcessToken
CreateProcessAsUserW
InitializeSecurityDescriptor
GetUserNameW
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
SetSecurityDescriptorDacl

shell32

ord165

ole32

CoCreateGuid

Sections

.text
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sensinfo64.dll
.dll windows:5 windows x64 arch:x64

1915340feee753373e0a2231bc46452c

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ce:74:42:48:c8:d2:b3:b9:ec:01:00:3f:ed:31:c3:0c:c3:51:ce:e6:ad:35:29:09:56:ac:78:d2:44:24:c5:0e
Signer

Actual PE Digest

ce:74:42:48:c8:d2:b3:b9:ec:01:00:3f:ed:31:c3:0c:c3:51:ce:e6:ad:35:29:09:56:ac:78:d2:44:24:c5:0e

Digest Algorithm

sha256

PE Digest Matches

true

93:cd:8c:4f:7c:3f:3b:69:04:db:d3:72:2e:dd:52:46:50:b8:bc:ef
Signer

Actual PE Digest

93:cd:8c:4f:7c:3f:3b:69:04:db:d3:72:2e:dd:52:46:50:b8:bc:ef

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\sensinfo\Release\sensinfo64.pdb

Imports

kernel32

GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CloseHandle
EnterCriticalSection
SetLastError
GetLastError
GetTempPathW
lstrlenW
LeaveCriticalSection
InitializeCriticalSection
OutputDebugStringW
SetFilePointer
GetWindowsDirectoryW
lstrcpyA
lstrcpyW
DisableThreadLibraryCalls
lstrcmpA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
HeapAlloc
HeapFree
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
Sleep
HeapSize
GetModuleHandleW
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
CreateFileA
VirtualQuery
lstrcpynA
CreateProcessW
SetEvent
OpenProcess
lstrcpynW
GetFileAttributesW
ReadFile
GetModuleFileNameW
CreateFileW
GetLocalTime
Process32FirstW
ProcessIdToSessionId
Module32FirstW
Process32NextW
lstrcmpiW
GetModuleHandleA
CreateToolhelp32Snapshot
OpenEventW
Module32NextW
DeleteFileW
LocalFree
WriteConsoleW

user32

EnumWindows
SendMessageTimeoutW
GetWindowThreadProcessId

shlwapi

PathIsDirectoryW
wvnsprintfW
PathFindFileNameW
PathRemoveFileSpecW
StrChrW
SHGetValueW
SHSetValueW
StrChrA
wnsprintfA
wvnsprintfA
PathFileExistsW
wnsprintfW
StrStrIW
PathAppendW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

advapi32

SetSecurityDescriptorDacl
OpenProcessToken
CreateProcessAsUserW
InitializeSecurityDescriptor
GetUserNameW
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
SetFileSecurityW

shell32

ord165

ole32

CoCreateGuid

Sections

.text
Size: 255KB - Virtual size: 254KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setuphlpr.dll
.dll windows:5 windows x86 arch:x86

0010c0b64ff91be699a70e82ca44c6c6

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:8d:9d:e5:cb:99:f1:46:4f:8b:0a:ff:3c:73:f7:7d:c2:56:53:4d:a2:b7:a0:6d:1d:c0:64:16:fe:30:db:7d
Signer

Actual PE Digest

58:8d:9d:e5:cb:99:f1:46:4f:8b:0a:ff:3c:73:f7:7d:c2:56:53:4d:a2:b7:a0:6d:1d:c0:64:16:fe:30:db:7d

Digest Algorithm

sha256

PE Digest Matches

true

65:72:fc:ba:59:68:dd:76:a2:2d:fe:d4:e0:8e:f5:79:0b:4d:f9:8d
Signer

Actual PE Digest

65:72:fc:ba:59:68:dd:76:a2:2d:fe:d4:e0:8e:f5:79:0b:4d:f9:8d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\deploy\client\setuphlpr\Release\setuphlpr.pdb

Imports

kernel32

LocalAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateEventW
DeleteFileW
DisableThreadLibraryCalls
MoveFileW
GetModuleFileNameW
lstrcpynW
CloseHandle
lstrcmpiW
Sleep
LoadLibraryW
SetFilePointer
GetCommandLineW
GetWindowsDirectoryW
CreateThread
OutputDebugStringW
GetFileSize
lstrcpyW
LocalFree
Module32NextW
GetModuleHandleW
FreeLibrary
ExitProcess
GetLastError
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetProcAddress
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
InterlockedExchange
LoadLibraryA
GetLocaleInfoW
GetLocaleInfoA
HeapSize
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
CreateFileA
FindFirstFileW
lstrlenA
VirtualQuery
CreateProcessW
GlobalLock
WaitForSingleObject
GetLogicalDrives
InitializeCriticalSection
OpenProcess
GetVersionExW
GetExitCodeProcess
GetFileAttributesW
ReadFile
CreateFileW
lstrcmpW
lstrlenW
GlobalUnlock
GetCurrentDirectoryW
FindClose
GetLocalTime
Process32FirstW
QueryDosDeviceW
Module32FirstW
Process32NextW
GetModuleHandleA
lstrcatW
FindNextFileW
CreateToolhelp32Snapshot
GetFileAttributesExW
OpenEventW
WriteConsoleW

user32

SendDlgItemMessageW
GetDlgItem
SetFocus
DialogBoxIndirectParamW
MessageBoxW
IsWindow
EnumChildWindows
SetDlgItemTextW
GetWindowLongW
GetWindowRect
GetParent
SetWindowLongW
EndDialog
GetDesktopWindow
SendMessageTimeoutW
SendMessageW
MoveWindow
GetForegroundWindow
FindWindowW
LoadIconW
IsWindowEnabled
PostMessageW

iphlpapi

GetAdaptersInfo

shlwapi

wnsprintfW
PathFileExistsW
PathFindFileNameW
StrStrIW
PathAppendW
PathRemoveExtensionW
wvnsprintfW
PathIsDirectoryW
PathRemoveFileSpecW
SHSetValueA
StrChrW
SHGetValueW
StrCmpNIW
SHSetValueW
wnsprintfA
wvnsprintfA
StrRChrW
SHDeleteValueA

ws2_32

ntohl
WSAStartup

psapi

GetProcessImageFileNameW

dnsapi

DnsFree
DnsQuery_A

advapi32

SetSecurityDescriptorDacl
AllocateAndInitializeSid
SetEntriesInAclW
CloseServiceHandle
OpenProcessToken
DeleteService
OpenSCManagerW
OpenServiceW
RegCreateKeyExW
InitializeSecurityDescriptor
LookupPrivilegeValueW
RegCloseKey
AdjustTokenPrivileges
RegEnumKeyExW
RegOpenKeyExW
RegSetKeySecurity
FreeSid

shell32

CommandLineToArgvW
ord165

ole32

CreateStreamOnHGlobal
CoInitializeEx
CoCreateGuid
CoCreateInstance
GetHGlobalFromStream

oleaut32

SysFreeString
VariantChangeType
VariantInit
VariantClear
SysAllocString

Exports

Exports

CheckInstallEnv
CheckInstallEnvSilent
InstallPcap
IsDot1xInstaller
IsPcapInstalled
IsWindow7
OnInstallSuccess
ParseInstallerName
PreInstall
PreStartService

Sections

.text
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
shlext32.dll
.dll regsvr32 windows:5 windows x86 arch:x86

b94829c0c556592749ab5abe779f6c7e

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:76:47:2f:39:53:90:bc:23:ef:dd:dc:4d:cb:f6:c8:29:fc:62:1e:bb:2f:40:d5:87:2b:65:45:ee:91:8d:77
Signer

Actual PE Digest

58:76:47:2f:39:53:90:bc:23:ef:dd:dc:4d:cb:f6:c8:29:fc:62:1e:bb:2f:40:d5:87:2b:65:45:ee:91:8d:77

Digest Algorithm

sha256

PE Digest Matches

true

e1:55:27:d3:4d:1a:62:19:64:29:ac:30:3e:e5:54:9d:b1:8f:cd:82
Signer

Actual PE Digest

e1:55:27:d3:4d:1a:62:19:64:29:ac:30:3e:e5:54:9d:b1:8f:cd:82

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\shlext\Release\shlext32.pdb

Imports

kernel32

GetCurrentProcess
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFileTime
GetCurrentThreadId
DisableThreadLibraryCalls
lstrcmpA
CreateEventW
GetTempPathW
SetLastError
WaitForSingleObject
GetExitCodeProcess
OutputDebugStringW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
GetExitCodeThread
FreeLibrary
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
LoadLibraryW
lstrcmpiW
GetLastError
DeleteCriticalSection
RaiseException
GetFileAttributesW
CopyFileW
CreateThread
InitializeCriticalSection
Sleep
GetCurrentProcessId
GetThreadLocale
SetThreadLocale
lstrcpyW
GetSystemDirectoryW
GetModuleHandleW
GetFileSize
OutputDebugStringA
MoveFileExW
GetWindowsDirectoryW
GetVersionExW
GetProcessHeap
HeapAlloc
HeapFree
GetFileAttributesExW
SetEvent
CreateFileW
MultiByteToWideChar
GetFileTime
GetProcAddress
lstrcatW
GlobalSize
GlobalLock
GlobalUnlock
TerminateThread
CloseHandle
DeleteFileW
LeaveCriticalSection
EnterCriticalSection
lstrcpynW
GetLocalTime
GetLogicalDrives
GetDriveTypeW
SetFilePointer
lstrcpyA
SetFileAttributesW
LocalFree
FileTimeToLocalFileTime
Module32NextW
OpenEventW
CreateToolhelp32Snapshot
FindNextFileW
GetModuleHandleA
Process32NextW
Module32FirstW
DeviceIoControl
QueryDosDeviceW
RemoveDirectoryW
CreateFileMappingW
ProcessIdToSessionId
Process32FirstW
FindClose
GetCurrentDirectoryW
GetFileSizeEx
lstrcmpW
ReadFile
FileTimeToSystemTime
OpenProcess
GetDriveTypeA
IsBadReadPtr
SetFilePointerEx
CreateProcessW
SetEndOfFile
lstrcpynA
VirtualQuery
UnmapViewOfFile
MapViewOfFile
FindFirstFileW
CreateFileA
GetTempFileNameW
InitializeCriticalSectionAndSpinCount
InterlockedExchange
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDiskFreeSpaceExW
MoveFileW
lstrlenW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetCommandLineA
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
LCMapStringW
HeapSize
ExitProcess
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LoadLibraryA
GetLocaleInfoW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
WriteConsoleW

user32

CloseClipboard
GetForegroundWindow
GetClipboardOwner
IsWindow
OpenClipboard
DefWindowProcW
ChangeClipboardChain
SendMessageW
GetWindowThreadProcessId
GetClipboardData
RegisterClipboardFormatW
ExitWindowsEx
CreateMenu
InsertMenuW
SetMenuItemBitmaps
DeleteMenu
DestroyMenu
GetSystemMetrics
SetRect
SetClipboardViewer
GetIconInfo
LoadImageW
GetDC
FillRect
DrawIconEx
ReleaseDC
DestroyIcon
GetDlgItem
SetPropW
ShowWindow
GetClientRect
GetPropW
CharNextW
LoadIconW
LoadCursorW
DispatchMessageW
DestroyWindow
PostQuitMessage
MessageBoxW
PostMessageW
FindWindowW
RegisterClassExW
CreateWindowExW
UpdateWindow
GetMessageW
TranslateMessage
DispatchMessageA
SetTimer

gdi32

DeleteObject
GetDIBits
CreateBitmap
CreateCompatibleDC
SelectObject
DeleteDC
GetStockObject
CreateDIBSection

advapi32

DeleteService
GetUserNameW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
ImpersonateLoggedOnUser
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
FreeSid
RegEnumValueW
CreateServiceW
CloseServiceHandle
OpenSCManagerW
OpenServiceW
GetTokenInformation
EqualSid
CreateProcessAsUserW
RegOpenKeyW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
StartServiceW
QueryServiceStatus
SetFileSecurityW
AllocateAndInitializeSid
SetEntriesInAclW

shell32

ShellExecuteW
DragQueryFileW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ord165

ole32

CoCreateGuid
StringFromGUID2
ReleaseStgMedium
CoCreateInstance
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

RegisterTypeLi
UnRegisterTypeLi
SysFreeString
SysStringLen
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
SysAllocString

gdiplus

GdipGetImageEncodersSize
GdipSaveImageToFile
GdipFree
GdipAlloc
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdiplusStartup
GdipGetImageEncoders

shlwapi

wvnsprintfA
wnsprintfA
SHDeleteValueW
SHDeleteKeyW
PathFindFileNameW
PathFileExistsW
wnsprintfW
PathAppendW
PathFindExtensionW
PathAddBackslashW
StrStrW
StrCmpNW
StrStrIW
PathIsDirectoryW
StrChrA
SHSetValueW
SHGetValueW
StrChrW
PathRemoveFileSpecW
SHGetValueA
wvnsprintfW
StrCmpNIW

wtsapi32

WTSQueryUserToken

ws2_32

htons
WSAStartup
socket
sendto

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

psapi

GetProcessImageFileNameW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
ExecClient

Sections

.text
Size: 341KB - Virtual size: 341KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
shlext64.dll
.dll regsvr32 windows:5 windows x64 arch:x64

b5b2da8d31be8f8293e96e8739241849

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bf:c3:40:18:d2:77:31:5d:5e:80:7b:99:a8:ac:dd:c1:89:0e:82:7d:96:da:e4:2f:7a:09:02:56:6e:64:38:4c
Signer

Actual PE Digest

bf:c3:40:18:d2:77:31:5d:5e:80:7b:99:a8:ac:dd:c1:89:0e:82:7d:96:da:e4:2f:7a:09:02:56:6e:64:38:4c

Digest Algorithm

sha256

PE Digest Matches

true

b0:fb:9a:f1:b9:70:9d:06:ec:ab:05:93:31:17:1f:0e:cc:e7:2a:c4
Signer

Actual PE Digest

b0:fb:9a:f1:b9:70:9d:06:ec:ab:05:93:31:17:1f:0e:cc:e7:2a:c4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\shlext\Release\shlext64.pdb

