Antivirus_Removal_Tool_2024_08[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Antivirus_Removal_Tool_2024_08.zip
Size

201.0MB
MD5

5cf7f7b7ca442d4bd779f22c53e79d8a
SHA1

a78ac6b361fad4fd8d676b6041dc2e44a6223ed8
SHA256

677b414736df14d831711f1600b401c4be8f1e1379f112380e8540acc03b16e0
SHA512

2edf58495e58611b784a2e39deda727efff9c452cf8ce707e09e8b8b1833b061a763a0045798f237db62b5a0a6cbaa513db497bf9db037d2a1ee138bba43b89b
SSDEEP

6291456:wA8OxUHMY1KAgC0P8Es6n8T7J5c2XWtKvjisBz8:wfgCXncwWtKLiq8

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Tools/eScan/esremove.exe	upx

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Antivirus_Removal_Tool.exe
unpack001/Tools/DrWeb/drw_remover.exe
unpack001/Tools/GData/AVCleaner.exe
unpack002/$1/MSC/McMSCIns.dll
unpack002/$1/VS/SdOASMon.dll
unpack002/$1/VS/VSCore/latest/32/mfehidin.exe
unpack002/$1/VS/VSCore/latest/64/mfehidin.exe
unpack002/$1/WPS/drivers/22.6/x64/mc-sec-installer.exe
unpack002/$1/WPS/drivers/22.6/x64/mc-sec-kernel.dll
unpack002/$1/WPS/drivers/22.6/x64/mc-sec-unprotector.exe
unpack002/$1/WPS/drivers/22.6/x64/mfesec.sys
unpack002/$1/mccleanup.exe
unpack004/out.upx

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/Tools/Mcafee/MCPR.exe	nsis_installer_1
static1/unpack001/Tools/Mcafee/MCPR.exe	nsis_installer_2

Files

Antivirus_Removal_Tool_2024_08.zip
.zip
Antivirus_Removal_Tool.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 891KB - Virtual size: 890KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Settings/settings.xml
Tools/AVG/avgclear.exe
.exe windows:6 windows x86 arch:x86

6422a67cf7280810e405c78e2e395213

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:35:60:3f:7a:88:8a:e1:6c:05:b0:0f:15:3c:c6:fc
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=AVG Technologies USA\, LLC,O=AVG Technologies USA\, LLC,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

Issuer

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Not Before

15/01/2024, 00:00

Not After

14/04/2035, 23:59

Subject

CN=Sectigo Public Time Stamping Signer R35,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

Issuer

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

22/03/2021, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:b1:7a:d4:6a:56:e9:16:d6:fa:b0:bb:cb:33:ff:21:b9:64:7a:fe:74:05:0c:4d:cb:30:88:dc:34:bf:7d:54
Signer

Actual PE Digest

38:b1:7a:d4:6a:56:e9:16:d6:fa:b0:bb:cb:33:ff:21:b9:64:7a:fe:74:05:0c:4d:cb:30:88:dc:34:bf:7d:54

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x86\SfxInst.pdb

Imports

dwmapi

DwmSetWindowAttribute

ntdll

RtlNtStatusToDosError
NtClose
VerSetConditionMask
NtOpenKey
NtQueryKey
NtDeleteKey
RtlCaptureContext
RtlUnwind

kernel32

GetSystemInfo
WriteConsoleW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
SetStdHandle
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetFileType
ExitProcess
GetStdHandle
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
FreeLibraryAndExitThread
ExitThread
InterlockedPushEntrySList
OutputDebugStringW
GetProcAddress
GetModuleHandleW
CloseHandle
SetLastError
GetLastError
CreateFileW
DeviceIoControl
WideCharToMultiByte
MultiByteToWideChar
FindClose
FindFirstFileW
RemoveDirectoryW
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
SetFilePointerEx
GetFileSizeEx
UnmapViewOfFile
ReadFile
GetCurrentProcessId
CreateFileMappingW
MapViewOfFile
OpenFileMappingW
IsWow64Process
GetCurrentProcess
HeapAlloc
GetProcessHeap
GetSystemDirectoryW
lstrcatW
GetModuleHandleA
LocalFree
CreateProcessW
CreateEventW
ResumeThread
GetExitCodeProcess
GetCurrentThread
FindResourceW
SizeofResource
LockResource
LoadResource
GlobalAlloc
GlobalLock
GlobalFree
GlobalUnlock
SetEvent
CreateThread
TerminateThread
GetLocaleInfoW
FreeLibrary
GetCurrentThreadId
FileTimeToSystemTime
GetUserDefaultLangID
LoadLibraryA
ProcessIdToSessionId
OpenProcess
GetCommandLineW
GetFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetSystemTimeAsFileTime
GetNativeSystemInfo
GetPrivateProfileStringW
IsProcessorFeaturePresent
HeapFree
GetModuleHandleExW
InitializeCriticalSectionEx
LCIDToLocaleName
HeapSize
FormatMessageW
GetUserDefaultLCID
HeapReAlloc
DecodePointer
HeapDestroy
WaitForMultipleObjects
WriteFile
ResetEvent
CompareFileTime
LoadLibraryExW
GetFileAttributesExW
TerminateProcess
VerifyVersionInfoW
GetModuleFileNameW
CompareStringW
InitializeCriticalSectionAndSpinCount
RaiseException
GetTickCount
QueryPerformanceFrequency
QueryPerformanceCounter
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
K32GetProcessImageFileNameW
GetPriorityClass
GetProcessTimes
K32GetProcessMemoryInfo
LoadLibraryW
FlushFileBuffers
DeleteFileW
GetFileInformationByHandle
GetFullPathNameW
OutputDebugStringA
TlsAlloc
TlsGetValue
TlsSetValue
CreateSemaphoreW
ReleaseSemaphore
GetVersionExW
ExpandEnvironmentStringsW
GetShortPathNameW
GetFileAttributesW
GetSystemWindowsDirectoryW
GetProcessAffinityMask
GetLongPathNameW
VirtualAlloc
VirtualFree
VirtualProtect
GlobalMemoryStatusEx
GetExitCodeThread
TlsFree
SetFilePointer
SetFileAttributesW
GetFileSize
SetEndOfFile
MoveFileExW
GetWindowsDirectoryW
LockFileEx
DuplicateHandle
SetFileTime
CreateDirectoryW
GetCurrentDirectoryW
FindFirstFileExW
FindNextFileW
QueryDosDeviceW
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
GetEnvironmentVariableW
GetVersion
FindResourceExW
SetEnvironmentVariableW
WriteProcessMemory
UnlockFileEx
CopyFileW
SetFileInformationByHandle
GetDiskFreeSpaceExW
VirtualQuery
GetSystemTimes
GetTickCount64
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringEx
EncodePointer
InitOnceComplete
InitOnceBeginInitialize
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
LoadLibraryExA
WaitForSingleObjectEx
GetStringTypeW
ReleaseSRWLockExclusive

rpcrt4

RpcEpUnregister
UuidFromStringW

Exports

Exports

asw_process_storage_allocate_connector
asw_process_storage_deallocate_connector
on_avast_dll_unload
onexit_register_connector_avast_2

Sections

.text
Size: 970KB - Virtual size: 969KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 338KB - Virtual size: 338KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tools/Adaware/adaware_remover.exe
.exe windows:6 windows x86 arch:x86

8288bc24217ec6df0d64dee781471659

Code Sign

87:82:52:60:00:00:00:00:51:d3:73:d9
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