Imports

kernel32

GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
CreateFileW
GetFileTime
SetFileTime
GetCurrentThreadId
DisableThreadLibraryCalls
lstrcmpA
CreateEventW
GetTempPathW
SetLastError
OutputDebugStringW
WaitForSingleObject
GetExitCodeProcess
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
FreeLibrary
GetModuleFileNameW
LoadLibraryW
lstrcmpiW
GetLastError
DeleteCriticalSection
RaiseException
GetFileAttributesW
CopyFileW
CreateThread
InitializeCriticalSection
Sleep
GetCurrentProcessId
GetCurrentProcess
GetExitCodeThread
GetThreadLocale
GetSystemDirectoryW
MoveFileW
GetFileSize
GetModuleHandleW
MoveFileExW
GetWindowsDirectoryW
SetThreadLocale
lstrcpyW
GetVersionExW
GetProcessHeap
HeapAlloc
HeapFree
GetFileAttributesExW
MultiByteToWideChar
SetEvent
GetProcAddress
lstrcatW
GlobalSize
GlobalLock
GlobalUnlock
TerminateThread
CloseHandle
DeleteFileW
LeaveCriticalSection
EnterCriticalSection
lstrcpynW
GetLocalTime
GetLogicalDrives
GetDriveTypeW
SetFilePointer
lstrcpyA
SetFileAttributesW
LocalFree
FileTimeToLocalFileTime
Module32NextW
OpenEventW
CreateToolhelp32Snapshot
FindNextFileW
GetModuleHandleA
Process32NextW
Module32FirstW
DeviceIoControl
QueryDosDeviceW
RemoveDirectoryW
CreateFileMappingW
ProcessIdToSessionId
Process32FirstW
FindClose
GetCurrentDirectoryW
GetFileSizeEx
lstrcmpW
ReadFile
FileTimeToSystemTime
OpenProcess
GetDriveTypeA
IsBadReadPtr
SetFilePointerEx
CreateProcessW
SetEndOfFile
lstrcpynA
VirtualQuery
UnmapViewOfFile
MapViewOfFile
FindFirstFileW
CreateFileA
GetTempFileNameW
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetDiskFreeSpaceExW
OutputDebugStringA
lstrlenW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlPcToFileHeader
RtlUnwindEx
FlsSetValue
GetCommandLineA
WriteFile
GetStdHandle
GetModuleFileNameA
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
LCMapStringW
HeapSize
ExitProcess
HeapSetInformation
HeapCreate
HeapDestroy
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LoadLibraryA
GetLocaleInfoW
GetLocaleInfoA
WriteConsoleW

user32

GetForegroundWindow
GetClipboardOwner
IsWindow
CloseClipboard
OpenClipboard
DefWindowProcW
ChangeClipboardChain
SendMessageW
GetWindowThreadProcessId
GetClipboardData
RegisterClipboardFormatW
ExitWindowsEx
CreateMenu
InsertMenuW
SetMenuItemBitmaps
DeleteMenu
DestroyMenu
GetSystemMetrics
SetRect
GetIconInfo
SetClipboardViewer
LoadImageW
GetDC
FillRect
DrawIconEx
ReleaseDC
DestroyIcon
GetDlgItem
SetPropW
ShowWindow
GetClientRect
GetPropW
CharNextW
LoadIconW
LoadCursorW
DispatchMessageW
DestroyWindow
PostQuitMessage
MessageBoxW
PostMessageW
FindWindowW
RegisterClassExW
CreateWindowExW
UpdateWindow
TranslateMessage
DispatchMessageA
GetMessageW
SetTimer

gdi32

DeleteObject
GetDIBits
CreateBitmap
CreateCompatibleDC
SelectObject
DeleteDC
GetStockObject
CreateDIBSection

advapi32

DeleteService
GetUserNameW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
ImpersonateLoggedOnUser
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
FreeSid
RegEnumValueW
CreateServiceW
CloseServiceHandle
OpenSCManagerW
OpenServiceW
GetTokenInformation
EqualSid
CreateProcessAsUserW
RegOpenKeyW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
StartServiceW
QueryServiceStatus
SetFileSecurityW
AllocateAndInitializeSid
SetEntriesInAclW

shell32

ShellExecuteW
DragQueryFileW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ord165

ole32

CoCreateGuid
StringFromGUID2
ReleaseStgMedium
CoCreateInstance
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

RegisterTypeLi
UnRegisterTypeLi
SysFreeString
SysStringLen
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
SysAllocString

gdiplus

GdipGetImageEncodersSize
GdipGetImageEncoders
GdipSaveImageToFile
GdipFree
GdipAlloc
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdiplusStartup

shlwapi

wvnsprintfA
wnsprintfA
StrChrA
SHDeleteValueW
SHDeleteKeyW
PathFindFileNameW
PathFileExistsW
wnsprintfW
PathAppendW
PathFindExtensionW
PathAddBackslashW
StrStrW
StrCmpNW
StrStrIW
PathIsDirectoryW
SHSetValueW
SHGetValueW
StrChrW
PathRemoveFileSpecW
SHGetValueA
wvnsprintfW
StrCmpNIW

wtsapi32

WTSQueryUserToken

ws2_32

sendto
htons
WSAStartup
socket

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

psapi

GetProcessImageFileNameW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
ExecClient

Sections

.text
Size: 478KB - Virtual size: 478KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
siriuv32.dll
.dll windows:5 windows x86 arch:x86

1664b77df688484166e272a0b4ceeb0a

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9a:8d:51:93:ad:a3:d1:83:88:37:1c:62:5d:61:e4:87:e9:9d:05:47:ac:59:69:e8:bd:31:f2:fc:b1:c0:6a:96
Signer

Actual PE Digest

9a:8d:51:93:ad:a3:d1:83:88:37:1c:62:5d:61:e4:87:e9:9d:05:47:ac:59:69:e8:bd:31:f2:fc:b1:c0:6a:96

Digest Algorithm

sha256

PE Digest Matches

true

63:be:f0:ba:50:c9:2e:0c:e4:8f:be:c0:ae:70:03:9d:71:55:c3:cd
Signer

Actual PE Digest

63:be:f0:ba:50:c9:2e:0c:e4:8f:be:c0:ae:70:03:9d:71:55:c3:cd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\po\trunk\modules\hestia\Release\siriuv32.pdb

Imports

ntdll

NtQueryVirtualMemory

kernel32

lstrcpynA
lstrcpynW
GetCurrentProcess
GetLocalTime
lstrlenW
VirtualQuery
InterlockedIncrement
lstrlenA
LeaveCriticalSection
EnterCriticalSection
MoveFileW
lstrcmpiW
GetModuleHandleW
ExitProcess
TerminateThread
DisableThreadLibraryCalls
GetLastError
Sleep
lstrcmpA
lstrcmpW
GetCurrentProcessId
DeleteCriticalSection
GetProcAddress
CreateThread
LoadLibraryW
CloseHandle
GetCurrentThread
SetEvent
OutputDebugStringW
CreateEventW
GetModuleHandleA
WaitForSingleObject
GetTempPathW
WriteConsoleW
GetConsoleCP
FlushFileBuffers
SetStdHandle
HeapSize
GetConsoleMode
DecodePointer
GetStringTypeW
HeapReAlloc
GetFileType
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
EnumSystemLocalesW
GetUserDefaultLCID
InitializeCriticalSection
GetModuleFileNameW
InterlockedCompareExchange
GetCurrentThreadId
VirtualProtect
ResumeThread
FlushInstructionCache
SetThreadContext
GetThreadContext
VirtualFree
SuspendThread
VirtualAlloc
SetLastError
FreeLibrary
LoadLibraryExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
HeapFree
WriteFile
SetEndOfFile
FindClose
CreateFileW
GetFileAttributesW
OpenEventW
GetACP
CreateToolhelp32Snapshot
MultiByteToWideChar
GetFileAttributesExW
FileTimeToSystemTime
DeleteFileW
lstrcpyA
HeapAlloc
Module32FirstW
SetFilePointerEx
LocalFree
GetProcessHeap
SystemTimeToFileTime
CopyFileW
WideCharToMultiByte
lstrcpyW
Module32NextW
GetTickCount
EncodePointer
RaiseException
InterlockedFlushSList
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
GetModuleFileNameA
LCMapStringW
GetLocaleInfoW
IsValidLocale

user32

CharLowerBuffW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowThreadProcessId
IsWindow
GetForegroundWindow
GetClassNameW

shlwapi

StrStrIA
StrStrIW
StrStrA
StrStrW
wnsprintfA
PathRemoveFileSpecW
wvnsprintfW
PathAppendW
PathFindFileNameW
PathFileExistsW
StrChrA
SHGetValueW
StrChrW
SHSetValueW
SHDeleteValueW
wvnsprintfA
PathIsDirectoryW
StrCatW
wnsprintfW

version

GetFileVersionInfoW
VerQueryValueW

advapi32

SetEntriesInAclW
SetSecurityDescriptorDacl
GetUserNameW
RegEnumValueW
RegOpenKeyExW
InitializeSecurityDescriptor
FreeSid
RegEnumKeyExW
AllocateAndInitializeSid
SetFileSecurityW
RegCloseKey

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
ord165

ole32

CoTaskMemFree
CoCreateGuid

Exports

Exports

F0AE3357

Sections

.text
Size: 369KB - Virtual size: 369KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
siriuv64.dll
.dll windows:5 windows x64 arch:x64

e22a046379c2024986aa7506fb8be16d

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:ea:b1:f7:25:a5:f8:d5:9a:de:16:b5:66:7e:83:b5:0e:9c:0b:fa:3d:b8:f9:c0:85:57:2f:1c:77:b8:06:e1
Signer

Actual PE Digest

47:ea:b1:f7:25:a5:f8:d5:9a:de:16:b5:66:7e:83:b5:0e:9c:0b:fa:3d:b8:f9:c0:85:57:2f:1c:77:b8:06:e1

Digest Algorithm

sha256

PE Digest Matches

true

09:63:65:41:a6:ef:50:f6:53:4d:f7:16:ea:8b:de:11:14:78:56:76
Signer

Actual PE Digest

09:63:65:41:a6:ef:50:f6:53:4d:f7:16:ea:8b:de:11:14:78:56:76

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\po\trunk\modules\hestia\Release\siriuv64.pdb

Imports

ntdll

NtQueryVirtualMemory

kernel32

DecodePointer
lstrcpynA
lstrcpynW
GetCurrentProcess
GetLocalTime
lstrlenW
VirtualQuery
lstrlenA
LeaveCriticalSection
EnterCriticalSection
MoveFileW
lstrcmpiW
GetModuleHandleW
ExitProcess
TerminateThread
DisableThreadLibraryCalls
GetLastError
Sleep
lstrcmpA
lstrcmpW
GetCurrentProcessId
DeleteCriticalSection
GetProcAddress
CreateThread
LoadLibraryW
CloseHandle
GetCurrentThread
SetEvent
OutputDebugStringW
CreateEventW
GetModuleHandleA
WaitForSingleObject
GetTempPathW
InitializeCriticalSection
WaitForSingleObjectEx
WriteConsoleW
GetConsoleCP
FlushFileBuffers
SetStdHandle
HeapSize
GetConsoleMode
GetStringTypeW
HeapReAlloc
GetFileType
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
GetModuleFileNameW
ResetEvent
Module32FirstW
GetCurrentThreadId
VirtualProtect
ResumeThread
FlushInstructionCache
SetThreadContext
GetThreadContext
VirtualFree
SuspendThread
VirtualAlloc
SetLastError
FreeLibrary
LoadLibraryExW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
HeapFree
WriteFile
SetEndOfFile
FindClose
CreateFileW
GetFileAttributesW
OpenEventW
GetACP
CreateToolhelp32Snapshot
MultiByteToWideChar
GetFileAttributesExW
FileTimeToSystemTime
DeleteFileW
lstrcpyA
HeapAlloc
SetFilePointerEx
LocalFree
GetProcessHeap
SystemTimeToFileTime
CopyFileW
WideCharToMultiByte
lstrcpyW
Module32NextW
GetTickCount
RtlPcToFileHeader
EncodePointer
RaiseException
RtlUnwindEx
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
GetModuleFileNameA
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindFirstFileExA

user32

CharLowerBuffW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowThreadProcessId
IsWindow
GetForegroundWindow
GetClassNameW

shlwapi

PathFileExistsW
PathFindFileNameW
PathAppendW
StrStrIW
StrStrA
StrStrW
wnsprintfA
PathRemoveFileSpecW
wvnsprintfW
StrChrA
SHGetValueW
StrChrW
SHSetValueW
SHDeleteValueW
wvnsprintfA
PathIsDirectoryW
StrCatW
wnsprintfW
StrStrIA

version

VerQueryValueW
GetFileVersionInfoW

advapi32

GetUserNameW
RegEnumValueW
RegOpenKeyExW
InitializeSecurityDescriptor
FreeSid
RegEnumKeyExW
SetEntriesInAclW
AllocateAndInitializeSid
SetFileSecurityW
RegCloseKey
SetSecurityDescriptorDacl

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
ord165

ole32

CoTaskMemFree
CoCreateGuid

Exports

Exports

F0AE3357

Sections

.text
Size: 440KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
skin/bakviewer
.zip
backup.png
.png
backup_menu.xml
backup_menu_console.xml
bakmgr.xml
.xml
clear.png
.png
close.png
.png
close_h.png
.png
close_p.png
.png
decrypt.png
.png
delete.png
.png
desktop.png
.png
directory.png
.png
download.png
.png
drive.png
.png
execute.png
.png
file_menu.xml
list_header_bg.png
.png
list_header_sep.png
.png
listitem_general.xml
.xml
recover.png
.png
refresh.png
.png
scroll.png
.png
treeview_expand.png
.png
skin/clientinfo
.zip
clear.png
.png
clientinfo.png
.png
clientinfownd.xml
.xml
close.png
.png
close_h.png
.png
close_p.png
.png
copycid.png
.png
delbtn.png
.png
delbtn_h.png
.png
edit_ci.png
.png
edit_hardware.png
.png
editinput.png
.png
editinput1.png
.png
hardwarecustomwnd.xml
.xml
import_rule.png
.png
initinfownd.xml
.xml
savebtn.png
.png
savebtn_h.png
.png
scroll.png
.png
search.png
.png
treeview_expand.png
.png
view_reqcode.png
.png
view_rule.png
.png
skin/dtescanner
.zip
ListItem.xml
.xml
btnbk_normal.png
.png
btnnormal.png
.png
btnnormal_h.png
.png
checkbox.png
.png
checkbox_hover.png
.png
checkbox_sel.png
.png
clientinfo.png
.png
close.png
.png
close_h.png
.png
close_p.png
.png
directory.png
.png
dtescanner.png
.png
dtescanner.xml
.xml
scroll.png
.png
skin/enced_normal.ico
skin/enced_offline.ico
skin/enced_unauthorized.ico
skin/gxlogo.png
.png
skin/gxonecli
.zip
account.png
.png
account_h.png
.png
addcustomtoolwnd.xml
.xml
addimage.png
.png
addoninfo.png
.png
addoninfo_item.xml
.xml
addoninfownd.xml
.xml
addtool.png
.png
addtooltitle.png
.png
backup.png
.png
btnbk_normal.png
.png
btnnormal.png
.png
btnnormal_h.png
.png
burnrequest.png
.png
changedep.png
.png
changeinfo.png
.png
checkbox.png
.png
checkbox_h.png
.png
checkbox_s.png
.png
clearrule.png
.png
client.png
.png
client_h.png
.png
clientcaseviewer.png
.png
close.png
.png
close_h.png
.png
close_p.png
.png
combo.png
.png
copycid.png
.png
decfile.png
.png
decmailreq.png
.png
decrypt.png
.png
docwmadd.png
.png
docwmremove.png
.png
dtemigrate.png
.png
dteproc_item.xml
.xml
dtescanner.png
.png
dtestate.png
.png
dtestatewnd.xml
.xml
edit_border.png
.png
edit_border_h.png
.png
encfile.png
.png
gooxion_blue.png
.png
gooxion_orange.png
.png
gxonecliwnd.xml
.xml
item_button.xml
.xml
keymanage.png
.png
localtool.png
.png
login.png
.png
login_background.jpg
.jpg
logoff.png
.png
menu.xml
.xml
netshare.png
.png
officemode.png
.png
offline.png
.png
patchdown.png
.png
personmode.png
.png
pochat.png
.png
posoftmgr.png
.png
rcsess_item.xml
.xml
rcsesswnd.xml
.xml
remotecontrolrequest.png
.png
search.png
.png
showappqrcode.png
.png
sscanner.png
.png
sscreator.png
.png
updaterule.png
.png
usbwrite.png
.png
userloginwnd.xml
.xml
view.png
.png
webtool.png
.png
worksheet.png
.png
ztapps.png
.png
skin/pochat
.zip
add_session_friend.png
.png
avatar_admin.png
.png
avatar_admin_42.png
.png
avatar_admin_offline.png
.png
avatar_client.png
.png
avatar_client_42.png
.png
avatar_client_offline.png
.png
chatarea.xml
.xml
chatbk.png
.png
chatwnd.xml
.xml
cms_failed.png
.png
cms_ok.png
.png
cms_sending.png
.png
emoji.png
.png
emoji_active.png
.png
emoji_hover.png
.png
listitem_friend.xml
.xml
listitem_friendmsg.xml
.xml
listitem_mymsg.xml
.xml
listitem_session.xml
.xml
more.png
.png
screenshot.png
.png
screenshot_active.png
.png
screenshot_hover.png
.png
scrollbar.png
.png
send_file.png
.png
send_file_active.png
.png
send_file_hover.png
.png
tabbar_chat.png
.png
tabbar_chat_pressed.png
.png
tabbar_config.png
.png
tabbar_config_hover.png
.png
tabbar_friend.png
.png
tabbar_friend_pressed.png
.png
topbar_close.png
.png
topbar_close_click.png
.png
topbar_close_hover.png
.png
skin/posoftmgr
.zip
skin/shlext
.zip
skin/sscannerwnd
.zip
skin/sscreator
.zip
skin/sswallpaper.jpg
.jpg
skin/wfchost
.zip
skin/wfviewer
.zip
skin/woumgr
.zip
sqlcipher32.dll
.dll windows:5 windows x86 arch:x86

11ef71a9e5186f8b4096ae75c3b760e9

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:2d:cc:39:18:5a:9c:0b:9a:4e:98:4b:ba:9b:8e:e3
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:2d:8c:51:24:3c:49:35:1a:b9:89:cc:ef:19:b5:29
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5c:2d:ba:3b:61:40:48:27:81:41:b9:50:a9:39:e5:f5:b7:d2:e6:e4:fb:53:99:52:c4:2f:8f:5d:f5:e2:2b:07
Signer

Actual PE Digest

5c:2d:ba:3b:61:40:48:27:81:41:b9:50:a9:39:e5:f5:b7:d2:e6:e4:fb:53:99:52:c4:2f:8f:5d:f5:e2:2b:07

Digest Algorithm

sha256

PE Digest Matches

true

1d:64:5f:8f:ec:94:c9:9f:3a:89:20:cc:e6:5a:ff:1c:17:e7:a3:e0
Signer

Actual PE Digest

1d:64:5f:8f:ec:94:c9:9f:3a:89:20:cc:e6:5a:ff:1c:17:e7:a3:e0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\libs\sqlcipher\project\Release\sqlcipher32.pdb

Imports

kernel32

GetFullPathNameW
GetFullPathNameA
HeapReAlloc
CreateFileA
GetFileSize
CreateMutexW
HeapCompact
SetFilePointer
TryEnterCriticalSection
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FreeLibrary
HeapAlloc
SystemTimeToFileTime
QueryPerformanceCounter
HeapFree
WaitForSingleObject
InterlockedCompareExchange
UnlockFile
FlushViewOfFile
LockFile
WaitForSingleObjectEx
OutputDebugStringW
GetTickCount
UnlockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
Sleep
FormatMessageW
GetVersionExW
HeapDestroy
LeaveCriticalSection
GetFileAttributesA
HeapCreate
HeapValidate
GetFileAttributesW
ReadFile
CreateFileW
MultiByteToWideChar
VirtualUnlock
FlushFileBuffers
GetTempPathW
GetLastError
GetProcAddress
HeapSize
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
VirtualLock
GetSystemInfo
GetFileAttributesExW
DeleteCriticalSection
GetCurrentThreadId
OutputDebugStringA
GetVersionExA
CloseHandle
DeleteFileW
GetCurrentProcessId
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetModuleHandleA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
IsValidCodePage
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
GetCPInfo
InitializeCriticalSectionAndSpinCount
GetEnvironmentStringsW
ExitThread
CreateThread
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualFree
VirtualAlloc
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameA
GetTimeZoneInformation
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW

libeay32

ord363
ord2572
ord3877
ord188
ord298
ord315
ord181
ord2602
ord259
ord3844
ord3816
ord3315
ord464
ord964
ord3212
ord3313
ord3873
ord3783
ord2915
ord3019
ord2784
ord3782
ord333
ord4515
ord3836
ord2201
ord965
ord2747

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_cancel_auto_extension
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_close_v2
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_config
sqlite3_db_filename
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_readonly
sqlite3_db_release_memory
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_errstr
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_rtree_geometry_callback
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_step
sqlite3_stmt_busy
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_strglob
sqlite3_stricmp
sqlite3_strnicmp
sqlite3_table_column_metadata
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_uri_boolean
sqlite3_uri_int64
sqlite3_uri_parameter
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vtab_config
sqlite3_vtab_on_conflict
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_set_directory
sqlite3_win32_sleep
sqlite3_win32_utf8_to_mbcs
sqlite3_win32_write_debug

Sections

.text
Size: 427KB - Virtual size: 426KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sqlcipher64.dll
.dll windows:5 windows x64 arch:x64

744f480b483346d8c57ec6b10f070f06

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:2d:cc:39:18:5a:9c:0b:9a:4e:98:4b:ba:9b:8e:e3
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:2d:8c:51:24:3c:49:35:1a:b9:89:cc:ef:19:b5:29
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d0:f0:a7:67:d7:7d:20:34:ec:a4:c1:5a:51:8d:b6:ff:99:89:60:f4:e0:72:58:28:0f:b6:ef:99:7f:06:6b:0c
Signer

Actual PE Digest

d0:f0:a7:67:d7:7d:20:34:ec:a4:c1:5a:51:8d:b6:ff:99:89:60:f4:e0:72:58:28:0f:b6:ef:99:7f:06:6b:0c

Digest Algorithm

sha256

PE Digest Matches

true

9a:72:ad:df:08:3a:c9:66:03:bc:6d:be:6f:e1:ab:ee:96:72:f6:f4
Signer

Actual PE Digest

9a:72:ad:df:08:3a:c9:66:03:bc:6d:be:6f:e1:ab:ee:96:72:f6:f4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\libs\sqlcipher\project\Release\sqlcipher64.pdb

Imports

kernel32

GetFullPathNameW
GetFullPathNameA
HeapReAlloc
CreateFileA
GetFileSize
CreateMutexW
HeapCompact
SetFilePointer
TryEnterCriticalSection
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FreeLibrary
HeapAlloc
SystemTimeToFileTime
QueryPerformanceCounter
HeapFree
WaitForSingleObject
UnlockFile
FlushViewOfFile
LockFile
WaitForSingleObjectEx
OutputDebugStringW
GetTickCount
UnlockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
Sleep
FormatMessageW
GetVersionExW
HeapDestroy
LeaveCriticalSection
GetFileAttributesA
HeapCreate
HeapValidate
GetFileAttributesW
ReadFile
CreateFileW
MultiByteToWideChar
VirtualUnlock
FlushFileBuffers
GetTempPathW
GetLastError
GetProcAddress
HeapSize
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
VirtualLock
GetSystemInfo
GetFileAttributesExW
DeleteCriticalSection
GetCurrentThreadId
OutputDebugStringA
GetVersionExA
CloseHandle
DeleteFileW
GetCurrentProcessId
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
CompareStringW
CompareStringA
SetStdHandle
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
IsValidCodePage
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
GetCPInfo
InitializeCriticalSectionAndSpinCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
ExitThread
CreateThread
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapSetInformation
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameA
GetTimeZoneInformation
SetHandleCount
GetFileType
GetStartupInfoA
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
RtlUnwindEx
FreeEnvironmentStringsA

libeay64

ord363
ord2572
ord3877
ord188
ord298
ord315
ord181
ord2602
ord259
ord3844
ord3816
ord3315
ord464
ord964
ord3212
ord3313
ord3873
ord3783
ord2915
ord2747
ord2784
ord3782
ord333
ord4515
ord3836
ord2201
ord965
ord3019

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_cancel_auto_extension
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_close_v2
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_config
sqlite3_db_filename
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_readonly
sqlite3_db_release_memory
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_errstr
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_rtree_geometry_callback
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_step
sqlite3_stmt_busy
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_strglob
sqlite3_stricmp
sqlite3_strnicmp
sqlite3_table_column_metadata
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_uri_boolean
sqlite3_uri_int64
sqlite3_uri_parameter
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vtab_config
sqlite3_vtab_on_conflict
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_set_directory
sqlite3_win32_sleep
sqlite3_win32_utf8_to_mbcs
sqlite3_win32_write_debug

Sections

.text
Size: 547KB - Virtual size: 546KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sscanner32.dll
.dll windows:5 windows x86 arch:x86

20a1de01a9cc51c4a7be8f173018467b

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:2b:48:16:42:b7:85:24:39:38:65:e4:17:7b:1d:0a:22:82:df:33:a8:40:3d:82:16:56:57:68:a0:f0:f5:25
Signer

Actual PE Digest

0c:2b:48:16:42:b7:85:24:39:38:65:e4:17:7b:1d:0a:22:82:df:33:a8:40:3d:82:16:56:57:68:a0:f0:f5:25

Digest Algorithm

sha256

PE Digest Matches

true

c6:be:23:ee:d8:69:ba:42:f3:f4:4c:c6:a6:d8:2b:45:85:6b:f1:c3
Signer

Actual PE Digest

c6:be:23:ee:d8:69:ba:42:f3:f4:4c:c6:a6:d8:2b:45:85:6b:f1:c3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\sscanner\Release\sscanner32.pdb

Imports

kernel32

lstrcmpiW
GetFileAttributesW
GetTickCount
CreateThread
GetCurrentProcessId
GetLocalTime
GetModuleFileNameW
Sleep
SetEvent
LocalFree
FileTimeToLocalFileTime
LocalAlloc
FileTimeToSystemTime
DeleteFileW
CloseHandle
GetProcAddress
GetLastError
GetTempPathW
LoadLibraryW
GetModuleHandleW
WaitForSingleObject
GetVersionExW
lstrcpyW
lstrcpynW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
InterlockedExchange
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetLocaleInfoW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
VirtualAlloc
DeleteCriticalSection
VirtualFree
HeapDestroy
HeapCreate
ExitProcess
HeapSize
LCMapStringW
DisableThreadLibraryCalls
lstrcmpiA
lstrcmpA
lstrlenW
SetLastError
GetModuleHandleA
GetCurrentThreadId
lstrcpyA
CreateFileA
FindFirstFileW
lstrlenA
VirtualQuery
lstrcpynA
CreateProcessW
HeapAlloc
SystemTimeToFileTime
GetCurrentProcess
HeapFree
GetLogicalDrives
WriteFile
InitializeCriticalSection
OpenProcess
WideCharToMultiByte
LeaveCriticalSection
TerminateProcess
ReadFile
CreateFileW
GetACP
lstrcmpW
MultiByteToWideChar
GetCurrentDirectoryW
EnterCriticalSection
FindClose
LoadLibraryA
Process32FirstW
CreateEventW
QueryDosDeviceW
Module32FirstW
Process32NextW
lstrcatW
FindNextFileW
CreateToolhelp32Snapshot
GetFileAttributesExW
OpenEventW
Module32NextW
GetWindowsDirectoryW
OutputDebugStringW
SetFilePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
RaiseException
RtlUnwind
HeapReAlloc
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA

advapi32

SetSecurityDescriptorDacl
SetEntriesInAclW
FreeSid
ControlService
InitializeSecurityDescriptor
StartServiceW
QueryServiceStatus
AllocateAndInitializeSid
LogonUserW
GetUserNameW
CloseServiceHandle
OpenSCManagerW
OpenServiceW
QueryServiceConfig2W
EnumServicesStatusW
QueryServiceConfigW

shell32

ord165
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW

ole32

CoUninitialize
CoCreateGuid
CoTaskMemFree
CoInitialize
CoCreateInstance

netapi32

NetUserSetInfo
NetUserGetInfo
NetApiBufferFree

iphlpapi

GetExtendedTcpTable

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain

crypt32

CertGetNameStringW

shlwapi

StrCatBuffW
StrStrW
PathFindFileNameW
StrStrIW
PathFileExistsW
PathAppendW
StrCatW
SHSetValueW
StrCmpNIW
SHGetValueW
StrChrW
wvnsprintfW
wnsprintfA
wvnsprintfA
PathIsDirectoryW
PathRemoveFileSpecW
wnsprintfW
PathMatchSpecW

ws2_32

inet_ntoa
htons

psapi

GetProcessImageFileNameW

Exports

Exports

DbgProc

Sections

.text
Size: 246KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sscanner64.dll
.dll windows:5 windows x64 arch:x64

85a713c4fcaf508085e1c9441b7a4ac7

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

da:3b:73:4e:2c:9b:cb:2d:7a:67:4f:17:19:6b:5e:17:0e:30:57:7e:94:de:4a:6f:4e:df:4d:8e:a0:f7:dc:bb
Signer

Actual PE Digest

da:3b:73:4e:2c:9b:cb:2d:7a:67:4f:17:19:6b:5e:17:0e:30:57:7e:94:de:4a:6f:4e:df:4d:8e:a0:f7:dc:bb

Digest Algorithm

sha256

PE Digest Matches

true

2e:5d:fb:9b:11:9e:92:a1:cf:2f:69:f4:77:a1:31:f9:8c:6f:fa:7c
Signer

Actual PE Digest

2e:5d:fb:9b:11:9e:92:a1:cf:2f:69:f4:77:a1:31:f9:8c:6f:fa:7c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\sscanner\Release\sscanner64.pdb

Imports

kernel32

lstrcmpiW
GetFileAttributesW
GetTickCount
CreateThread
GetCurrentProcessId
GetLocalTime
GetModuleFileNameW
Sleep
SetEvent
LocalFree
FileTimeToLocalFileTime
LocalAlloc
FileTimeToSystemTime
DeleteFileW
CloseHandle
GetProcAddress
GetLastError
GetTempPathW
LoadLibraryW
GetModuleHandleW
WaitForSingleObject
GetVersionExW
lstrcpyW
lstrcpynW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetLocaleInfoW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetFileType
SetHandleCount
HeapDestroy
HeapCreate
HeapSetInformation
ExitProcess
HeapSize
LCMapStringW
LCMapStringA
IsValidCodePage
DisableThreadLibraryCalls
lstrcmpiA
lstrcmpA
lstrlenW
SetLastError
GetModuleHandleA
GetCurrentThreadId
lstrcpyA
CreateFileA
FindFirstFileW
lstrlenA
VirtualQuery
lstrcpynA
CreateProcessW
HeapAlloc
SystemTimeToFileTime
GetCurrentProcess
HeapFree
GetLogicalDrives
WriteFile
InitializeCriticalSection
OpenProcess
WideCharToMultiByte
LeaveCriticalSection
TerminateProcess
ReadFile
CreateFileW
GetACP
lstrcmpW
MultiByteToWideChar
GetCurrentDirectoryW
EnterCriticalSection
FindClose
LoadLibraryA
Process32FirstW
CreateEventW
QueryDosDeviceW
Module32FirstW
Process32NextW
lstrcatW
FindNextFileW
CreateToolhelp32Snapshot
GetFileAttributesExW
OpenEventW
Module32NextW
GetWindowsDirectoryW
OutputDebugStringW
SetFilePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
HeapReAlloc
GetStdHandle
GetModuleFileNameA
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
GetCPInfo
GetOEMCP

advapi32

SetSecurityDescriptorDacl
SetEntriesInAclW
FreeSid
ControlService
InitializeSecurityDescriptor
StartServiceW
QueryServiceStatus
AllocateAndInitializeSid
LogonUserW
GetUserNameW
CloseServiceHandle
OpenSCManagerW
OpenServiceW
QueryServiceConfig2W
EnumServicesStatusW
QueryServiceConfigW

shell32

SHGetSpecialFolderLocation
ShellExecuteExW
SHGetPathFromIDListW
ord165

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoCreateGuid
CoTaskMemFree

netapi32

NetUserSetInfo
NetApiBufferFree
NetUserGetInfo

iphlpapi

GetExtendedTcpTable

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WinVerifyTrust

crypt32

CertGetNameStringW

shlwapi

StrStrW
PathFindFileNameW
StrStrIW
PathFileExistsW
PathAppendW
PathMatchSpecW
StrCatBuffW
StrCatW
SHSetValueW
StrCmpNIW
SHGetValueW
StrChrW
wvnsprintfW
wnsprintfA
wvnsprintfA
PathIsDirectoryW
wnsprintfW
PathRemoveFileSpecW

ws2_32

htons
inet_ntoa

psapi

GetProcessImageFileNameW

Exports

Exports

DbgProc

Sections

.text
Size: 346KB - Virtual size: 346KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ssleay32.dll
.dll windows:5 windows x86 arch:x86

bb97df0f2e9321ec4e2256179b5b9c2c

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

09:9d:1a:13:bd:f7:cb:77:51:1e:e5:cd:06:e1:2d:24
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