10/06/2015, 13:42

Not After

10/11/2030, 14:12

Subject

CN=Entrust Extended Validation Code Signing CA - EVCS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:f4:43:d7:45:35:40:b1:28:17:f6:b7:f5:ac:57:b1
Certificate

Issuer

CN=Entrust Extended Validation Code Signing CA - EVCS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

03/09/2020, 22:20

Not After

03/09/2022, 22:20

Subject

SERIALNUMBER=1165680514,CN=Adaware Software (Lavasoft Software Canada Inc.),O=Adaware Software (Lavasoft Software Canada Inc.),L=Montreal,ST=Quebec,C=CA,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#1306517565626563,1.3.6.1.4.1.311.60.2.1.3=#13024341

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

87:82:52:60:00:00:00:00:51:d3:73:d9
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

10/06/2015, 13:42

Not After

10/11/2030, 14:12

Subject

CN=Entrust Extended Validation Code Signing CA - EVCS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:f4:43:d7:45:35:40:b1:28:17:f6:b7:f5:ac:57:b1
Certificate

Issuer

CN=Entrust Extended Validation Code Signing CA - EVCS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

03/09/2020, 22:20

Not After

03/09/2022, 22:20

Subject

SERIALNUMBER=1165680514,CN=Adaware Software (Lavasoft Software Canada Inc.),O=Adaware Software (Lavasoft Software Canada Inc.),L=Montreal,ST=Quebec,C=CA,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#1306517565626563,1.3.6.1.4.1.311.60.2.1.3=#13024341

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ab:02:05:ee:d1:b7:1b:70:77:8e:0b:0e:a5:00:5b:0a:6b:c6:39:20:d9:30:ea:75:b0:18:32:1e:5f:ab:bd:23
Signer

Actual PE Digest

ab:02:05:ee:d1:b7:1b:70:77:8e:0b:0e:a5:00:5b:0a:6b:c6:39:20:d9:30:ea:75:b0:18:32:1e:5f:ab:bd:23

Digest Algorithm

sha256

PE Digest Matches

true

24:9c:46:99:81:c5:3b:14:4c:22:f2:da:12:74:9b:30:c9:57:20:b3
Signer

Actual PE Digest

24:9c:46:99:81:c5:3b:14:4c:22:f2:da:12:74:9b:30:c9:57:20:b3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\TemporaryBuilds\installer_builder_1\57\s\_bin\Adaware\Win32\remover.pdb

Imports

msi

ord205
ord70
ord250
ord41

kernel32

GetCommandLineA
GetOEMCP
GetACP
FormatMessageW
SetEvent
CloseHandle
GetSystemInfo
LocalFree
WideCharToMultiByte
FormatMessageA
CreateEventA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
FindFirstFileW
FindNextFileW
RemoveDirectoryW
FindClose
WaitForSingleObject
GetFileAttributesW
SetFileAttributesW
GetLastError
DeleteFileW
CreateProcessW
GetExitCodeProcess
HeapFree
GetCurrentProcess
GetCurrentThreadId
WaitForSingleObjectEx
HeapAlloc
GetProcessHeap
TerminateProcess
K32GetModuleFileNameExW
K32GetProcessImageFileNameW
OpenProcess
CreateToolhelp32Snapshot
Sleep
Process32NextW
Process32FirstW
IsWow64Process
MoveFileExW
LoadLibraryExA
CreateMutexA
ReleaseMutex
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
LoadLibraryW
FreeLibrary
GetTickCount
HeapReAlloc
DecodePointer
RaiseException
HeapSize
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
LoadLibraryExW
GetSystemTime
GetLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
ResetEvent
ReleaseSemaphore
CreateEventW
WaitForMultipleObjects
CreateSemaphoreW
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
VerSetConditionMask
QueryPerformanceCounter
QueryPerformanceFrequency
GetComputerNameW
VerifyVersionInfoW
CompareStringW
CompareStringA
GetNumberFormatW
GetCurrencyFormatW
GetSystemDefaultLCID
GetUserDefaultLCID
OutputDebugStringW
MulDiv
GetTempPathA
GetTempFileNameA
GetCommandLineW
GlobalSize
GlobalUnlock
GlobalLock
GetEnvironmentStringsW
AllocConsole
DebugBreak
SetErrorMode
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetModuleHandleA
LoadLibraryA
CreateFileW
GetFileSize
SetEndOfFile
SetFilePointer
CreateFileMappingW
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
ExitProcess
GlobalAlloc
GlobalFree
LocalAlloc
LocalSize
lstrlenW
GetCPInfo
FreeEnvironmentStringsW
SetHandleInformation
CancelIo
RegisterWaitForSingleObject
UnregisterWait
GetFileType
GetConsoleMode
FlushFileBuffers
ReadFile
WriteFile
DuplicateHandle
SetLastError
ConnectNamedPipe
SetNamedPipeHandleState
PeekNamedPipe
CreateNamedPipeW
WaitNamedPipeW
GetNamedPipeHandleStateW
GetCurrentProcessId
SwitchToThread
GetCurrentThread
QueueUserWorkItem
CreateNamedPipeA
CreateFileA
GetNumberOfConsoleInputEvents
ReadConsoleInputW
ReadConsoleW
WriteConsoleW
FillConsoleOutputCharacterW
FillConsoleOutputAttribute
GetConsoleCursorInfo
SetConsoleCursorInfo
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
SetConsoleTextAttribute
WriteConsoleInputW
SetConsoleCtrlHandler
GetCurrentDirectoryW
UnregisterWaitEx
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
LCMapStringW
CreateDirectoryW
GetFileInformationByHandle
SetFilePointerEx
SetFileTime
DeviceIoControl
CopyFileW
CreateHardLinkW
GetLongPathNameW
GetShortPathNameW
ReadDirectoryChangesW
SetEnvironmentVariableW
GetLogicalDriveStringsW
GetVolumeInformationW
GetStdHandle
GetStartupInfoW
VirtualAlloc
VirtualFree
lstrcmpW
CreateThread
SetThreadPriority
GetThreadPriority
GetVersionExW
VirtualProtect
IsValidCodePage
FindFirstFileExW
GetFileSizeEx
GetModuleFileNameA
GetEnvironmentVariableW
EnumSystemLocalesW
IsValidLocale
GetConsoleCP
GetFileAttributesExW
VirtualQuery
LoadResource
LockResource
SizeofResource
FindResourceW
GetStringTypeW
EncodePointer
GetSystemTimeAsFileTime
OpenEventA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
GetStringTypeExW
LCMapStringA
GetStringTypeExA
RtlUnwind
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
SetStdHandle

shlwapi

PathFileExistsW

Sections

.text
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 230KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 856KB - Virtual size: 856KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 339KB - Virtual size: 339KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tools/Avast/avastclear.exe
.exe windows:6 windows x86 arch:x86

6422a67cf7280810e405c78e2e395213

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:02:b3:6b:32:51:c3:28:08:3f:77:7c:a0:84:28:ff
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=Avast Software s.r.o.,O=Avast Software s.r.o.,L=Praha,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

Issuer

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Not Before

15/01/2024, 00:00

Not After

14/04/2035, 23:59

Subject

CN=Sectigo Public Time Stamping Signer R35,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

Issuer

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

22/03/2021, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2a:e0:2d:a9:9a:93:b5:7d:07:e8:3c:52:37:d1:6d:fc:58:b7:69:2d:74:51:04:d5:4d:d7:86:55:81:60:7c:62
Signer

Actual PE Digest

2a:e0:2d:a9:9a:93:b5:7d:07:e8:3c:52:37:d1:6d:fc:58:b7:69:2d:74:51:04:d5:4d:d7:86:55:81:60:7c:62

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x86\SfxInst.pdb

Imports

dwmapi

DwmSetWindowAttribute

ntdll

RtlNtStatusToDosError
NtClose
VerSetConditionMask
NtOpenKey
NtQueryKey
NtDeleteKey
RtlCaptureContext
RtlUnwind

kernel32

GetSystemInfo
WriteConsoleW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
SetStdHandle
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetFileType
ExitProcess
GetStdHandle
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
FreeLibraryAndExitThread
ExitThread
InterlockedPushEntrySList
OutputDebugStringW
GetProcAddress
GetModuleHandleW
CloseHandle
SetLastError
GetLastError
CreateFileW
DeviceIoControl
WideCharToMultiByte
MultiByteToWideChar
FindClose
FindFirstFileW
RemoveDirectoryW
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
SetFilePointerEx
GetFileSizeEx
UnmapViewOfFile
ReadFile
GetCurrentProcessId
CreateFileMappingW
MapViewOfFile
OpenFileMappingW
IsWow64Process
GetCurrentProcess
HeapAlloc
GetProcessHeap
GetSystemDirectoryW
lstrcatW
GetModuleHandleA
LocalFree
CreateProcessW
CreateEventW
ResumeThread
GetExitCodeProcess
GetCurrentThread
FindResourceW
SizeofResource
LockResource
LoadResource
GlobalAlloc
GlobalLock
GlobalFree
GlobalUnlock
SetEvent
CreateThread
TerminateThread
GetLocaleInfoW
FreeLibrary
GetCurrentThreadId
FileTimeToSystemTime
GetUserDefaultLangID
LoadLibraryA
ProcessIdToSessionId
OpenProcess
GetCommandLineW
GetFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetSystemTimeAsFileTime
GetNativeSystemInfo
GetPrivateProfileStringW
IsProcessorFeaturePresent
HeapFree
GetModuleHandleExW
InitializeCriticalSectionEx
LCIDToLocaleName
HeapSize
FormatMessageW
GetUserDefaultLCID
HeapReAlloc
DecodePointer
HeapDestroy
WaitForMultipleObjects
WriteFile
ResetEvent
CompareFileTime
LoadLibraryExW
GetFileAttributesExW
TerminateProcess
VerifyVersionInfoW
GetModuleFileNameW
CompareStringW
InitializeCriticalSectionAndSpinCount
RaiseException
GetTickCount
QueryPerformanceFrequency
QueryPerformanceCounter
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
K32GetProcessImageFileNameW
GetPriorityClass
GetProcessTimes
K32GetProcessMemoryInfo
LoadLibraryW
FlushFileBuffers
DeleteFileW
GetFileInformationByHandle
GetFullPathNameW
OutputDebugStringA
TlsAlloc
TlsGetValue
TlsSetValue
CreateSemaphoreW
ReleaseSemaphore
GetVersionExW
ExpandEnvironmentStringsW
GetShortPathNameW
GetFileAttributesW
GetSystemWindowsDirectoryW
GetProcessAffinityMask
GetLongPathNameW
VirtualAlloc
VirtualFree
VirtualProtect
GlobalMemoryStatusEx
GetExitCodeThread
TlsFree
SetFilePointer
SetFileAttributesW
GetFileSize
SetEndOfFile
MoveFileExW
GetWindowsDirectoryW
LockFileEx
DuplicateHandle
SetFileTime
CreateDirectoryW
GetCurrentDirectoryW
FindFirstFileExW
FindNextFileW
QueryDosDeviceW
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
GetEnvironmentVariableW
GetVersion
FindResourceExW
SetEnvironmentVariableW
WriteProcessMemory
UnlockFileEx
CopyFileW
SetFileInformationByHandle
GetDiskFreeSpaceExW
VirtualQuery
GetSystemTimes
GetTickCount64
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringEx
EncodePointer
InitOnceComplete
InitOnceBeginInitialize
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
LoadLibraryExA
WaitForSingleObjectEx
GetStringTypeW
ReleaseSRWLockExclusive

rpcrt4

RpcEpUnregister
UuidFromStringW

Exports

Exports

asw_process_storage_allocate_connector
asw_process_storage_deallocate_connector
on_avast_dll_unload
onexit_register_connector_avast_2

Sections

.text
Size: 970KB - Virtual size: 969KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 338KB - Virtual size: 338KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tools/Avira/avira_registry_cleaner_en.exe
.exe windows:5 windows x86 arch:x86

31f25f3d8576ef301b18ab8d543017b9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

76:ba:94:23:dd:bc:e7:b1:45:a9:5f:01:ee:01:5f:17
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/10/2016, 00:00

Not After

19/01/2020, 23:59

Subject

CN=Avira Operations GmbH & Co. KG,O=Avira Operations GmbH & Co. KG,L=Tettnang,ST=Baden-Württemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9f:00:0c:51:67:6e:02:81:99:37:b3:2f:e3:93:b0:0c:3c:48:39:34
Signer

Actual PE Digest

9f:00:0c:51:67:6e:02:81:99:37:b3:2f:e3:93:b0:0c:3c:48:39:34

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
GetErrorInfo
SysFreeString

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey

user32

MessageBoxA
CharNextW
LoadStringW
SetClassLongW
GetClassLongW
SetWindowLongW
GetWindowLongW
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageA
IsDialogMessageW
IsChild
InvalidateRect
InsertMenuItemW
InsertMenuW
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowDC
GetUpdateRect
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetScrollBarInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameW
GetClassInfoExW
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EndMenu
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateAcceleratorTableW
CopyImage
CopyIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
VerSetConditionMask
VerifyVersionInfoW
TryEnterCriticalSection
SystemTimeToFileTime
SwitchToThread
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
RaiseException
IsDebuggerPresent
MulDiv
LockResource
LocalFree
LoadResource
LoadLibraryW
LeaveCriticalSection
IsValidLocale
InitializeCriticalSection
HeapSize
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVersionExW
GetVersion
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetSystemTimes
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileAttributesW
GetExitCodeThread
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindFirstFileW
FindClose
FileTimeToSystemTime
EnumSystemLocalesW
EnumResourceNamesW
EnumCalendarInfoW
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateFileW
CreateEventW
CompareStringW
CloseHandle
Sleep

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SaveDC
RoundRect
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
Chord
BitBlt
ArcTo
Arc
AngleArc
AbortDoc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

shell32

Shell_NotifyIconW

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

wsock32

send

msvcrt

_gcvt

Exports

Exports

TMethodImplementationIntercept

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 101B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 64B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 723KB - Virtual size: 723KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Tools/BigFix/BESRemove11.0.2.125.exe
.exe windows:6 windows x86 arch:x86

7c488f254c70fd69c2eb50fefbee1cde

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:d8:c9:fa:57:f5:56:0b:fe:a3:82:5e:29:8a:86:9b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

20/09/2025, 23:59

Subject

CN=HCL America Inc.,O=HCL America Inc.,L=Sunnyvale,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5d:fc:9f:53:fb:b6:67:e2:f8:08:10:b0:51:5a:b1:63:dc:35:e9:a1:e7:21:96:a6:fd:c8:fd:19:17:ff:b2:2a
Signer

Actual PE Digest

5d:fc:9f:53:fb:b6:67:e2:f8:08:10:b0:51:5a:b1:63:dc:35:e9:a1:e7:21:96:a6:fd:c8:fd:19:17:ff:b2:2a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\j\workspace\bes\w\Output\Release\BESRemove.pdb