08/08/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:ae:6d:bb:e5:f1:95:e4:e1:77:47:a4:ee:de:a4:f1
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

08/08/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cd:3a:68:99:e7:bb:00:bd:39:9b:f9:5a:13:73:94:60:51:9a:e9:94:6f:ef:f4:3d:65:32:7d:f3:a1:f3:76:ba
Signer

Actual PE Digest

cd:3a:68:99:e7:bb:00:bd:39:9b:f9:5a:13:73:94:60:51:9a:e9:94:6f:ef:f4:3d:65:32:7d:f3:a1:f3:76:ba

Digest Algorithm

sha256

PE Digest Matches

true

0a:c6:da:50:f9:52:74:4e:d3:9a:8b:8c:49:f7:fd:c0:62:9a:30:29
Signer

Actual PE Digest

0a:c6:da:50:f9:52:74:4e:d3:9a:8b:8c:49:f7:fd:c0:62:9a:30:29

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\libs\openssl-1.0.2o\out32dll\ssleay32.pdb

Imports

libeay32

ord2894
ord2927
ord2784
ord256
ord168
ord2747
ord961
ord167
ord169
ord3844
ord3837
ord3896
ord2201
ord904
ord176
ord282
ord572
ord3165
ord3489
ord1071
ord2925
ord268
ord316
ord363
ord2712
ord4164
ord493
ord4262
ord3719
ord216
ord333
ord4125
ord4470
ord1010
ord4046
ord3682
ord2877
ord3711
ord129
ord124
ord1000
ord125
ord150
ord205
ord486
ord484
ord577
ord763
ord907
ord87
ord3450
ord2107
ord2063
ord283
ord3418
ord481
ord323
ord2915
ord3836
ord3873
ord1096
ord1097
ord3244
ord3874
ord3816
ord3888
ord109
ord2589
ord78
ord95
ord3891
ord89
ord1145
ord1144
ord3906
ord1081
ord2292
ord3823
ord3846
ord187
ord3857
ord267
ord3675
ord3737
ord3633
ord3631
ord3664
ord3479
ord1011
ord341
ord1012
ord503
ord359
ord365
ord4684
ord3192
ord3388
ord3528
ord2568
ord3312
ord3922
ord2898
ord264
ord266
ord3067
ord3313
ord3314
ord4210
ord4701
ord653
ord4692
ord3925
ord541
ord2702
ord3124
ord4372
ord4144
ord4174
ord2400
ord3782
ord1202
ord193
ord3866
ord3704
ord3758
ord3767
ord3647
ord3766
ord3365
ord4114
ord3460
ord3783
ord3454
ord3754
ord3394
ord897
ord3414
ord3495
ord3610
ord67
ord65
ord53
ord3315
ord3826
ord3559
ord3399
ord636
ord2257
ord914
ord2478
ord626
ord890
ord1004
ord3527
ord4513
ord364
ord2051
ord206
ord497
ord85
ord58
ord630
ord628
ord1041
ord1007
ord1005
ord4331
ord1027
ord3437
ord629
ord892
ord74
ord248
ord3378
ord1655
ord575
ord1025
ord246
ord1100
ord4693
ord2135
ord622
ord679
ord2524
ord3505
ord3595
ord1023
ord2451
ord623
ord657
ord401
ord93
ord911
ord3396
ord3657
ord857
ord908
ord680
ord1016
ord2204
ord3205
ord624
ord128
ord4045
ord2475
ord368
ord367
ord370
ord369
ord887
ord889
ord891
ord4320
ord4383
ord315
ord1671
ord1147
ord189
ord314
ord956
ord280
ord2181
ord399
ord748
ord279
ord400
ord751
ord750
ord394
ord774
ord1959
ord37
ord35
ord824
ord822
ord8
ord1091
ord3700
ord3623
ord718
ord7
ord716
ord703
ord2426
ord86
ord88
ord3724
ord313
ord1101
ord293
ord3914
ord3807
ord3795
ord4740
ord4731
ord4656
ord4637
ord4615
ord4601
ord2996
ord3155
ord959
ord325
ord329
ord318
ord304
ord292
ord299
ord395
ord955
ord2252
ord91
ord247
ord225
ord4578
ord4572
ord4576
ord4570
ord4573
ord4582
ord4575
ord4577
ord4584
ord4580
ord4581
ord2572
ord3899
ord276
ord274
ord964
ord965
ord2411
ord754
ord910
ord641
ord912
ord909
ord635
ord52
ord290
ord498
ord219
ord3666
ord4474
ord4369
ord66
ord464
ord490
ord3245
ord654
ord967
ord2128
ord281
ord118
ord201
ord123
ord202
ord3663
ord3512
ord3459
ord2924
ord3010
ord2578
ord3644
ord2929
ord3422
ord3513
ord170
ord165
ord4119
ord4245
ord4488
ord222
ord32
ord1070
ord4233
ord4430
ord866
ord2630
ord2760
ord4540
ord203
ord3353
ord3729
ord3480
ord3608
ord3550
ord3575
ord3570
ord3695
ord3178
ord188
ord111
ord110
ord151
ord285
ord3239
ord120
ord181
ord3883
ord3109
ord269
ord2936
ord495
ord2821
ord289
ord252
ord1654
ord1653
ord905
ord98
ord903

kernel32

CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CloseHandle
HeapSize
SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LoadLibraryA
VirtualAlloc
HeapReAlloc
HeapAlloc
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapDestroy
HeapCreate
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
WriteFile
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GetModuleHandleW
HeapFree
Sleep
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetModuleHandleA
GetProcAddress
IsDebuggerPresent
GetCurrentProcess
TerminateProcess
GetCommandLineA
GetCurrentThreadId
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
GetLastError
GetSystemTime
SystemTimeToFileTime
SetLastError

Exports

Exports

BIO_f_ssl
BIO_new_buffer_ssl_connect
BIO_new_ssl
BIO_new_ssl_connect
BIO_ssl_copy_session_id
BIO_ssl_shutdown
DTLS_client_method
DTLS_method
DTLS_server_method
DTLSv1_2_client_method
DTLSv1_2_method
DTLSv1_2_server_method
DTLSv1_client_method
DTLSv1_method
DTLSv1_server_method
ERR_load_SSL_strings
PEM_read_SSL_SESSION
PEM_read_bio_SSL_SESSION
PEM_write_SSL_SESSION
PEM_write_bio_SSL_SESSION
SRP_Calc_A_param
SRP_generate_client_master_secret
SRP_generate_server_master_secret
SSL_CIPHER_description
SSL_CIPHER_find
SSL_CIPHER_get_bits
SSL_CIPHER_get_id
SSL_CIPHER_get_name
SSL_CIPHER_get_version
SSL_COMP_add_compression_method
SSL_COMP_free_compression_methods
SSL_COMP_get_compression_methods
SSL_COMP_get_name
SSL_COMP_set0_compression_methods
SSL_CONF_CTX_clear_flags
SSL_CONF_CTX_finish
SSL_CONF_CTX_free
SSL_CONF_CTX_new
SSL_CONF_CTX_set1_prefix
SSL_CONF_CTX_set_flags
SSL_CONF_CTX_set_ssl
SSL_CONF_CTX_set_ssl_ctx
SSL_CONF_cmd
SSL_CONF_cmd_argv
SSL_CONF_cmd_value_type
SSL_CTX_SRP_CTX_free
SSL_CTX_SRP_CTX_init
SSL_CTX_add_client_CA
SSL_CTX_add_client_custom_ext
SSL_CTX_add_server_custom_ext
SSL_CTX_add_session
SSL_CTX_callback_ctrl
SSL_CTX_check_private_key
SSL_CTX_ctrl
SSL_CTX_flush_sessions
SSL_CTX_free
SSL_CTX_get0_certificate
SSL_CTX_get0_param
SSL_CTX_get0_privatekey
SSL_CTX_get_cert_store
SSL_CTX_get_client_CA_list
SSL_CTX_get_client_cert_cb
SSL_CTX_get_ex_data
SSL_CTX_get_ex_new_index
SSL_CTX_get_info_callback
SSL_CTX_get_quiet_shutdown
SSL_CTX_get_ssl_method
SSL_CTX_get_timeout
SSL_CTX_get_verify_callback
SSL_CTX_get_verify_depth
SSL_CTX_get_verify_mode
SSL_CTX_load_verify_locations
SSL_CTX_new
SSL_CTX_remove_session
SSL_CTX_sess_get_get_cb
SSL_CTX_sess_get_new_cb
SSL_CTX_sess_get_remove_cb
SSL_CTX_sess_set_get_cb
SSL_CTX_sess_set_new_cb
SSL_CTX_sess_set_remove_cb
SSL_CTX_sessions
SSL_CTX_set1_param
SSL_CTX_set_alpn_protos
SSL_CTX_set_alpn_select_cb
SSL_CTX_set_cert_cb
SSL_CTX_set_cert_store
SSL_CTX_set_cert_verify_callback
SSL_CTX_set_cipher_list
SSL_CTX_set_client_CA_list
SSL_CTX_set_client_cert_cb
SSL_CTX_set_client_cert_engine
SSL_CTX_set_cookie_generate_cb
SSL_CTX_set_cookie_verify_cb
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_set_default_verify_paths
SSL_CTX_set_ex_data
SSL_CTX_set_generate_session_id
SSL_CTX_set_info_callback
SSL_CTX_set_msg_callback
SSL_CTX_set_next_proto_select_cb
SSL_CTX_set_next_protos_advertised_cb
SSL_CTX_set_psk_client_callback
SSL_CTX_set_psk_server_callback
SSL_CTX_set_purpose
SSL_CTX_set_quiet_shutdown
SSL_CTX_set_session_id_context
SSL_CTX_set_srp_cb_arg
SSL_CTX_set_srp_client_pwd_callback
SSL_CTX_set_srp_password
SSL_CTX_set_srp_strength
SSL_CTX_set_srp_username
SSL_CTX_set_srp_username_callback
SSL_CTX_set_srp_verify_param_callback
SSL_CTX_set_ssl_version
SSL_CTX_set_timeout
SSL_CTX_set_tlsext_use_srtp
SSL_CTX_set_tmp_dh_callback
SSL_CTX_set_tmp_ecdh_callback
SSL_CTX_set_tmp_rsa_callback
SSL_CTX_set_trust
SSL_CTX_set_verify
SSL_CTX_set_verify_depth
SSL_CTX_use_PrivateKey
SSL_CTX_use_PrivateKey_ASN1
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_RSAPrivateKey
SSL_CTX_use_RSAPrivateKey_ASN1
SSL_CTX_use_RSAPrivateKey_file
SSL_CTX_use_certificate
SSL_CTX_use_certificate_ASN1
SSL_CTX_use_certificate_chain_file
SSL_CTX_use_certificate_file
SSL_CTX_use_psk_identity_hint
SSL_CTX_use_serverinfo
SSL_CTX_use_serverinfo_file
SSL_SESSION_free
SSL_SESSION_get0_peer
SSL_SESSION_get_compress_id
SSL_SESSION_get_ex_data
SSL_SESSION_get_ex_new_index
SSL_SESSION_get_id
SSL_SESSION_get_time
SSL_SESSION_get_timeout
SSL_SESSION_new
SSL_SESSION_print
SSL_SESSION_print_fp
SSL_SESSION_set1_id_context
SSL_SESSION_set_ex_data
SSL_SESSION_set_time
SSL_SESSION_set_timeout
SSL_SRP_CTX_free
SSL_SRP_CTX_init
SSL_accept
SSL_add_client_CA
SSL_add_dir_cert_subjects_to_stack
SSL_add_file_cert_subjects_to_stack
SSL_alert_desc_string
SSL_alert_desc_string_long
SSL_alert_type_string
SSL_alert_type_string_long
SSL_cache_hit
SSL_callback_ctrl
SSL_certs_clear
SSL_check_chain
SSL_check_private_key
SSL_clear
SSL_connect
SSL_copy_session_id
SSL_ctrl
SSL_do_handshake
SSL_dup
SSL_dup_CA_list
SSL_export_keying_material
SSL_extension_supported
SSL_free
SSL_get0_alpn_selected
SSL_get0_next_proto_negotiated
SSL_get0_param
SSL_get1_session
SSL_get_SSL_CTX
SSL_get_certificate
SSL_get_cipher_list
SSL_get_ciphers
SSL_get_client_CA_list
SSL_get_current_cipher
SSL_get_current_compression
SSL_get_current_expansion
SSL_get_default_timeout
SSL_get_error
SSL_get_ex_data
SSL_get_ex_data_X509_STORE_CTX_idx
SSL_get_ex_new_index
SSL_get_fd
SSL_get_finished
SSL_get_info_callback
SSL_get_peer_cert_chain
SSL_get_peer_certificate
SSL_get_peer_finished
SSL_get_privatekey
SSL_get_psk_identity
SSL_get_psk_identity_hint
SSL_get_quiet_shutdown
SSL_get_rbio
SSL_get_read_ahead
SSL_get_rfd
SSL_get_selected_srtp_profile
SSL_get_servername
SSL_get_servername_type
SSL_get_session
SSL_get_shared_ciphers
SSL_get_shared_sigalgs
SSL_get_shutdown
SSL_get_sigalgs
SSL_get_srp_N
SSL_get_srp_g
SSL_get_srp_userinfo
SSL_get_srp_username
SSL_get_srtp_profiles
SSL_get_ssl_method
SSL_get_verify_callback
SSL_get_verify_depth
SSL_get_verify_mode
SSL_get_verify_result
SSL_get_version
SSL_get_wbio
SSL_get_wfd
SSL_has_matching_session_id
SSL_is_server
SSL_library_init
SSL_load_client_CA_file
SSL_load_error_strings
SSL_new
SSL_peek
SSL_pending
SSL_read
SSL_renegotiate
SSL_renegotiate_abbreviated
SSL_renegotiate_pending
SSL_rstate_string
SSL_rstate_string_long
SSL_select_next_proto
SSL_set1_param
SSL_set_SSL_CTX
SSL_set_accept_state
SSL_set_alpn_protos
SSL_set_bio
SSL_set_cert_cb
SSL_set_cipher_list
SSL_set_client_CA_list
SSL_set_connect_state
SSL_set_debug
SSL_set_ex_data
SSL_set_fd
SSL_set_generate_session_id
SSL_set_info_callback
SSL_set_msg_callback
SSL_set_psk_client_callback
SSL_set_psk_server_callback
SSL_set_purpose
SSL_set_quiet_shutdown
SSL_set_read_ahead
SSL_set_rfd
SSL_set_session
SSL_set_session_id_context
SSL_set_session_secret_cb
SSL_set_session_ticket_ext
SSL_set_session_ticket_ext_cb
SSL_set_shutdown
SSL_set_srp_server_param
SSL_set_srp_server_param_pw
SSL_set_ssl_method
SSL_set_state
SSL_set_tlsext_use_srtp
SSL_set_tmp_dh_callback
SSL_set_tmp_ecdh_callback
SSL_set_tmp_rsa_callback
SSL_set_trust
SSL_set_verify
SSL_set_verify_depth
SSL_set_verify_result
SSL_set_wfd
SSL_shutdown
SSL_srp_server_param_with_username
SSL_state
SSL_state_string
SSL_state_string_long
SSL_use_PrivateKey
SSL_use_PrivateKey_ASN1
SSL_use_PrivateKey_file
SSL_use_RSAPrivateKey
SSL_use_RSAPrivateKey_ASN1
SSL_use_RSAPrivateKey_file
SSL_use_certificate
SSL_use_certificate_ASN1
SSL_use_certificate_file
SSL_use_psk_identity_hint
SSL_version
SSL_want
SSL_write
SSLv23_client_method
SSLv23_method
SSLv23_server_method
SSLv2_client_method
SSLv2_method
SSLv2_server_method
SSLv3_client_method
SSLv3_method
SSLv3_server_method
TLSv1_1_client_method
TLSv1_1_method
TLSv1_1_server_method
TLSv1_2_client_method
TLSv1_2_method
TLSv1_2_server_method
TLSv1_client_method
TLSv1_method
TLSv1_server_method
d2i_SSL_SESSION
i2d_SSL_SESSION
ssl3_ciphers