Imports

gdiplus

GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipSetInterpolationMode
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipDrawImageRectI
GdipCreateBitmapFromStream
GdipFree
GdipAlloc
GdiplusShutdown
GdipDeleteGraphics

odbc32

ord24
ord72
ord31
ord36
ord111
ord13
ord141
ord139
ord9
ord75
ord4

shlwapi

PathRemoveFileSpecW
PathFindFileNameW
PathStripPathW
StrFormatKBSizeW
PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathRemoveExtensionW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW
GetFileVersionInfoSizeW

shell32

ShellExecuteExW
SHAppBarMessage
SHBrowseForFolderW
DragFinish
DragQueryFileW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteW
SHGetFileInfoW

uxtheme

DrawThemeText
GetThemeSysColor
GetThemePartSize
SetWindowTheme
IsAppThemed
GetWindowTheme
GetCurrentThemeName
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
IsThemeBackgroundPartiallyTransparent

user32

SetRectEmpty
SendDlgItemMessageA
SystemParametersInfoW
InflateRect
GetMenuItemInfoW
DestroyMenu
GetMenuStringW
MapVirtualKeyW
GetKeyNameTextW
LoadMenuW
ReleaseCapture
WindowFromPoint
DrawFocusRect
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
SetRect
OffsetRect
RealChildWindowFromPoint
GetDoubleClickTime
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
IsClipboardFormatAvailable
GetUpdateRect
DrawMenuBar
IsRectEmpty
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
CreateMenu
CreateDialogIndirectParamW
EndDialog
GetNextDlgTabItem
GetDesktopWindow
GetMenuState
InsertMenuW
AppendMenuW
RemoveMenu
CopyImage
GetWindowThreadProcessId
GetUserObjectInformationW
GetProcessWindowStation
LockWindowUpdate
DeleteMenu
WindowFromDC
GetWindowRgn
InvalidateRect
DestroyIcon
CharUpperW
GetSysColorBrush
LoadCursorW
IntersectRect
GetAsyncKeyState
MapDialogRect
TrackMouseEvent
LoadImageW
GetNextDlgGroupItem
SetMenuDefaultItem
SetCapture
DrawIconEx
DestroyCursor
GetLastActivePopup
FindWindowExW
UnregisterClassW
EnableWindow
SendMessageW
PostMessageW
IsIconic
GetDlgItem
SetTimer
KillTimer
GetSystemMetrics
GetSystemMenu
EnableMenuItem
DrawIcon
GetClientRect
LoadIconW
MessageBoxW
GetIconInfo
MessageBeep
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
SetLayeredWindowAttributes
EnumDisplayMonitors
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
SetClassLongW
SetWindowRgn
SetParent
DrawEdge
DrawFrameControl
IsZoomed
BringWindowToTop
SetCursorPos
CopyIcon
FrameRect
UnionRect
UpdateLayeredWindow
MonitorFromPoint
LoadAcceleratorsW
ToUnicodeEx
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
GetComboBoxInfo
PostThreadMessageW
WaitMessage
GetKeyboardLayout
IsCharLowerW
DefFrameProcW
MapVirtualKeyExW
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
UnhookWindowsHookEx
GetWindow
TranslateMessage
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
GetWindowLongW
PtInRect
EqualRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
TrackPopupMenu
GetMenuItemCount
GetMenuItemID
GetSubMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
IsMenu
IsWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
FillRect
GetSysColor
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
LoadBitmapW
GetParent
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
GetFocus
SetCursor
ShowOwnedPopups
PostQuitMessage
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
GetKeyState
GetActiveWindow
IsWindowVisible
PeekMessageW
DispatchMessageW
GetMessageW

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
GetStartupInfoW
RtlUnwind
InterlockedPushEntrySList
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapQueryInformation
GetSystemInfo
VirtualAlloc
VirtualQuery
SetStdHandle
GetStdHandle
ExitProcess
LCMapStringW
IsValidLocale
EnumSystemLocalesW
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
SetConsoleCtrlHandler
IsValidCodePage
GetOEMCP
WriteConsoleW
ReleaseSRWLockShared
AcquireSRWLockShared
VirtualFree
GetSystemDirectoryA
SetConsoleMode
ReadConsoleA
GetDriveTypeW
PeekNamedPipe
GetSystemTimeAsFileTime
OutputDebugStringW
IsDebuggerPresent
GetCPInfo
GetStringTypeW
LCMapStringEx
InitOnceComplete
InitOnceBeginInitialize
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
DecodePointer
RaiseException
GetLastError
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
LoadResource
LockResource
SizeofResource
FindResourceW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExpandEnvironmentStringsW
CreateFileW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
RemoveDirectoryW
SetFileAttributesW
CloseHandle
GetQueuedCompletionStatus
WaitForSingleObject
Sleep
GetCurrentProcess
TerminateProcess
GetSystemDirectoryW
GetProcAddress
LocalFree
SetEvent
CreateEventW
GetCurrentThreadId
SetThreadPriority
ResumeThread
OutputDebugStringA
SetLastError
GetCurrentThread
GetVersionExW
FreeLibrary
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
LoadLibraryExW
LoadLibraryW
GlobalAlloc
GlobalLock
GlobalDeleteAtom
lstrcmpA
lstrcmpW
MultiByteToWideChar
WideCharToMultiByte
GlobalAddAtomW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GlobalUnlock
MulDiv
EncodePointer
LoadLibraryA
GlobalFindAtomW
CompareStringW
GlobalFree
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
InitializeCriticalSectionAndSpinCount
GlobalSize
FormatMessageW
CopyFileW
GetCurrentProcessId
GetCurrentDirectoryW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
FlushFileBuffers
GetFileSize
GetFullPathNameW
GetVolumeInformationW
LockFile
ReadFile
SetEndOfFile
SetFilePointer
UnlockFile
WriteFile
DuplicateHandle
lstrcmpiW
GlobalGetAtomNameW
FileTimeToSystemTime
VirtualProtect
lstrcpyW
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SystemTimeToTzSpecificLocalTime
FindResourceExW
GetWindowsDirectoryW
VerSetConditionMask
VerifyVersionInfoW
GetTempPathW
GetTickCount
GetProfileIntW
SearchPathW
GetTempFileNameW
GetUserDefaultLCID
TryEnterCriticalSection
GetFileType
CreateDirectoryW
FindFirstFileExW
GetFileInformationByHandle
CreateIoCompletionPort
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetExitCodeProcess
CreateProcessW
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
GetACP
FormatMessageA
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTime
GetLocaleInfoA
GetNumberFormatW
GetTimeZoneInformation
ResetEvent
WaitForSingleObjectEx
GetLocaleInfoEx
CreateFileA

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
SetEntriesInAclW
SetNamedSecurityInfoW
RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegEnumValueW
RegEnumKeyExW
OpenProcessToken
GetTokenInformation
CloseServiceHandle
OpenSCManagerW
OpenServiceW
QueryServiceStatus
StartServiceW
GetUserNameW
RegDeleteKeyExW
RegQueryInfoKeyW
ControlService
DeleteService

ole32

OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CreateStreamOnHGlobal
CoInitializeEx
CoDisconnectObject
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize

oleaut32

LoadTypeLi
VarBstrFromDate
VariantCopy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysAllocString
SysFreeString

gdi32

GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
GetCurrentObject
OffsetRgn
GetRgnBox
Rectangle
LPtoDP
CreateRoundRectRgn
Polyline
Polygon
GetTextFaceW
GetTextColor
Ellipse
CreateEllipticRgn
SetDIBColorTable
CreateDIBSection
StretchBlt
SetPixel
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
CreateCompatibleBitmap
GetBkColor
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
EnumFontFamiliesExW
GetTextMetricsW
DPtoLP
SetRectRgn
CombineRgn
CreateDCW
CopyMetaFileW
GetTextExtentPoint32W
CreateFontIndirectW
PatBlt
CreateRectRgnIndirect
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
GetViewportOrgEx
TextOutW
MoveToEx
GetObjectW
SetTextAlign
SetTextColor
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SetBkColor
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetDeviceCaps
GetClipRgn
GetClipBox
ExcludeClipRect
Escape
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
BitBlt
CreateBitmap
ExtTextOutW
CreatePolygonRgn

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

crypt32

CryptProtectData
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CryptUnprotectData

ws2_32

getsockopt
ioctlsocket
htons
htonl
WSAGetLastError
WSACleanup
WSAStartup
gethostbyname
ntohs
closesocket
send
connect
setsockopt
socket
shutdown
inet_ntoa
select
inet_addr
gethostbyaddr
getservbyport
getservbyname
WSASetLastError
recv

bcrypt

BCryptGenRandom

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tools/BitDefender/Bitdefender_2021_Uninstall_Tool.exe
.exe windows:5 windows x86 arch:x86

027ea80e8125c6dda271246922d4c3b0

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:38:f0:86:d3:c3:ce:bb:f1:b4:5e:2a:95:50:83:8f
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/11/2020, 00:00

Not After

05/12/2023, 23:59

Subject

CN=Bitdefender SRL,O=Bitdefender SRL,L=Bucharest,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:ff:ab:74:b1:21:89:75:f0:2f:f3:8e:6a:95:d6:4b
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14/12/2020, 00:00

Not After

05/12/2023, 23:59

Subject

CN=Bitdefender SRL,O=Bitdefender SRL,L=Bucharest,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0e:c2:85:a3:61:32:c3:d3:0f:3d:60:ea:29:2e:0d:d0:ea:02:0b:1d:15:7a:1d:f8:f2:01:31:89:15:54:db:eb
Signer

Actual PE Digest

0e:c2:85:a3:61:32:c3:d3:0f:3d:60:ea:29:2e:0d:d0:ea:02:0b:1d:15:7a:1d:f8:f2:01:31:89:15:54:db:eb

Digest Algorithm

sha256

PE Digest Matches

true

e8:96:9c:1f:0b:6c:a0:db:bd:13:95:de:4b:ff:c5:ca:63:cf:27:a2
Signer

Actual PE Digest

e8:96:9c:1f:0b:6c:a0:db:bd:13:95:de:4b:ff:c5:ca:63:cf:27:a2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

Imports

kernel32

GetLastError
SetLastError
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
GetCurrentProcessId
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
GetTickCount
SetCurrentDirectoryW
GetExitCodeProcess
GetLocalTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
HeapSize
GetConsoleCP
GetConsoleMode
SetFilePointerEx
DecodePointer

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tools/BitDefender/Bitdefender_2022_Uninstall_Tool.exe
.exe windows:5 windows x86 arch:x86

027ea80e8125c6dda271246922d4c3b0

Code Sign

0d:38:f0:86:d3:c3:ce:bb:f1:b4:5e:2a:95:50:83:8f
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/11/2020, 00:00

Not After

05/12/2023, 23:59

Subject

CN=Bitdefender SRL,O=Bitdefender SRL,L=Bucharest,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

09:ff:ab:74:b1:21:89:75:f0:2f:f3:8e:6a:95:d6:4b
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14/12/2020, 00:00

Not After

05/12/2023, 23:59

Subject

CN=Bitdefender SRL,O=Bitdefender SRL,L=Bucharest,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1d:e1:d3:20:f6:a0:63:20:eb:6e:ea:28:86:56:df:5b:51:40:3a:b6:68:a7:6e:1c:47:17:d8:0d:65:99:bc:a9
Signer

Actual PE Digest

1d:e1:d3:20:f6:a0:63:20:eb:6e:ea:28:86:56:df:5b:51:40:3a:b6:68:a7:6e:1c:47:17:d8:0d:65:99:bc:a9

Digest Algorithm

sha256

PE Digest Matches

true

01:6e:3e:4b:2a:a6:e6:d7:e8:8e:54:cb:85:fc:ac:b7:d5:99:77:fb
Signer

Actual PE Digest

01:6e:3e:4b:2a:a6:e6:d7:e8:8e:54:cb:85:fc:ac:b7:d5:99:77:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

Imports

kernel32

GetLastError
SetLastError
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
GetCurrentProcessId
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
GetTickCount
SetCurrentDirectoryW
GetExitCodeProcess
GetLocalTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
HeapSize
GetConsoleCP
GetConsoleMode
SetFilePointerEx
DecodePointer

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tools/BitDefender/Bitdefender_2023_Uninstall_Tool.exe
.exe windows:5 windows x86 arch:x86

027ea80e8125c6dda271246922d4c3b0

Code Sign

0d:38:f0:86:d3:c3:ce:bb:f1:b4:5e:2a:95:50:83:8f
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/11/2020, 00:00

Not After

05/12/2023, 23:59

Subject

CN=Bitdefender SRL,O=Bitdefender SRL,L=Bucharest,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

09:ff:ab:74:b1:21:89:75:f0:2f:f3:8e:6a:95:d6:4b
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14/12/2020, 00:00

Not After

05/12/2023, 23:59

Subject

CN=Bitdefender SRL,O=Bitdefender SRL,L=Bucharest,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

b6:2f:96:a5:00:78:a8:6f:50:13:b7:ae:c7:8c:c6:db:07:ee:d9:90:59:3f:e0:c3:cb:cd:b7:cf:bc:74:9a:62
Signer

Actual PE Digest

b6:2f:96:a5:00:78:a8:6f:50:13:b7:ae:c7:8c:c6:db:07:ee:d9:90:59:3f:e0:c3:cb:cd:b7:cf:bc:74:9a:62

Digest Algorithm

sha256

PE Digest Matches

true

4b:7b:6e:ec:6b:46:33:b0:05:f3:64:74:5a:17:43:df:d0:11:41:c3
Signer

Actual PE Digest

4b:7b:6e:ec:6b:46:33:b0:05:f3:64:74:5a:17:43:df:d0:11:41:c3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

Imports

kernel32

GetLastError
SetLastError
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
GetCurrentProcessId
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
GetTickCount
SetCurrentDirectoryW
GetExitCodeProcess
GetLocalTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
HeapSize
GetConsoleCP
GetConsoleMode
SetFilePointerEx
DecodePointer

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tools/Comodo/ciscleanuptool_x64.exe
.exe windows:6 windows x64 arch:x64

698e8a630b125d35cd01a368e71f7b3b

Code Sign

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

16/04/2020, 18:36

Not After

16/04/2045, 18:44

Subject

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:6e:f8:42:8d:d4:b8:3e:e4:14:4b:00:00:00:00:6e:f8
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Not Before

09/03/2023, 11:23

Not After

12/03/2023, 11:23

Subject

CN=Comodo Security Solutions Inc.,O=Comodo Security Solutions Inc.,L=Bloomfield,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:6e:f8:42:8d:d4:b8:3e:e4:14:4b:00:00:00:00:6e:f8
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Not Before

09/03/2023, 11:23

Not After

12/03/2023, 11:23

Subject

CN=Comodo Security Solutions Inc.,O=Comodo Security Solutions Inc.,L=Bloomfield,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:07:37:8c:5b:a1:d9:5b:8c:d4:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Not Before