Sections

.text
Size: 245KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ssleay64.dll
.dll windows:5 windows x64 arch:x64

e1dea7569813bf7f47c70de61bfd4400

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:2d:cc:39:18:5a:9c:0b:9a:4e:98:4b:ba:9b:8e:e3
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:2d:8c:51:24:3c:49:35:1a:b9:89:cc:ef:19:b5:29
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5e:32:1b:2f:09:51:17:12:b7:8d:17:f3:10:b1:c6:24:a2:44:17:15:c8:b5:a7:e6:bf:80:9f:9d:13:6d:66:8f
Signer

Actual PE Digest

5e:32:1b:2f:09:51:17:12:b7:8d:17:f3:10:b1:c6:24:a2:44:17:15:c8:b5:a7:e6:bf:80:9f:9d:13:6d:66:8f

Digest Algorithm

sha256

PE Digest Matches

true

64:b3:ff:7b:f2:40:07:45:98:9b:22:67:3e:92:43:4d:b1:e8:fd:df
Signer

Actual PE Digest

64:b3:ff:7b:f2:40:07:45:98:9b:22:67:3e:92:43:4d:b1:e8:fd:df

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\libs\openssl-1.0.2o\out32dll\ssleay64.pdb

Imports

libeay64

ord2927
ord2784
ord256
ord168
ord2747
ord961
ord167
ord169
ord3844
ord3837
ord3896
ord2201
ord904
ord176
ord282
ord572
ord3165
ord3489
ord1071
ord2925
ord268
ord316
ord363
ord2712
ord4164
ord493
ord4262
ord3719
ord216
ord333
ord4125
ord4470
ord1010
ord4046
ord3682
ord2877
ord3711
ord129
ord124
ord1000
ord125
ord150
ord205
ord486
ord484
ord577
ord763
ord907
ord87
ord3450
ord2107
ord2063
ord283
ord3418
ord481
ord323
ord2915
ord3836
ord3873
ord1096
ord1097
ord3244
ord3874
ord3816
ord3888
ord109
ord2589
ord78
ord95
ord3891
ord89
ord1145
ord1144
ord3906
ord1081
ord2292
ord3823
ord3846
ord3866
ord2400
ord3857
ord187
ord267
ord3633
ord3631
ord3675
ord3737
ord1011
ord341
ord1012
ord503
ord3664
ord3479
ord359
ord365
ord4684
ord3192
ord3388
ord3528
ord2568
ord3312
ord3922
ord2898
ord264
ord266
ord3067
ord3313
ord3314
ord4210
ord4701
ord653
ord4692
ord3925
ord541
ord2702
ord3124
ord4372
ord4144
ord4174
ord3782
ord1202
ord193
ord3704
ord3758
ord3767
ord3647
ord3766
ord3365
ord4114
ord3460
ord3783
ord3454
ord3754
ord3394
ord897
ord3414
ord3495
ord3610
ord67
ord65
ord53
ord98
ord2894
ord3559
ord3399
ord636
ord2257
ord914
ord2478
ord626
ord890
ord1004
ord3527
ord4513
ord364
ord2051
ord206
ord497
ord85
ord58
ord630
ord628
ord1041
ord1007
ord1005
ord4331
ord1027
ord3437
ord629
ord892
ord74
ord248
ord3378
ord1655
ord575
ord1025
ord246
ord1100
ord4693
ord2135
ord622
ord679
ord2524
ord3505
ord3595
ord1023
ord2451
ord623
ord657
ord401
ord93
ord911
ord3396
ord3657
ord857
ord908
ord680
ord1016
ord2204
ord3205
ord624
ord128
ord4045
ord2475
ord368
ord367
ord370
ord369
ord887
ord889
ord891
ord4320
ord4383
ord315
ord1671
ord1147
ord189
ord314
ord956
ord280
ord2181
ord399
ord748
ord279
ord400
ord751
ord750
ord394
ord774
ord1959
ord37
ord35
ord824
ord822
ord8
ord1091
ord3700
ord3623
ord718
ord7
ord716
ord703
ord2426
ord86
ord88
ord3724
ord313
ord1101
ord293
ord3914
ord3807
ord3795
ord4740
ord4731
ord4656
ord4637
ord4615
ord4601
ord2996
ord3155
ord959
ord325
ord329
ord318
ord304
ord292
ord299
ord395
ord955
ord2252
ord91
ord247
ord225
ord4578
ord4572
ord4576
ord4570
ord4573
ord4582
ord4575
ord4577
ord4584
ord4580
ord4581
ord3315
ord2572
ord3899
ord276
ord274
ord964
ord965
ord2411
ord754
ord910
ord641
ord912
ord909
ord635
ord52
ord290
ord498
ord219
ord3666
ord4474
ord4369
ord66
ord464
ord490
ord3245
ord654
ord967
ord2128
ord281
ord118
ord201
ord123
ord202
ord3663
ord3512
ord3459
ord2924
ord3010
ord2578
ord3644
ord2929
ord3422
ord3513
ord170
ord165
ord4119
ord4245
ord4488
ord222
ord32
ord1070
ord4233
ord4430
ord866
ord2630
ord2760
ord4540
ord203
ord3353
ord3729
ord3480
ord3608
ord3550
ord3575
ord3570
ord3695
ord3178
ord188
ord111
ord110
ord151
ord285
ord3239
ord120
ord181
ord3883
ord3109
ord269
ord2936
ord495
ord2821
ord289
ord252
ord1654
ord1653
ord905
ord3826
ord903

kernel32

CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CloseHandle
HeapSize
SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LoadLibraryA
HeapReAlloc
HeapAlloc
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
HeapSetInformation
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
WriteFile
FlsAlloc
FlsFree
FlsGetValue
DecodePointer
EncodePointer
ExitProcess
GetProcAddress
GetModuleHandleW
HeapFree
Sleep
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
RtlUnwindEx
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
GetCurrentProcess
TerminateProcess
GetCommandLineA
FlsSetValue
GetCurrentThreadId
RtlCaptureContext
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
GetLastError
GetSystemTime
SystemTimeToFileTime
SetLastError

Exports

Exports

BIO_f_ssl
BIO_new_buffer_ssl_connect
BIO_new_ssl
BIO_new_ssl_connect
BIO_ssl_copy_session_id
BIO_ssl_shutdown
DTLS_client_method
DTLS_method
DTLS_server_method
DTLSv1_2_client_method
DTLSv1_2_method
DTLSv1_2_server_method
DTLSv1_client_method
DTLSv1_method
DTLSv1_server_method
ERR_load_SSL_strings
PEM_read_SSL_SESSION
PEM_read_bio_SSL_SESSION
PEM_write_SSL_SESSION
PEM_write_bio_SSL_SESSION
SRP_Calc_A_param
SRP_generate_client_master_secret
SRP_generate_server_master_secret
SSL_CIPHER_description
SSL_CIPHER_find
SSL_CIPHER_get_bits
SSL_CIPHER_get_id
SSL_CIPHER_get_name
SSL_CIPHER_get_version
SSL_COMP_add_compression_method
SSL_COMP_free_compression_methods
SSL_COMP_get_compression_methods
SSL_COMP_get_name
SSL_COMP_set0_compression_methods
SSL_CONF_CTX_clear_flags
SSL_CONF_CTX_finish
SSL_CONF_CTX_free
SSL_CONF_CTX_new
SSL_CONF_CTX_set1_prefix
SSL_CONF_CTX_set_flags
SSL_CONF_CTX_set_ssl
SSL_CONF_CTX_set_ssl_ctx
SSL_CONF_cmd
SSL_CONF_cmd_argv
SSL_CONF_cmd_value_type
SSL_CTX_SRP_CTX_free
SSL_CTX_SRP_CTX_init
SSL_CTX_add_client_CA
SSL_CTX_add_client_custom_ext
SSL_CTX_add_server_custom_ext
SSL_CTX_add_session
SSL_CTX_callback_ctrl
SSL_CTX_check_private_key
SSL_CTX_ctrl
SSL_CTX_flush_sessions
SSL_CTX_free
SSL_CTX_get0_certificate
SSL_CTX_get0_param
SSL_CTX_get0_privatekey
SSL_CTX_get_cert_store
SSL_CTX_get_client_CA_list
SSL_CTX_get_client_cert_cb
SSL_CTX_get_ex_data
SSL_CTX_get_ex_new_index
SSL_CTX_get_info_callback
SSL_CTX_get_quiet_shutdown
SSL_CTX_get_ssl_method
SSL_CTX_get_timeout
SSL_CTX_get_verify_callback
SSL_CTX_get_verify_depth
SSL_CTX_get_verify_mode
SSL_CTX_load_verify_locations
SSL_CTX_new
SSL_CTX_remove_session
SSL_CTX_sess_get_get_cb
SSL_CTX_sess_get_new_cb
SSL_CTX_sess_get_remove_cb
SSL_CTX_sess_set_get_cb
SSL_CTX_sess_set_new_cb
SSL_CTX_sess_set_remove_cb
SSL_CTX_sessions
SSL_CTX_set1_param
SSL_CTX_set_alpn_protos
SSL_CTX_set_alpn_select_cb
SSL_CTX_set_cert_cb
SSL_CTX_set_cert_store
SSL_CTX_set_cert_verify_callback
SSL_CTX_set_cipher_list
SSL_CTX_set_client_CA_list
SSL_CTX_set_client_cert_cb
SSL_CTX_set_client_cert_engine
SSL_CTX_set_cookie_generate_cb
SSL_CTX_set_cookie_verify_cb
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_set_default_verify_paths
SSL_CTX_set_ex_data
SSL_CTX_set_generate_session_id
SSL_CTX_set_info_callback
SSL_CTX_set_msg_callback
SSL_CTX_set_next_proto_select_cb
SSL_CTX_set_next_protos_advertised_cb
SSL_CTX_set_psk_client_callback
SSL_CTX_set_psk_server_callback
SSL_CTX_set_purpose
SSL_CTX_set_quiet_shutdown
SSL_CTX_set_session_id_context
SSL_CTX_set_srp_cb_arg
SSL_CTX_set_srp_client_pwd_callback
SSL_CTX_set_srp_password
SSL_CTX_set_srp_strength
SSL_CTX_set_srp_username
SSL_CTX_set_srp_username_callback
SSL_CTX_set_srp_verify_param_callback
SSL_CTX_set_ssl_version
SSL_CTX_set_timeout
SSL_CTX_set_tlsext_use_srtp
SSL_CTX_set_tmp_dh_callback
SSL_CTX_set_tmp_ecdh_callback
SSL_CTX_set_tmp_rsa_callback
SSL_CTX_set_trust
SSL_CTX_set_verify
SSL_CTX_set_verify_depth
SSL_CTX_use_PrivateKey
SSL_CTX_use_PrivateKey_ASN1
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_RSAPrivateKey
SSL_CTX_use_RSAPrivateKey_ASN1
SSL_CTX_use_RSAPrivateKey_file
SSL_CTX_use_certificate
SSL_CTX_use_certificate_ASN1
SSL_CTX_use_certificate_chain_file
SSL_CTX_use_certificate_file
SSL_CTX_use_psk_identity_hint
SSL_CTX_use_serverinfo
SSL_CTX_use_serverinfo_file
SSL_SESSION_free
SSL_SESSION_get0_peer
SSL_SESSION_get_compress_id
SSL_SESSION_get_ex_data
SSL_SESSION_get_ex_new_index
SSL_SESSION_get_id
SSL_SESSION_get_time
SSL_SESSION_get_timeout
SSL_SESSION_new
SSL_SESSION_print
SSL_SESSION_print_fp
SSL_SESSION_set1_id_context
SSL_SESSION_set_ex_data
SSL_SESSION_set_time
SSL_SESSION_set_timeout
SSL_SRP_CTX_free
SSL_SRP_CTX_init
SSL_accept
SSL_add_client_CA
SSL_add_dir_cert_subjects_to_stack
SSL_add_file_cert_subjects_to_stack
SSL_alert_desc_string
SSL_alert_desc_string_long
SSL_alert_type_string
SSL_alert_type_string_long
SSL_cache_hit
SSL_callback_ctrl
SSL_certs_clear
SSL_check_chain
SSL_check_private_key
SSL_clear
SSL_connect
SSL_copy_session_id
SSL_ctrl
SSL_do_handshake
SSL_dup
SSL_dup_CA_list
SSL_export_keying_material
SSL_extension_supported
SSL_free
SSL_get0_alpn_selected
SSL_get0_next_proto_negotiated
SSL_get0_param
SSL_get1_session
SSL_get_SSL_CTX
SSL_get_certificate
SSL_get_cipher_list
SSL_get_ciphers
SSL_get_client_CA_list
SSL_get_current_cipher
SSL_get_current_compression
SSL_get_current_expansion
SSL_get_default_timeout
SSL_get_error
SSL_get_ex_data
SSL_get_ex_data_X509_STORE_CTX_idx
SSL_get_ex_new_index
SSL_get_fd
SSL_get_finished
SSL_get_info_callback
SSL_get_peer_cert_chain
SSL_get_peer_certificate
SSL_get_peer_finished
SSL_get_privatekey
SSL_get_psk_identity
SSL_get_psk_identity_hint
SSL_get_quiet_shutdown
SSL_get_rbio
SSL_get_read_ahead
SSL_get_rfd
SSL_get_selected_srtp_profile
SSL_get_servername
SSL_get_servername_type
SSL_get_session
SSL_get_shared_ciphers
SSL_get_shared_sigalgs
SSL_get_shutdown
SSL_get_sigalgs
SSL_get_srp_N
SSL_get_srp_g
SSL_get_srp_userinfo
SSL_get_srp_username
SSL_get_srtp_profiles
SSL_get_ssl_method
SSL_get_verify_callback
SSL_get_verify_depth
SSL_get_verify_mode
SSL_get_verify_result
SSL_get_version
SSL_get_wbio
SSL_get_wfd
SSL_has_matching_session_id
SSL_is_server
SSL_library_init
SSL_load_client_CA_file
SSL_load_error_strings
SSL_new
SSL_peek
SSL_pending
SSL_read
SSL_renegotiate
SSL_renegotiate_abbreviated
SSL_renegotiate_pending
SSL_rstate_string
SSL_rstate_string_long
SSL_select_next_proto
SSL_set1_param
SSL_set_SSL_CTX
SSL_set_accept_state
SSL_set_alpn_protos
SSL_set_bio
SSL_set_cert_cb
SSL_set_cipher_list
SSL_set_client_CA_list
SSL_set_connect_state
SSL_set_debug
SSL_set_ex_data
SSL_set_fd
SSL_set_generate_session_id
SSL_set_info_callback
SSL_set_msg_callback
SSL_set_psk_client_callback
SSL_set_psk_server_callback
SSL_set_purpose
SSL_set_quiet_shutdown
SSL_set_read_ahead
SSL_set_rfd
SSL_set_session
SSL_set_session_id_context
SSL_set_session_secret_cb
SSL_set_session_ticket_ext
SSL_set_session_ticket_ext_cb
SSL_set_shutdown
SSL_set_srp_server_param
SSL_set_srp_server_param_pw
SSL_set_ssl_method
SSL_set_state
SSL_set_tlsext_use_srtp
SSL_set_tmp_dh_callback
SSL_set_tmp_ecdh_callback
SSL_set_tmp_rsa_callback
SSL_set_trust
SSL_set_verify
SSL_set_verify_depth
SSL_set_verify_result
SSL_set_wfd
SSL_shutdown
SSL_srp_server_param_with_username
SSL_state
SSL_state_string
SSL_state_string_long
SSL_use_PrivateKey
SSL_use_PrivateKey_ASN1
SSL_use_PrivateKey_file
SSL_use_RSAPrivateKey
SSL_use_RSAPrivateKey_ASN1
SSL_use_RSAPrivateKey_file
SSL_use_certificate
SSL_use_certificate_ASN1
SSL_use_certificate_file
SSL_use_psk_identity_hint
SSL_version
SSL_want
SSL_write
SSLv23_client_method
SSLv23_method
SSLv23_server_method
SSLv2_client_method
SSLv2_method
SSLv2_server_method
SSLv3_client_method
SSLv3_method
SSLv3_server_method
TLSv1_1_client_method
TLSv1_1_method
TLSv1_1_server_method
TLSv1_2_client_method
TLSv1_2_method
TLSv1_2_server_method
TLSv1_client_method
TLSv1_method
TLSv1_server_method
d2i_SSL_SESSION
i2d_SSL_SESSION
ssl3_ciphers

Sections

.text
Size: 282KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
swvv32.sys
.sys windows:6 windows x86 arch:x86

54fcb3c39e24c730652eff3f5fee13e3

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9a:94:67:8f:b8:d5:f4:3b:d4:22:b4:6c:53:a3:2c:87:89:98:07:d8
Signer

Actual PE Digest

9a:94:67:8f:b8:d5:f4:3b:d4:22:b4:6c:53:a3:2c:87:89:98:07:d8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\windows\3rd\truecrypt\truecrypt7.1a\driver\obj_driver_release\i386\swvv.pdb

Imports

ntoskrnl.exe

IoAttachDeviceToDeviceStack
ObfDereferenceObject
IoCreateDevice
IoGetAttachedDeviceReference
ExFreePoolWithTag
ExAllocatePoolWithTag
IofCallDriver
IoReleaseRemoveLockEx
PoCallDriver
IoAcquireRemoveLockEx
PoStartNextPowerIrp
IoIsSystemThread
memcpy
MmFreeContiguousMemory
IoFreeMdl
PsSetLoadImageNotifyRoutine
MmBuildMdlForNonPagedPool
IoAllocateMdl
MmAllocateContiguousMemory
PsTerminateSystemThread
_alldiv
KeReleaseMutex
KeWaitForSingleObject
KeSetEvent
IoFreeWorkItem
IoQueueWorkItem
KeInitializeEvent
IoAllocateWorkItem
IoReleaseRemoveLockAndWaitEx
MmMapLockedPagesSpecifyCache
ExfInterlockedRemoveHeadList
KeSetPriorityThread
ZwReadFile
ExfInterlockedInsertTailList
ZwWriteFile
SeImpersonateClientEx
KeClearEvent
_allmul
IoGetDeviceInterfaces
IoRegisterShutdownNotification
IoCreateSymbolicLink
RtlInitUnicodeString
ZwClose
ObReferenceObjectByHandle
PsCreateSystemThread
IoDetachDevice
KeReleaseSemaphore
KeSetTimerEx
KeInitializeTimerEx
wcsncat
SeTokenType
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
ObfReferenceObject
ZwCreateFile
IoBuildSynchronousFsdRequest
IoGetRelatedDeviceObject
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
IofCompleteRequest
KeQueryActiveProcessors
ZwQueryValueKey
ZwOpenKey
SeReleaseSubjectContext
RtlEqualSid
SeQueryInformationToken
SeTokenIsAdmin
SeCaptureSubjectContext
KeInitializeSemaphore
KeQueryInterruptTime
SeCreateClientSecurity
RtlCopySid
RtlLengthSid
IoEnumerateDeviceObjectList
PsGetVersion
ZwSetInformationFile
ZwQueryInformationFile
wcsncpy
wcsstr
_snwprintf
IoFileObjectType
KeTickCount
IoDeleteDevice
IoInitializeRemoveLockEx
memset
KeInitializeMutex
MmMapIoSpace
MmUnmapIoSpace
KeBugCheckEx
KeRestoreFloatingPointState
KeSaveFloatingPointState
_aullshr
_allshl
RtlUnwind
ObOpenObjectByPointer
KeGetCurrentThread

hal

ExAcquireFastMutex
KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock
KeRaiseIrqlToDpcLevel
KfLowerIrql
ExReleaseFastMutex

Exports

Exports

_aes_decrypt@12
_aes_encrypt@12
_aes_hw_cpu_decrypt@8
_aes_hw_cpu_decrypt_32_blocks@8
_aes_hw_cpu_enable_sse@0
_aes_hw_cpu_encrypt@8
_aes_hw_cpu_encrypt_32_blocks@8
_is_aes_hw_cpu_supported@0

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 384B - Virtual size: 321B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 768B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
swvv64.sys
.sys windows:6 windows x64 arch:x64

8c44960299283e3c01ad62236513a070

Code Sign

33:00:00:00:62:f4:5c:f9:9e:58:a9:6a:89:00:00:00:00:00:62
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/04/2023, 19:16

Not After

03/04/2024, 19:16

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a4:b3:0c:bf:f6:35:cd:eb:49:e6:3d:1d:65:2b:c3:f1:ca:f9:bb:7b:f7:f8:69:cc:0a:c9:75:67:e9:18:16:a7
Signer

Actual PE Digest

a4:b3:0c:bf:f6:35:cd:eb:49:e6:3d:1d:65:2b:c3:f1:ca:f9:bb:7b:f7:f8:69:cc:0a:c9:75:67:e9:18:16:a7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

g:\windows\3rd\truecrypt\truecrypt7.1a\driver\obj_driver_release\amd64\swvv.pdb

Imports

ntoskrnl.exe

ExFreePoolWithTag
KeInitializeMutex
PsSetLoadImageNotifyRoutine
IoDeleteDevice
KeSetEvent
IoFreeWorkItem
KeInitializeEvent
IoReleaseRemoveLockEx
KeReleaseSpinLock
MmFreeContiguousMemory
IoDetachDevice
MmUnmapIoSpace
MmBuildMdlForNonPagedPool
IoFreeMdl
KeReleaseMutex
PsTerminateSystemThread
IoAllocateWorkItem
MmMapIoSpace
PoStartNextPowerIrp
IoReleaseRemoveLockAndWaitEx
KeWaitForSingleObject
KeBugCheckEx
IoGetAttachedDeviceReference
IoAttachDeviceToDeviceStack
PoCallDriver
ObfDereferenceObject
IoInitializeRemoveLockEx
IoCreateDevice
IoQueueWorkItem
IoIsSystemThread
IoAllocateMdl
MmAllocateContiguousMemory
IofCallDriver
KeAcquireSpinLockRaiseToDpc
MmMapLockedPagesSpecifyCache
KeClearEvent
ZwReadFile
KeSetPriorityThread
ExInterlockedInsertTailList
SeImpersonateClientEx
ExInterlockedRemoveHeadList
ZwWriteFile
SeTokenIsAdmin
KeQueryActiveProcessors
IoAcquireRemoveLockEx
IoDeleteSymbolicLink
IoRegisterShutdownNotification
IoBuildSynchronousFsdRequest
ZwQuerySymbolicLinkObject
IoGetRelatedDeviceObject
RtlInitUnicodeString
RtlEqualSid
RtlCopySid
MmGetSystemRoutineAddress
wcsncat
ZwOpenSymbolicLinkObject
KeSetTimerEx
SeReleaseSubjectContext
SeCreateClientSecurity
ZwCreateFile
PsCreateSystemThread
IoGetDeviceObjectPointer
ZwQueryValueKey
SeCaptureSubjectContext
ZwClose
IofCompleteRequest
SeQueryInformationToken
KeInitializeSemaphore
ObReferenceObjectByHandle
PsGetVersion
KeReleaseSemaphore
IoGetDeviceInterfaces
ObfReferenceObject
IoCreateSymbolicLink
IoEnumerateDeviceObjectList
KeInitializeTimerEx
RtlLengthSid
SeTokenType
ZwOpenKey
_snwprintf
wcsncpy
ZwSetInformationFile
IoFileObjectType
wcsstr
ZwQueryInformationFile
IoBuildDeviceIoControlRequest
ExAllocatePoolWithTag
ExReleaseFastMutex
ExAcquireFastMutex
__C_specific_handler

Sections

.text
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
swvv64_win7.sys
.sys windows:6 windows x64 arch:x64

8c44960299283e3c01ad62236513a070

Code Sign

01
Certificate

Issuer

CN=Microsoft Authenticode(tm) Root Authority,O=MSFT,C=US

Not Before

01/01/1995, 08:00

Not After

31/12/1999, 23:59

Subject

CN=Microsoft Authenticode(tm) Root Authority,O=MSFT,C=US

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:2d:cc:39:18:5a:9c:0b:9a:4e:98:4b:ba:9b:8e:e3
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Shandong Gooxion Software Co.\,Ltd.,OU=development,O=Shandong Gooxion Software Co.\,Ltd.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

79:ad:16:a1:4a:a0:a5:ad:4c:73:58:f4:07:13:2e:65
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

09/05/2001, 23:19

Not After

09/05/2021, 23:28

Subject

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

72:94:04:10:1f:3e:0c:a3:47:83:7f:ca:17:5a:84:38
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/11/2005, 13:46

Not After

01/11/2025, 13:54

Subject

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

07:ba:8b:49:cd:75:02:7e:da:1d:27:e2:ba:f6:e4:c8:10:55:05:19
Signer

Actual PE Digest

07:ba:8b:49:cd:75:02:7e:da:1d:27:e2:ba:f6:e4:c8:10:55:05:19

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

g:\windows\3rd\truecrypt\truecrypt7.1a\driver\obj_driver_release\amd64\swvv.pdb

Imports

ntoskrnl.exe

ExFreePoolWithTag
KeInitializeMutex
PsSetLoadImageNotifyRoutine
IoDeleteDevice
KeSetEvent
IoFreeWorkItem
KeInitializeEvent
IoReleaseRemoveLockEx
KeReleaseSpinLock
MmFreeContiguousMemory
IoDetachDevice
MmUnmapIoSpace
MmBuildMdlForNonPagedPool
IoFreeMdl
KeReleaseMutex
PsTerminateSystemThread
IoAllocateWorkItem
MmMapIoSpace
PoStartNextPowerIrp
IoReleaseRemoveLockAndWaitEx
KeWaitForSingleObject
KeBugCheckEx
IoGetAttachedDeviceReference
IoAttachDeviceToDeviceStack
PoCallDriver
ObfDereferenceObject
IoInitializeRemoveLockEx
IoCreateDevice
IoQueueWorkItem
IoIsSystemThread
IoAllocateMdl
MmAllocateContiguousMemory
IofCallDriver
KeAcquireSpinLockRaiseToDpc
MmMapLockedPagesSpecifyCache
KeClearEvent
ZwReadFile
KeSetPriorityThread
ExInterlockedInsertTailList
SeImpersonateClientEx
ExInterlockedRemoveHeadList
ZwWriteFile
SeTokenIsAdmin
KeQueryActiveProcessors
IoAcquireRemoveLockEx
IoDeleteSymbolicLink
IoRegisterShutdownNotification
IoBuildSynchronousFsdRequest
ZwQuerySymbolicLinkObject
IoGetRelatedDeviceObject
RtlInitUnicodeString
RtlEqualSid
RtlCopySid
MmGetSystemRoutineAddress
wcsncat
ZwOpenSymbolicLinkObject
KeSetTimerEx
SeReleaseSubjectContext
SeCreateClientSecurity
ZwCreateFile
PsCreateSystemThread
IoGetDeviceObjectPointer
ZwQueryValueKey
SeCaptureSubjectContext
ZwClose
IofCompleteRequest
SeQueryInformationToken
KeInitializeSemaphore
ObReferenceObjectByHandle
PsGetVersion
KeReleaseSemaphore
IoGetDeviceInterfaces
ObfReferenceObject
IoCreateSymbolicLink
IoEnumerateDeviceObjectList
KeInitializeTimerEx
RtlLengthSid
SeTokenType
ZwOpenKey
_snwprintf
wcsncpy
ZwSetInformationFile
IoFileObjectType
wcsstr
ZwQueryInformationFile
IoBuildDeviceIoControlRequest
ExAllocatePoolWithTag
ExReleaseFastMutex
ExAcquireFastMutex
__C_specific_handler

Sections

.text
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
unrar32.dll
.dll windows:5 windows x86 arch:x86

0efe2018091554d20cdb506842e83cb3

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

73:1d:40:ae:3f:3a:1f:b2:bc:3d:83:95
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

25/08/2020, 13:42

Not After

26/08/2023, 13:42

Subject

CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

73:1d:40:ae:3f:3a:1f:b2:bc:3d:83:95
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

25/08/2020, 13:42

Not After

26/08/2023, 13:42

Subject

CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:52:f8:2e:c3:aa:a6:48:a6:cc:c5:33:27:1a:45:8d:c3:d1:f6:e9:65:1c:7c:c2:46:46:6c:77:26:f9:40:54
Signer

Actual PE Digest

5f:52:f8:2e:c3:aa:a6:48:a6:cc:c5:33:27:1a:45:8d:c3:d1:f6:e9:65:1c:7c:c2:46:46:6c:77:26:f9:40:54

Digest Algorithm

sha256

PE Digest Matches

true

c0:b4:07:80:07:20:a1:44:fa:08:e1:8c:01:cb:75:05:bf:3e:a5:f6
Signer

Actual PE Digest

c0:b4:07:80:07:20:a1:44:fa:08:e1:8c:01:cb:75:05:bf:3e:a5:f6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\WinRAR\rar\build\unrardll32\Release\UnRAR.pdb

Imports

kernel32

RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetCurrentProcessId
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
InterlockedDecrement
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
FreeLibrary
GetProcAddress
SetThreadPriority
SetThreadExecutionState
CreateEventW
CreateDirectoryW
GetModuleHandleW
GetSystemDirectoryW
GetProcessAffinityMask
CreateThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
CompareStringW
DecodePointer
WriteConsoleW
SetFilePointerEx
HeapSize
GetConsoleCP
GetProcessHeap
CloseHandle
GetCommandLineW
SetFileTime
DeviceIoControl
GetCurrentProcess
Sleep
SetLastError
GetLastError
AreFileApisANSI
GetConsoleMode
GetStdHandle
GetFileType
LoadLibraryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
SetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
LocalFree
RtlUnwind
RaiseException
InterlockedFlushSList
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
HeapFree
HeapReAlloc
HeapAlloc
GetACP
GetStringTypeW
LCMapStringW

user32

CharUpperW
CharToOemA
OemToCharBuffA
OemToCharA
CharLowerW
CharToOemBuffW

advapi32

CheckTokenMembership
FreeSid
AllocateAndInitializeSid
LookupPrivilegeValueW
SetFileSecurityW
AdjustTokenPrivileges
OpenProcessToken

ole32

CoCreateInstance
CoSetProxyBlanket

oleaut32

VariantClear
SysFreeString
SysAllocString

Exports

Exports

RARCloseArchive
RARGetDllVersion
RAROpenArchive
RAROpenArchiveEx
RARProcessFile
RARProcessFileW
RARReadHeader
RARReadHeaderEx
RARSetCallback
RARSetChangeVolProc
RARSetPassword
RARSetProcessDataProc

Sections

.text
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
unrar64.dll
.dll windows:5 windows x64 arch:x64

e009daf6a5d3c1ff8f576c519f51745c

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

73:1d:40:ae:3f:3a:1f:b2:bc:3d:83:95
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

25/08/2020, 13:42

Not After

26/08/2023, 13:42

Subject

CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

73:1d:40:ae:3f:3a:1f:b2:bc:3d:83:95
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