13/04/2021, 17:31

Not After

13/04/2026, 17:31

Subject

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

01/04/2021, 20:05

Not After

01/04/2036, 20:15

Subject

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:73:4d:11:1b:4b:5c:87:9b:bd:5a:8c:49:ab:2a:90
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

07/12/2021, 00:00

Not After

06/12/2024, 23:59

Subject

SERIALNUMBER=0400751588,CN=Comodo Security Solutions\, Inc,O=Comodo Security Solutions\, Inc,ST=New Jersey,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a4e6577204a6572736579,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:61:71:37:79:2b:d4:ab:69:af:a8:fc:09:ec:88:fd:bc:d9:6a:fb:d8:59:f4:a0:8e:ef:4a:f3:42:62:0d:ca
Signer

Actual PE Digest

45:61:71:37:79:2b:d4:ab:69:af:a8:fc:09:ec:88:fd:bc:d9:6a:fb:d8:59:f4:a0:8e:ef:4a:f3:42:62:0d:ca

Digest Algorithm

sha256

PE Digest Matches

true

45:61:71:37:79:2b:d4:ab:69:af:a8:fc:09:ec:88:fd:bc:d9:6a:fb:d8:59:f4:a0:8e:ef:4a:f3:42:62:0d:ca
Signer

Actual PE Digest

45:61:71:37:79:2b:d4:ab:69:af:a8:fc:09:ec:88:fd:bc:d9:6a:fb:d8:59:f4:a0:8e:ef:4a:f3:42:62:0d:ca

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Jenkins\workspace\CisCleanupTool2_vs19\CisCleanupTool2\CleanTool2_out\CisCleanupTool_x64.pdb

Imports

kernel32

HeapSize
InitializeCriticalSectionEx
HeapFree
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
GetProcessHeap
SetEndOfFile
WriteConsoleW
SetStdHandle
GetLastError
WideCharToMultiByte
MultiByteToWideChar
SetLastError
FormatMessageW
LocalFree
GetCurrentProcess
VerSetConditionMask
VerifyVersionInfoW
GetTempPathW
GetTempFileNameW
GetModuleFileNameW
GetLongPathNameW
WaitForSingleObject
SetEvent
CloseHandle
CreateEventW
OutputDebugStringW
FindResourceW
LoadResource
SizeofResource
LockResource
CreateFileW
WriteFile
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
GetProcAddress
GetModuleHandleW
lstrcmpiW
LoadLibraryExW
LoadLibraryW
GetCommandLineW
DeviceIoControl
GetSystemTime
GetLocalTime
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
K32GetModuleFileNameExW
DeleteFileW
RemoveDirectoryW
lstrcpyW
FindFirstFileW
FindNextFileW
FindClose
Sleep
GetCurrentThreadId
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
FileTimeToDosDateTime
MoveFileW
MoveFileExW
CreateProcessW
SetFileAttributesW
GetFileInformationByHandle
GetStringTypeW
QueryPerformanceCounter
EncodePointer
LCMapStringEx
RtlUnwind
GetCPInfo
IsDebuggerPresent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
GetTimeZoneInformation
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
SetFilePointerEx
GetFileSizeEx
ReadConsoleW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW

user32

SetCapture
SetCursor
LoadCursorW
PtInRect
ReleaseCapture
DefWindowProcW
CallWindowProcW
GetWindowTextW
SetWindowPos
OffsetRect
CopyRect
GetWindowRect
GetDesktopWindow
GetParent
CheckDlgButton
IsDlgButtonChecked
SetDlgItemTextW
MessageBoxW
CharNextW
wsprintfW
DrawTextW
ReleaseDC
GetDC
GetClientRect
GetWindowTextLengthW
LoadStringW
EnableMenuItem
GetSystemMenu
SendDlgItemMessageW
LoadImageW
ExitWindowsEx
PostMessageW
EndDialog
EnableWindow
GetSysColorBrush
GetDlgCtrlID
SendMessageW
SetFocus
SetWindowTextW
GetDlgItem
ShowWindow
GetWindowLongPtrW
SetWindowLongPtrW
DialogBoxParamW
DestroyIcon
CharUpperBuffW

gdi32

BitBlt
SetBkMode
SetTextColor
CreateFontIndirectW
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject

shlwapi

SHDeleteKeyW
PathAddBackslashW
PathStripToRootW
PathFileExistsW
SHQueryInfoKeyW
PathIsDirectoryEmptyW
PathFindExtensionW
PathFindFileNameW

msi

ord205

setupapi

SetupUninstallOEMInfW
SetupCloseInfFile
SetupGetInfFileListW
SetupGetStringFieldW
SetupFindFirstLineW
SetupOpenInfFileW

dbghelp

MiniDumpWriteDump

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust
WTHelperGetProvCertFromChain

crypt32

CryptUnprotectData
CertGetNameStringW
CertDuplicateCertificateContext

advapi32

RegOpenKeyExW
InitializeAcl
ClearEventLogW
OpenServiceW
CloseServiceHandle
OpenSCManagerW
DeleteService
CloseEventLog
ReportEventW
OpenEventLogW
SetSecurityDescriptorGroup
SetEntriesInAclW
CreateWellKnownSid
RegDeleteKeyW
SetNamedSecurityInfoW
GetUserNameW
GetAclInformation
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
ConvertSidToStringSidW
CopySid
GetLengthSid
IsValidSid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
RegQueryInfoKeyW
RegEnumValueW
TreeResetNamedSecurityInfoW
RegSetKeySecurity
AddAccessAllowedAceEx
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
GetAce
RegCreateKeyExW
RegEnumKeyExW
RegCloseKey
LookupAccountNameW
GetNamedSecurityInfoW
AddAce

shell32

ShellExecuteW
SHGetFolderPathW
CommandLineToArgvW

ole32

CoInitializeSecurity
CoTaskMemAlloc
CoInitializeEx
CoInitialize
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoSetProxyBlanket

oleaut32

SystemTimeToVariantTime
VarUI4FromStr
VariantInit
VariantClear
SysAllocString
VariantTimeToSystemTime
SysFreeString

Sections

.text
Size: 675KB - Virtual size: 674KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 229KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tools/Comodo/ciscleanuptool_x86.exe
.exe windows:6 windows x86 arch:x86

d97ec8feb8bc8be42272beb6a9469bcc

Code Sign

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

16/04/2020, 18:36

Not After

16/04/2045, 18:44

Subject

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:6e:f8:42:8d:d4:b8:3e:e4:14:4b:00:00:00:00:6e:f8
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Not Before

09/03/2023, 11:23

Not After

12/03/2023, 11:23

Subject

CN=Comodo Security Solutions Inc.,O=Comodo Security Solutions Inc.,L=Bloomfield,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:6e:f8:42:8d:d4:b8:3e:e4:14:4b:00:00:00:00:6e:f8
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Not Before

09/03/2023, 11:23

Not After

12/03/2023, 11:23

Subject

CN=Comodo Security Solutions Inc.,O=Comodo Security Solutions Inc.,L=Bloomfield,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:07:37:8c:5b:a1:d9:5b:8c:d4:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Not Before

13/04/2021, 17:31

Not After

13/04/2026, 17:31

Subject

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

01/04/2021, 20:05

Not After

01/04/2036, 20:15

Subject

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:73:4d:11:1b:4b:5c:87:9b:bd:5a:8c:49:ab:2a:90
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

07/12/2021, 00:00

Not After

06/12/2024, 23:59

Subject

SERIALNUMBER=0400751588,CN=Comodo Security Solutions\, Inc,O=Comodo Security Solutions\, Inc,ST=New Jersey,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a4e6577204a6572736579,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:07:6b:16:e9:6a:ab:b1:e6:61:74:0a:8d:a4:28:f7:e2:bf:47:7a:24:84:8d:97:27:a3:b2:98:80:ab:34:52
Signer

Actual PE Digest

2e:07:6b:16:e9:6a:ab:b1:e6:61:74:0a:8d:a4:28:f7:e2:bf:47:7a:24:84:8d:97:27:a3:b2:98:80:ab:34:52

Digest Algorithm

sha256

PE Digest Matches

true

2e:07:6b:16:e9:6a:ab:b1:e6:61:74:0a:8d:a4:28:f7:e2:bf:47:7a:24:84:8d:97:27:a3:b2:98:80:ab:34:52
Signer

Actual PE Digest

2e:07:6b:16:e9:6a:ab:b1:e6:61:74:0a:8d:a4:28:f7:e2:bf:47:7a:24:84:8d:97:27:a3:b2:98:80:ab:34:52

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Jenkins\workspace\CisCleanupTool2_vs19\CisCleanupTool2\CleanTool2_out\CisCleanupTool_x86.pdb

Imports

kernel32

HeapReAlloc
HeapSize
InitializeCriticalSectionEx
RaiseException
GetLastError
WideCharToMultiByte
MultiByteToWideChar
SetStdHandle
WriteConsoleW
SetEndOfFile
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
GetProcessHeap
SetEnvironmentVariableW
HeapFree
SetLastError
FormatMessageW
LocalFree
GetCurrentProcess
VerSetConditionMask
VerifyVersionInfoW
GetProcAddress
GetModuleHandleW
GetTempPathW
GetTempFileNameW
GetModuleFileNameW
GetLongPathNameW
WaitForSingleObject
SetEvent
CloseHandle
CreateEventW
OutputDebugStringW
FindResourceW
LoadResource
SizeofResource
LockResource
CreateFileW
WriteFile
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
lstrcmpiW
LoadLibraryExW
LoadLibraryW
GetCommandLineW
DeviceIoControl
GetSystemTime
GetLocalTime
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
K32GetModuleFileNameExW
DeleteFileW
RemoveDirectoryW
lstrcpyW
FindFirstFileW
FindNextFileW
FindClose
Sleep
GetCurrentThreadId
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
FileTimeToDosDateTime
MoveFileW
MoveFileExW
CreateProcessW
SetFileAttributesW
GetFileInformationByHandle
GetStringTypeW
QueryPerformanceCounter
EncodePointer
LCMapStringEx
FreeEnvironmentStringsW
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
GetTimeZoneInformation
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
SetFilePointerEx
GetFileSizeEx
ReadConsoleW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW

user32

DrawTextW
SetCapture
SetCursor
LoadCursorW
PtInRect
ReleaseCapture
DefWindowProcW
GetDC
CharUpperBuffW
ExitWindowsEx
LoadStringW
GetClientRect
GetWindowTextLengthW
EnableMenuItem
GetSystemMenu
SendDlgItemMessageW
LoadImageW
DestroyIcon
GetWindowTextW
SetWindowPos
OffsetRect
CopyRect
GetWindowRect
GetDesktopWindow
GetParent
DialogBoxParamW
SetWindowLongW
ReleaseDC
CheckDlgButton
IsDlgButtonChecked
SetDlgItemTextW
MessageBoxW
CharNextW
wsprintfW
CallWindowProcW
GetWindowLongW
PostMessageW
EndDialog
EnableWindow
GetSysColorBrush
GetDlgCtrlID
SendMessageW
SetFocus
SetWindowTextW
GetDlgItem
ShowWindow

gdi32

CreateFontIndirectW
SetBkMode
SetTextColor
DeleteObject
DeleteDC
CreateCompatibleDC
SelectObject
BitBlt
CreateCompatibleBitmap

shlwapi

PathIsDirectoryEmptyW
SHQueryInfoKeyW
SHDeleteKeyW
PathFileExistsW
PathStripToRootW
PathFindFileNameW
PathFindExtensionW
PathAddBackslashW

msi

ord205

setupapi

SetupFindFirstLineW
SetupCloseInfFile
SetupGetStringFieldW
SetupOpenInfFileW
SetupGetInfFileListW
SetupUninstallOEMInfW

dbghelp

MiniDumpWriteDump

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust
WTHelperGetProvCertFromChain

crypt32

CertGetNameStringW
CryptUnprotectData
CertDuplicateCertificateContext

advapi32

RegSetKeySecurity
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
ConvertSidToStringSidW
RegCreateKeyExW
ClearEventLogW
OpenServiceW
CloseServiceHandle
OpenSCManagerW
DeleteService
CopySid
GetLengthSid
IsValidSid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
GetNamedSecurityInfoW
GetAce
GetAclInformation
AddAce
InitializeAcl
SetNamedSecurityInfoW
GetUserNameW
LookupAccountNameW
CloseEventLog
ReportEventW
OpenEventLogW
SetSecurityDescriptorGroup
SetEntriesInAclW
CreateWellKnownSid
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumValueW
TreeResetNamedSecurityInfoW
RegEnumKeyExW
AddAccessAllowedAceEx
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegOpenKeyExW

shell32

ShellExecuteW
CommandLineToArgvW
SHGetFolderPathW

ole32

CoSetProxyBlanket
CoInitializeEx
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoInitialize
CoInitializeSecurity
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantInit
VarUI4FromStr
VariantTimeToSystemTime
SystemTimeToVariantTime

Sections

.text
Size: 582KB - Virtual size: 582KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tools/DrWeb/drw_remover.exe
.exe windows:5 windows x86 arch:x86

53b457cae2bba936bc93cde864cf7b3c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

D:\code\proj\drweb-remover\Win32\Release\starter.pdb

Imports

kernel32

SetLastError
GetProcAddress
GetModuleHandleW
SizeofResource
HeapFree
GetLongPathNameW
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
GetTempPathW
WaitForSingleObject
HeapSize
GetLastError
LockResource
DeleteFileW
HeapReAlloc
CloseHandle
RaiseException
FindResourceExW
LoadResource
FindResourceW
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
GetProcessHeap
CreateProcessW
GetTempFileNameW
ReadFile
WriteFile
SetFilePointer
CreateFileW
UnmapViewOfFile
GetFileSize
WideCharToMultiByte
CreateFileMappingW
MapViewOfFile
GetCurrentProcess
GetCurrentDirectoryA
SystemTimeToFileTime
GetFileType
DosDateTimeToFileTime
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
VirtualQuery
VirtualProtect
GetSystemInfo
WriteConsoleW
SetFilePointerEx
GetConsoleMode
RtlUnwind
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
GetStdHandle
GetACP
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleCP
LoadLibraryExA

ntdll

NtQuerySystemInformation
RtlNtStatusToDosError

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tools/Emsisoft/EmsiClean32.exe
.exe windows:5 windows x86 arch:x86

70c3a80c97851854ca81d61eb38cbbb5

Code Sign

82:4d:35:69:1d:a5:57:1a:70:20:0e:2f:67:ef:ca:f3
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/06/2019, 00:00

Not After

24/06/2022, 23:59

Subject

SERIALNUMBER=5377101,CN=Emsisoft Ltd,O=Emsisoft Ltd,POSTALCODE=7010,STREET=315a Hardy Street,L=Nelson,ST=NSN,C=NZ,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024e5a

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/12/2014, 00:00

Not After

02/12/2029, 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e7:2a:a8:9a:a9:51:ee:de:f3:21:41:b3:39:be:3e:b9:8a:d0:9b:e6:4a:5e:a0:af:c5:64:5d:88:81:97:99:34
Signer

Actual PE Digest

e7:2a:a8:9a:a9:51:ee:de:f3:21:41:b3:39:be:3e:b9:8a:d0:9b:e6:4a:5e:a0:af:c5:64:5d:88:81:97:99:34

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
InitCommonControls
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_DrawIndirect
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

Shell_NotifyIconW
SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW

user32

CopyImage
CreateWindowExW
ChildWindowFromPoint
GetMenuItemInfoW
SetMenuItemInfoW
DefFrameProcW
GetDCEx
PeekMessageW
MonitorFromWindow
GetDlgCtrlID
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
IsWindowUnicode
RegisterWindowMessageW
FillRect
GetMenuStringW
DispatchMessageW
CreateAcceleratorTableW
SendMessageA
DefMDIChildProcW
EnumWindows
GetClassInfoW
ShowOwnedPopups
GetSystemMenu
GetScrollRange
SetScrollPos
GetScrollPos
GetActiveWindow
SetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
DrawFocusRect
EnumChildWindows
GetScrollBarInfo
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
CreatePopupMenu
ScrollWindow
ShowCaret
GetMenuItemID
GetLastActivePopup
CharLowerBuffW
GetSystemMetrics
SetWindowLongW
PostMessageW
DrawMenuBar
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
IsChild
ClientToScreen
GetClipboardData
SetClipboardData
SetWindowPlacement
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
EnableWindow
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetDC
GetFocus
SetFocus
EndPaint
ExitWindowsEx
ReleaseDC
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
GetClassLongW
ActivateKeyboardLayout
GetParent
DrawTextW
SetScrollRange
MonitorFromRect
InsertMenuItemW
PeekMessageA
GetPropW
SetClassLongW
MessageBoxW
MessageBeep
SetPropW
RemovePropW
UpdateWindow
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
EmptyClipboard
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
RemoveMenu
GetSysColorBrush
GetKeyboardLayoutNameW
GetWindowDC
TranslateMessage
OpenClipboard
DrawTextExW
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CloseClipboard
DestroyCursor
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
CopyIcon
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
GetMessagePos
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetCursorPos
HideCaret
GetMenu
GetMenuState
SetMenu
SetRect
GetKeyState
FindWindowExW
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetCursor
GetWindow
GetWindowLongW
GetWindowRect
InsertMenuW
KillTimer
WaitMessage
IsWindowEnabled
IsDialogMessageA
TranslateMDISysAccel
GetWindowPlacement
CreateIconIndirect
FindWindowW
DeleteMenu
GetKeyboardLayout

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

SysFreeString
VariantClear
VariantInit
GetErrorInfo
SysReAllocStringLen
SafeArrayCreate
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType

advapi32

CloseServiceHandle
RegSetValueExW
ControlService
RegConnectRegistryW
OpenThreadToken
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
DeleteService
StartServiceW
RegReplaceKeyW
QueryServiceStatusEx
GetTokenInformation
LookupAccountSidW
ChangeServiceConfigW
RegCreateKeyExW
SetSecurityDescriptorDacl
OpenServiceW
RegLoadKeyW
RegEnumKeyExW
QueryServiceStatus
AdjustTokenPrivileges
QueryServiceConfigW
RegDeleteKeyW
LookupPrivilegeValueW
OpenSCManagerW
RegOpenKeyExW
OpenProcessToken
RegDeleteValueW
RegFlushKey
RegQueryValueExW
RegEnumValueW
RegCloseKey
InitializeSecurityDescriptor
RegRestoreKeyW
EnumServicesStatusW

netapi32

NetWkstaGetInfo
NetApiBufferFree

msvcrt

isupper
isalpha
isalnum
toupper
memchr
memcmp
memcpy
memset
isprint
isspace
iscntrl
isxdigit
ispunct
isgraph
islower
tolower

kernel32

SetFileAttributesW
QueryDosDeviceW
GetACP
GetExitCodeProcess
CloseHandle
LocalFree
GetCurrentProcessId
SizeofResource
VirtualProtect
TerminateThread
QueryPerformanceFrequency
IsDebuggerPresent
FindNextFileW
GetFullPathNameW
VirtualFree
GetProcessHeap
ExitProcess
HeapAlloc
ReplaceFileW
GetCPInfoExW
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
FileTimeToLocalFileTime
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
FileTimeToDosDateTime
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
CopyFileW
MapViewOfFile
CreateMutexW
LoadLibraryA
GetVolumeInformationW
ResetEvent
MulDiv
FreeResource
GetDriveTypeW
GetVersion
RaiseException
MoveFileW
GlobalAddAtomW
FormatMessageW
OpenProcess
FindVolumeClose
SwitchToThread
GetExitCodeThread
GetCurrentThread
GetLogicalDrives
SetThreadUILanguage
FindFirstVolumeW
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
MoveFileExW
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
GlobalFree
Sleep
EnterCriticalSection
SetFilePointer
ReleaseMutex
FlushFileBuffers
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GlobalDeleteAtom
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
GlobalLock
VirtualAlloc
GetTempPathW
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVolumePathNamesForVolumeNameW
GetLogicalDriveStringsW
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
UnmapViewOfFile
lstrlenW
QueryPerformanceCounter
SetEndOfFile
lstrcmpW
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
EnumResourceNamesW
DeleteFileW
GetLocalTime
WaitForSingleObject
WriteFile
CreateFileMappingW
ExitThread
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
FindNextVolumeW
LocalAlloc
RemoveDirectoryW
CreateEventW
WaitForMultipleObjectsEx
GetThreadLocale
SetThreadLocale

wintrust

CryptCATCatalogInfoFromContext
CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext

crypt32

CertGetNameStringW
CryptQueryObject
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptMsgClose

userenv

GetAllUsersProfileDirectoryW

ole32

IsEqualGUID
OleInitialize
OleUninitialize
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc

gdi32

Pie
SetBkMode
CreateCompatibleBitmap
GetEnhMetaFileHeader
RectVisible
AngleArc
ResizePalette
SetAbortProc
SetTextColor
StretchBlt
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
PolyBezierTo
CreateICW
CreateDCW
GetStockObject
CreateSolidBrush
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
StartDocW
AbortDoc
GetSystemPaletteEntries
GetEnhMetaFileBits
GetEnhMetaFilePaletteEntries
CreatePenIndirect
CreateFontIndirectW
PolyBezier
EndDoc
GetObjectW
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
Arc
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
SaveDC
DeleteDC
FrameRgn
BitBlt
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
SetWinMetaFileBits
GetStretchBltMode
CreateDIBitmap
SetStretchBltMode
GetDIBits
CreateDIBSection
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetNearestPaletteIndex
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

ntdll

NtQuerySymbolicLinkObject
NtQueryInformationFile
NtClose
RtlInitUnicodeString
NtOpenDirectoryObject
NtOpenSymbolicLinkObject

Exports

Exports

RegisterLibraryPointers
TMethodImplementationIntercept
UnRegisterLibraryPointers
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 37KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 225B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 88B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 269KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Tools/Emsisoft/EmsiClean64.exe
.exe windows:5 windows x64 arch:x64

e41e6412586d5cc303720a41d1f47fbc

Code Sign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

53:bd:da:e1:3b:b3:9b:0f:b3:45:a9:1