25/08/2020, 13:42

Not After

26/08/2023, 13:42

Subject

CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7f:fd:91:bc:e8:53:6c:c8:5c:78:c8:0a:38:44:77:b2:bd:41:2f:aa:a0:92:fe:a6:6b:51:7c:c4:e7:ab:5d:d1
Signer

Actual PE Digest

7f:fd:91:bc:e8:53:6c:c8:5c:78:c8:0a:38:44:77:b2:bd:41:2f:aa:a0:92:fe:a6:6b:51:7c:c4:e7:ab:5d:d1

Digest Algorithm

sha256

PE Digest Matches

true

3b:14:34:f6:d8:b2:b7:f0:c9:ac:a1:20:2c:a0:e5:b5:67:60:7f:b3
Signer

Actual PE Digest

3b:14:34:f6:d8:b2:b7:f0:c9:ac:a1:20:2c:a0:e5:b5:67:60:7f:b3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\WinRAR\rar\build\unrardll64\Release\UnRAR64.pdb

Imports

kernel32

RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetCurrentProcessId
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
FreeLibrary
GetProcAddress
SetThreadPriority
SetThreadExecutionState
CreateEventW
CreateDirectoryW
GetModuleHandleW
GetSystemDirectoryW
GetProcessAffinityMask
CreateThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
CompareStringW
WriteConsoleW
SetFilePointerEx
HeapSize
GetConsoleCP
GetProcessHeap
CloseHandle
SetFileTime
DeviceIoControl
GetCurrentProcess
GetCommandLineW
Sleep
SetLastError
GetLastError
AreFileApisANSI
GetConsoleMode
GetStdHandle
GetFileType
LoadLibraryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
SetStdHandle
LCMapStringW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
LocalFree
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
HeapFree
HeapReAlloc
HeapAlloc
GetACP
GetStringTypeW

user32

OemToCharBuffA
CharLowerW
CharUpperW
CharToOemA
CharToOemBuffW
OemToCharA

advapi32

AdjustTokenPrivileges
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
LookupPrivilegeValueW
SetFileSecurityW
OpenProcessToken

ole32

CoCreateInstance
CoSetProxyBlanket

oleaut32

VariantClear
SysFreeString
SysAllocString

Exports

Exports

RARCloseArchive
RARGetDllVersion
RAROpenArchive
RAROpenArchiveEx
RARProcessFile
RARProcessFileW
RARReadHeader
RARReadHeaderEx
RARSetCallback
RARSetChangeVolProc
RARSetPassword
RARSetProcessDataProc

Sections

.text
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
usbmgr32.dll
.dll windows:5 windows x86 arch:x86

80a9ec9307e4e5219f15acbdca5f23b9

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c6:1d:00:bb:00:eb:de:8c:fd:21:75:78:aa:ba:03:07:c8:2a:42:63:e2:2e:88:4c:ef:30:fc:19:d8:e5:54:d1
Signer

Actual PE Digest

c6:1d:00:bb:00:eb:de:8c:fd:21:75:78:aa:ba:03:07:c8:2a:42:63:e2:2e:88:4c:ef:30:fc:19:d8:e5:54:d1

Digest Algorithm

sha256

PE Digest Matches

true

52:67:ec:7c:51:30:36:06:82:c6:da:5f:20:ec:49:d8:85:63:c4:d0
Signer

Actual PE Digest

52:67:ec:7c:51:30:36:06:82:c6:da:5f:20:ec:49:d8:85:63:c4:d0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\usbmgr\Release\usbmgr32.pdb

Imports

kernel32

GetCurrentProcessId
FindFirstVolumeW
GetDiskFreeSpaceExW
DeviceIoControl
SetVolumeLabelW
lstrcmpW
CreateFileW
GetModuleFileNameW
GetVolumePathNamesForVolumeNameW
FindNextVolumeW
GetFileAttributesA
DeleteVolumeMountPointW
GetLogicalDrives
FindVolumeClose
lstrcmpiW
lstrcmpiA
EnterCriticalSection
lstrcpynW
LeaveCriticalSection
InitializeCriticalSection
GetVolumeInformationW
GetLocalTime
SetLastError
GetLastError
GetTempPathW
GetExitCodeProcess
OutputDebugStringW
WaitForSingleObject
CloseHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
InterlockedExchange
GetLocaleInfoA
GetLocaleInfoW
VirtualAlloc
GetSystemTimeAsFileTime
QueryPerformanceCounter
VirtualFree
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
ExitProcess
HeapSize
GetModuleFileNameA
GetStdHandle
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
DisableThreadLibraryCalls
Sleep
lstrcmpA
lstrlenW
GetProcAddress
GetModuleHandleA
GetCurrentThreadId
lstrcpyW
CreateThread
lstrcpyA
CreateFileA
FindFirstFileW
lstrlenA
VirtualQuery
lstrcpynA
CreateProcessW
HeapAlloc
SystemTimeToFileTime
GetCurrentProcess
HeapFree
SetEvent
GetModuleHandleW
GetTickCount
WriteFile
GetDriveTypeA
OpenProcess
WideCharToMultiByte
LoadLibraryW
CopyFileW
GetVersionExW
GetFileAttributesW
TerminateProcess
FileTimeToSystemTime
ReadFile
GetACP
MultiByteToWideChar
GetFileSizeEx
GetCurrentDirectoryW
FindClose
LoadLibraryA
Process32FirstW
ProcessIdToSessionId
QueryDosDeviceW
Module32FirstW
Process32NextW
FindNextFileW
CreateToolhelp32Snapshot
GetFileAttributesExW
OpenEventW
Module32NextW
DeleteFileW
LocalFree
SetFileAttributesW
GetSystemDirectoryW
MoveFileW
GetWindowsDirectoryW
SetFilePointer
CopyFileA
SetFileAttributesA
QueryDosDeviceA
GetVolumeInformationA
GetVolumePathNameA
GetDiskFreeSpaceA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
RaiseException
RtlUnwind
HeapReAlloc
TlsGetValue
TlsAlloc

user32

RegisterWindowMessageW
wsprintfA
wsprintfW
SendMessageTimeoutW
SetPropW
TranslateMessage
IsDialogMessageW
LoadIconW
ShowWindow
CreateDialogParamW
IsWindow
UpdateWindow
GetPropW
DispatchMessageW
DestroyWindow
SetTimer
RemovePropW
GetMessageW
PostQuitMessage

shell32

ord165
SHCreateDirectoryExW
SHChangeNotify
Shell_NotifyIconW

setupapi

CM_Get_Device_IDW
SetupDiGetDeviceInstallParamsW
SetupDiClassGuidsFromNameExW
SetupDiOpenDeviceInfoW
SetupDiSetClassInstallParamsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status
SetupDiCallClassInstaller
SetupDiGetClassDevsExW

shlwapi

StrCmpIW
PathFileExistsA
StrCmpNIA
StrChrA
SHSetValueW
SHGetValueW
StrStrA
StrChrW
PathAddBackslashW
PathRemoveFileSpecW
StrNCatW
PathFindExtensionW
PathIsDirectoryW
wvnsprintfA
wnsprintfW
SHDeleteValueW
PathFileExistsW
PathAppendW
StrStrW
StrStrIW
SHDeleteValueA
wvnsprintfW
PathFindFileNameW
wnsprintfA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

advapi32

OpenSCManagerW
AdjustTokenPrivileges
RegCloseKey
CreateServiceW
CloseServiceHandle
OpenProcessToken
DeleteService
OpenServiceW
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupPrivilegeValueW
StartServiceW
QueryServiceStatus
SetFileSecurityW
AllocateAndInitializeSid
SetEntriesInAclW
RegEnumValueW
FreeSid
GetUserNameW
RevertToSelf
ImpersonateLoggedOnUser
RegOpenKeyExW

ole32

CoCreateGuid

Exports

Exports

MountAsUser

Sections

.text
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
usbmgr64.dll
.dll windows:5 windows x64 arch:x64

dc6c455d2fcc1c460ffea016736c1525

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

72:7c:66:13:b9:d8:6f:ed:dc:12:bf:bb:aa:c7:df:ed:01:1e:59:cc:cd:55:43:35:dc:08:79:ff:b9:ca:77:09
Signer

Actual PE Digest

72:7c:66:13:b9:d8:6f:ed:dc:12:bf:bb:aa:c7:df:ed:01:1e:59:cc:cd:55:43:35:dc:08:79:ff:b9:ca:77:09

Digest Algorithm

sha256

PE Digest Matches

true

bd:f8:51:8b:0d:f5:3a:69:66:30:1e:72:51:86:5f:ae:b5:31:3f:30
Signer

Actual PE Digest

bd:f8:51:8b:0d:f5:3a:69:66:30:1e:72:51:86:5f:ae:b5:31:3f:30

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\usbmgr\Release\usbmgr64.pdb

Imports

kernel32

GetCurrentProcessId
FindFirstVolumeW
GetDiskFreeSpaceExW
DeviceIoControl
SetVolumeLabelW
lstrcmpW
CreateFileW
GetModuleFileNameW
GetVolumePathNamesForVolumeNameW
FindNextVolumeW
GetFileAttributesA
DeleteVolumeMountPointW
GetLogicalDrives
FindVolumeClose
lstrcmpiW
lstrcmpiA
EnterCriticalSection
lstrcpynW
LeaveCriticalSection
InitializeCriticalSection
GetVolumeInformationW
GetLocalTime
SetLastError
GetLastError
GetTempPathW
GetExitCodeProcess
OutputDebugStringW
WaitForSingleObject
CloseHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetLocaleInfoW
GetSystemTimeAsFileTime
QueryPerformanceCounter
HeapDestroy
HeapCreate
HeapSetInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
ExitProcess
HeapSize
GetModuleFileNameA
GetStdHandle
FlsAlloc
FlsFree
FlsGetValue
DecodePointer
EncodePointer
DisableThreadLibraryCalls
Sleep
lstrcmpA
lstrlenW
GetProcAddress
GetModuleHandleA
GetCurrentThreadId
lstrcpyW
CreateThread
lstrcpyA
CreateFileA
FindFirstFileW
lstrlenA
VirtualQuery
lstrcpynA
CreateProcessW
HeapAlloc
SystemTimeToFileTime
GetCurrentProcess
HeapFree
SetEvent
GetModuleHandleW
GetTickCount
WriteFile
GetDriveTypeA
OpenProcess
WideCharToMultiByte
CopyFileW
GetVersionExW
GetFileAttributesW
TerminateProcess
FileTimeToSystemTime
ReadFile
GetACP
MultiByteToWideChar
GetFileSizeEx
GetCurrentDirectoryW
FindClose
LoadLibraryA
Process32FirstW
ProcessIdToSessionId
QueryDosDeviceW
Module32FirstW
Process32NextW
FindNextFileW
CreateToolhelp32Snapshot
GetFileAttributesExW
OpenEventW
Module32NextW
DeleteFileW
LocalFree
SetFileAttributesW
GetSystemDirectoryW
MoveFileW
GetWindowsDirectoryW
SetFilePointer
CopyFileA
SetFileAttributesA
QueryDosDeviceA
GetVolumeInformationA
GetVolumePathNameA
GetDiskFreeSpaceA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
HeapReAlloc

user32

SendMessageTimeoutW
wsprintfA
wsprintfW
PostQuitMessage
RegisterWindowMessageW
SetPropW
TranslateMessage
IsDialogMessageW
LoadIconW
ShowWindow
CreateDialogParamW
IsWindow
UpdateWindow
GetPropW
DispatchMessageW
DestroyWindow
SetTimer
RemovePropW
GetMessageW

shell32

ord165
SHCreateDirectoryExW
SHChangeNotify
Shell_NotifyIconW

setupapi

SetupDiGetDeviceInstallParamsW
SetupDiClassGuidsFromNameExW
SetupDiOpenDeviceInfoW
SetupDiSetClassInstallParamsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status
SetupDiCallClassInstaller
SetupDiGetClassDevsExW
CM_Get_Device_IDW

shlwapi

StrCmpIW
PathFileExistsA
StrCmpNIA
StrChrA
SHSetValueW
SHGetValueW
StrStrA
StrChrW
PathAddBackslashW
PathRemoveFileSpecW
StrNCatW
PathFindExtensionW
PathIsDirectoryW
wvnsprintfA
wnsprintfW
SHDeleteValueW
PathFileExistsW
PathAppendW
StrStrW
StrStrIW
SHDeleteValueA
wvnsprintfW
PathFindFileNameW
wnsprintfA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

advapi32

OpenSCManagerW
AdjustTokenPrivileges
RegCloseKey
CreateServiceW
CloseServiceHandle
OpenProcessToken
DeleteService
OpenServiceW
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupPrivilegeValueW
StartServiceW
QueryServiceStatus
SetFileSecurityW
AllocateAndInitializeSid
SetEntriesInAclW
RegEnumValueW
FreeSid
GetUserNameW
RevertToSelf
ImpersonateLoggedOnUser
RegOpenKeyExW

ole32

CoCreateGuid

Exports

Exports

MountAsUser

Sections

.text
Size: 394KB - Virtual size: 394KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wfchost.exe
.exe windows:5 windows x86 arch:x86

b20d61677e6462e387fd3330701d7050

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

00:a6:f0:e0:25:04:f3:8f:00:3c:35:e6:e0:2d:b8:fc:04:52:63:63:73:a1:79:0f:d3:0b:3e:87:93:c3:e2:8e
Signer

Actual PE Digest

00:a6:f0:e0:25:04:f3:8f:00:3c:35:e6:e0:2d:b8:fc:04:52:63:63:73:a1:79:0f:d3:0b:3e:87:93:c3:e2:8e

Digest Algorithm

sha256

PE Digest Matches

true

39:62:81:9a:bf:64:ab:fe:95:a5:f8:14:34:c5:47:e7:f9:33:d3:51
Signer

Actual PE Digest

39:62:81:9a:bf:64:ab:fe:95:a5:f8:14:34:c5:47:e7:f9:33:d3:51

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\po\trunk\modules\wfchost\Release\wfchost.pdb

Imports

kernel32

LocalAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
OutputDebugStringW
lstrcmpiA
CreateEventW
GetProcAddress
LoadLibraryW
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetLocalTime
SetLastError
GetTempPathW
lstrcmpW
GetFileAttributesW
GetLastError
lstrlenW
GetVolumeInformationW
lstrcpyW
GetDiskFreeSpaceExW
lstrcmpiW
GetExitCodeProcess
CopyFileW
GetDriveTypeA
GetLogicalDrives
WaitForSingleObject
MoveFileExW
GetCurrentProcessId
GetModuleFileNameW
CreateEventA
lstrcmpA
CreateThread
DeleteFileW
DosDateTimeToFileTime
MulDiv
FreeResource
GetSystemDirectoryW
SetFileAttributesA
CopyFileA
GetFileAttributesA
MoveFileW
ResetEvent
GetWindowsDirectoryW
lstrcpyA
SetFileAttributesW
CloseHandle
CreateFileW
ReadFile
lstrcpynW
Sleep
SetEndOfFile
lstrlenA
SetFilePointer
GetFileSize
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
GetStartupInfoW
RaiseException
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
HeapSize
WriteFile
GetStdHandle
GetModuleFileNameA
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetLocaleInfoW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetTempFileNameW
CreateFileA
FindFirstFileW
MapViewOfFile
UnmapViewOfFile
VirtualQuery
lstrcpynA
FindResourceW
LoadResource
CreateProcessW
SystemTimeToFileTime
GlobalSize
GlobalLock
SetEvent
GetProcessHeap
IsBadReadPtr
OpenProcess
GlobalAlloc
SizeofResource
FormatMessageW
GetVersionExW
FileTimeToSystemTime
GlobalUnlock
GetFileSizeEx
GetCurrentDirectoryW
FindClose
Process32FirstW
OpenThread
ProcessIdToSessionId
CreateFileMappingW
LockResource
RemoveDirectoryW
QueryDosDeviceW
DeviceIoControl
Module32FirstW
Process32NextW
GetModuleHandleA
lstrcatW
FindNextFileW
CreateToolhelp32Snapshot
GetFileAttributesExW
OpenEventW
Module32NextW
FileTimeToLocalFileTime
LocalFree
WriteConsoleW

user32

GetClassInfoExW
LoadImageW
UnionRect
OffsetRect
wvsprintfW
SetCursor
IsRectEmpty
MapWindowPoints
ReleaseCapture
GetActiveWindow
GetCursorPos
ReleaseDC
InvalidateRect
IntersectRect
GetDC
GetUpdateRect
PtInRect
BeginPaint
TrackMouseEvent
GetFocus
GetKeyState
SetCapture
EndPaint
GetCaretBlinkTime
SetCaretPos
CreateCaret
GetCaretPos
GetSysColor
ShowCaret
HideCaret
ClientToScreen
GetWindowTextLengthW
SetRect
CharPrevW
DrawTextW
FillRect
GetGUIThreadInfo
CreateAcceleratorTableW
InvalidateRgn
MessageBoxW
IsWindow
GetClientRect
FindWindowW
SetForegroundWindow
MonitorFromWindow
RegisterClassW
GetMonitorInfoW
CharNextW
PostThreadMessageW
wsprintfW
FindWindowA
DialogBoxIndirectParamW
SetFocus
SendDlgItemMessageW
GetDlgItemTextW
SetDlgItemTextW
GetWindow
GetDlgItem
PostMessageW
KillTimer
GetForegroundWindow
IsIconic
SetPropW
GetClassNameW
EndDialog
GetDesktopWindow
EnumChildWindows
IsWindowVisible
PostQuitMessage
ScreenToClient
SetTimer
ShowWindow
CallWindowProcW
MoveWindow
SetWindowPos
wsprintfA
GetWindowRect
BringWindowToTop
GetSystemMetrics
GetParent
GetWindowTextW
EnableWindow
DestroyWindow
GetMessageW
LoadCursorW
TranslateMessage
IsDialogMessageW
RegisterClassExW
CreateDialogIndirectParamW
GetWindowLongW
SetClassLongW
SetWindowLongW
PostMessageA
CreateWindowExW
UpdateWindow
GetPropW
DefWindowProcW
DispatchMessageW
SetWindowTextW
LoadIconW
SendMessageW

shell32

SHBrowseForFolderW
ord165
DragQueryFileW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHOpenFolderAndSelectItems
SHGetDesktopFolder
ShellExecuteW
ShellExecuteExW
ShellExecuteA
SHAppBarMessage

ole32

CoUninitialize
CLSIDFromProgID
OleLockRunning
GetHGlobalFromStream
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateGuid
CoCreateInstance
CoInitialize
CLSIDFromString

netapi32

NetShareAdd

shlwapi

PathRemoveExtensionW
SHDeleteValueA
PathIsDirectoryW
SHDeleteValueW
PathFileExistsW
StrStrW
PathFindFileNameW
PathAddBackslashW
StrStrIW
PathAppendW
PathFindExtensionW
SHGetValueA
PathStripPathW
PathRemoveBackslashW
wnsprintfW
wvnsprintfW
PathRemoveFileSpecW
SHSetValueA
StrChrW
SHGetValueW
SHDeleteKeyW
StrCmpNIW
SHSetValueW
StrChrA
wnsprintfA
StrCmpNIA
wvnsprintfA
PathFileExistsA
SHCreateStreamOnFileW
StrCatBuffW

ws2_32

socket
WSAStartup
sendto

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

psapi

GetProcessImageFileNameW

comctl32

ord17

imm32

ImmReleaseContext
ImmSetCompositionFontW
ImmSetCompositionWindow
ImmGetContext

gdi32

GdiFlush
SetBkColor
StretchBlt
LineTo
GetTextExtentPoint32W
RoundRect
ExtSelectClipRgn
TextOutW
SetTextColor
SetBkMode
CreatePatternBrush
CreateSolidBrush
GetObjectA
GetDeviceCaps
SetWindowOrgEx
SelectClipRgn
GetTextMetricsW
CreateFontIndirectW
CreateCompatibleBitmap
Rectangle
SaveDC
GetObjectW
CreatePen
GetStockObject
RestoreDC
DeleteDC
CreateDIBSection
DeleteObject
SelectObject
CreateCompatibleDC
GetClipBox
CombineRgn
CreateRectRgnIndirect
ExtTextOutW
GetCharABCWidthsW
SetStretchBltMode
BitBlt
CreateRoundRectRgn
CreatePenIndirect
MoveToEx

comdlg32

GetOpenFileNameW

advapi32

OpenServiceW
OpenProcessToken
DeleteService
OpenSCManagerW
CreateServiceW
GetTokenInformation
RegCreateKeyExW
EqualSid
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
StartServiceW
QueryServiceStatus
SetFileSecurityW
AllocateAndInitializeSid
SetEntriesInAclW
RegEnumValueW
FreeSid
RegOpenKeyExW
RegCloseKey
RegSetValueExW
GetUserNameW
ImpersonateLoggedOnUser
RevertToSelf
CloseServiceHandle

oleaut32

VariantClear
SysAllocString
VariantInit
SysFreeString

gdiplus

GdipSetInterpolationMode
GdiplusShutdown
GdipDeleteBrush
GdipFree
GdipCloneBrush
GdipCreateFontFromLogfontA
GdipSetStringFormatLineAlign
GdipSetTextRenderingHint
GdipDeleteFont
GdipCreateBitmapFromScan0
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipSetStringFormatAlign
GdipImageGetFrameCount
GdipDrawImage
GdipSetSmoothingMode
GdipGetFamily
GdipDeleteFontFamily
GdipAlloc
GdipDisposeImage
GdipDrawString
GdipCreateFromHDC
GdipSetCompositingQuality
GdipCreateLineBrushI
GdipGraphicsClear
GdipCloneImage
GdipCreateStringFormat
GdipSetPixelOffsetMode
GdipDeleteStringFormat
GdipCreateFontFromDC
GdiplusStartup
GdipLoadImageFromStream
GdipGetImageHeight
GdipImageGetFrameDimensionsList
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameDimensionsCount
GdipGetImageWidth

Sections

.text
Size: 754KB - Virtual size: 754KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winpcap_inst.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

14:02:ae:ef:0d:31:be:74:3e:73:f6:a7:a9:60:c4:f4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/09/2012, 00:00

Not After

27/10/2015, 23:59

Subject

CN=Riverbed Technology\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Marketing,O=Riverbed Technology\, Inc.,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

be:72:38:f0:32:8c:16:3b:2e:d9:97:ba:f7:42:66:0c:3b:6b:63:df
Signer

Actual PE Digest

be:72:38:f0:32:8c:16:3b:2e:d9:97:ba:f7:42:66:0c:3b:6b:63:df

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
workflow32.dll
.dll windows:5 windows x86 arch:x86

4b4c8df222b382d231f81cbb34f4d27d

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3a:0e:72:6d:95:fc:4d:19:f8:a8:22:aa:d0:4e:99:53:10:a9:e2:6e:8a:e8:4e:0e:2f:e2:2e:a5:1b:be:67:5d
Signer

Actual PE Digest

3a:0e:72:6d:95:fc:4d:19:f8:a8:22:aa:d0:4e:99:53:10:a9:e2:6e:8a:e8:4e:0e:2f:e2:2e:a5:1b:be:67:5d

Digest Algorithm

sha256

PE Digest Matches

true

56:43:cd:21:c0:31:9f:6f:30:d2:aa:25:49:93:7b:22:ff:b1:55:5a
Signer

Actual PE Digest

56:43:cd:21:c0:31:9f:6f:30:d2:aa:25:49:93:7b:22:ff:b1:55:5a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\workflow\Release\workflow32.pdb

Imports

kernel32

CreateEventW
SetLastError
GetLastError
GetTempPathW
Sleep
CloseHandle
ResetEvent
CreateEventA
SetEvent
WaitForSingleObject
GetLocalTime
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
DisableThreadLibraryCalls
OutputDebugStringW
lstrcmpA
CreateFileA
lstrlenA
VirtualQuery
SetEndOfFile
CreateProcessW
HeapAlloc
SystemTimeToFileTime
GetCurrentProcess
HeapFree
GetModuleHandleW
GetTickCount
GetProcessHeap
WriteFile
InitializeCriticalSection
OpenProcess
WideCharToMultiByte
LeaveCriticalSection
lstrcpynW
GetFileAttributesW
TerminateProcess
FileTimeToSystemTime
ReadFile
GetModuleFileNameW
CreateFileW
GetACP
MultiByteToWideChar
lstrlenW
GetProcAddress
EnterCriticalSection
LoadLibraryA
Process32FirstW
ProcessIdToSessionId
Module32FirstW
Process32NextW
lstrcmpiW
GetModuleHandleA
CreateToolhelp32Snapshot
GetFileAttributesExW
OpenEventW
Module32NextW
DeleteFileW
GetCurrentProcessId
LocalFree
lstrcpyW
lstrcpyA
GetCurrentThreadId
CreateThread
GetWindowsDirectoryW
SetFilePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
RaiseException
RtlUnwind
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
GetStdHandle
GetModuleFileNameA
HeapSize
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
VirtualAlloc
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetLocaleInfoW
GetLocaleInfoA
InterlockedExchange
InitializeCriticalSectionAndSpinCount

shlwapi

SHDeleteValueW
wnsprintfW
PathFileExistsW
PathAppendW
PathRemoveFileSpecW
SHGetValueW
SHSetValueW
StrChrA
wnsprintfA
wvnsprintfA
PathIsDirectoryW
wvnsprintfW
PathFindFileNameW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

advapi32

CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
FreeSid
RegEnumValueW
SetEntriesInAclW
AllocateAndInitializeSid
SetFileSecurityW

shell32

ord165

ole32

CoCreateGuid

Sections

.text
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
workflow64.dll
.dll windows:5 windows x64 arch:x64

5b569dd5900cb6a4c7e8a308c1161b83

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:07:64:9b:08:b0:a7:fe:7d:d6:54:a8:f2:f4:29:f6
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:64:5b:14:30:09:e6:10:22:3c:df:48
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/07/2023, 09:48

Not After

14/07/2026, 09:48

Subject

SERIALNUMBER=91370100MA3QA8QF0C,CN=Shandong Gooxion Software Co.\,Ltd.,O=Shandong Gooxion Software Co.\,Ltd.,STREET=舜华路1768号齐鲁软件大厦C604室,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a696e616e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

da:43:14:f8:aa:0e:45:70:19:05:ee:9d:65:b6:7b:c5:23:b9:e9:4e:82:ac:3f:90:c2:a2:00:bc:a7:87:ec:20
Signer

Actual PE Digest

da:43:14:f8:aa:0e:45:70:19:05:ee:9d:65:b6:7b:c5:23:b9:e9:4e:82:ac:3f:90:c2:a2:00:bc:a7:87:ec:20

Digest Algorithm

sha256

PE Digest Matches

true

cf:86:14:1c:a3:99:11:e5:58:24:3a:ec:f7:e7:88:4d:96:d6:30:d9
Signer

Actual PE Digest

cf:86:14:1c:a3:99:11:e5:58:24:3a:ec:f7:e7:88:4d:96:d6:30:d9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\workflow\Release\workflow64.pdb

Imports

kernel32

CreateEventW
SetLastError
GetLastError
GetTempPathW
Sleep
CloseHandle
ResetEvent
CreateEventA
SetEvent
WaitForSingleObject
GetLocalTime
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
DisableThreadLibraryCalls
OutputDebugStringW
lstrcmpA
CreateFileA
lstrlenA
VirtualQuery
SetEndOfFile
CreateProcessW
HeapAlloc
SystemTimeToFileTime
GetCurrentProcess
HeapFree
GetModuleHandleW
GetTickCount
GetProcessHeap
WriteFile
InitializeCriticalSection
OpenProcess
WideCharToMultiByte
LeaveCriticalSection
lstrcpynW
GetFileAttributesW
TerminateProcess
FileTimeToSystemTime
ReadFile
GetModuleFileNameW
CreateFileW
GetACP
MultiByteToWideChar
lstrlenW
GetProcAddress
EnterCriticalSection
LoadLibraryA
Process32FirstW
ProcessIdToSessionId
Module32FirstW
Process32NextW
lstrcmpiW
GetModuleHandleA
CreateToolhelp32Snapshot
GetFileAttributesExW
OpenEventW
Module32NextW
DeleteFileW
GetCurrentProcessId
LocalFree
lstrcpyW
lstrcpyA
GetCurrentThreadId
CreateThread
GetWindowsDirectoryW
SetFilePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
HeapReAlloc
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
GetStdHandle
GetModuleFileNameA
HeapSize
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetLocaleInfoW
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount

shlwapi

SHDeleteValueW
wnsprintfW
PathFileExistsW
PathAppendW
PathRemoveFileSpecW
SHGetValueW
SHSetValueW
StrChrA
wnsprintfA
wvnsprintfA
PathIsDirectoryW
wvnsprintfW
PathFindFileNameW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

advapi32

CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
FreeSid
RegEnumValueW
SetEntriesInAclW
AllocateAndInitializeSid
SetFileSecurityW

shell32

ord165

ole32

CoCreateGuid

Sections

.text
Size: 268KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

57e98d9a5a72c8d7ad8fb7a6a58b3daf

Code Sign

0f:2d:cc:39:18:5a:9c:0b:9a:4e:98:4b:ba:9b:8e:e3Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0a:5b:05:21:b0:1f:8f:a1:fd:1e:2a:e0:34:06:d6:efCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

7a:f4:2d:de:0a:23:51:1f:1d:fa:d2:ae:7b:6d:e3:85:f5:ba:d0:35:11:7f:1e:f6:7a:b5:2c:83:c7:fe:ed:02Signer

43:1a:4d:2d:8a:5b:6d:f8:b8:58:ee:ea:0e:6e:2f:8b:d6:c2:54:44Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 106KB

.ndata Size: - Virtual size: 68KB

.rsrc Size: 94KB - Virtual size: 93KB

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 104B

.reloc Size: 1024B - Virtual size: 636B

ebc2d915841be8afc8fa1ee9f6850960

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 628B

16cdca0a54bf8076dc7e57fab55dbc5b

Code Sign

0f:2d:cc:39:18:5a:9c:0b:9a:4e:98:4b:ba:9b:8e:e3
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0a:5b:05:21:b0:1f:8f:a1:fd:1e:2a:e0:34:06:d6:ef
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

7a:f4:2d:de:0a:23:51:1f:1d:fa:d2:ae:7b:6d:e3:85:f5:ba:d0:35:11:7f:1e:f6:7a:b5:2c:83:c7:fe:ed:02
Signer

43:1a:4d:2d:8a:5b:6d:f8:b8:58:ee:ea:0e:6e:2f:8b:d6:c2:54:44
Signer

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 106KB

.ndata
Size: - Virtual size: 68KB

.rsrc
Size: 94KB - Virtual size: 93KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 636B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 628B

61:20:4d:b4:00:00:00:00:00:27
Certificate

09:25:63:14:06:9e:7e:6a:88:cb:82:30:75:c0:d9:c9
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

80:33:52:e4:67:8a:3f:cd:44:36:99:0d:5f:46:e6:18:26:d1:1b:68:37:71:35:be:c6:85:e9:f2:6a:58:12:39
Signer

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 113KB

.ndata
Size: - Virtual size: 60KB

.rsrc
Size: 17KB - Virtual size: 17KB

ee:6d:f2:fc:b5:4a:8b:58:0c:72:af:81:b4:64:47:1a
Certificate

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

79:76:e2:23:e1:ed:ec:62:c9:50:78:71:8d:ac:be:b6:44:0c:6f:27:cb:1c:b7:74:f8:f8:fd:7f:d6:c9:8e:e9
Signer

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

ee:6d:f2:fc:b5:4a:8b:58:0c:72:af:81:b4:64:47:1a
Certificate

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate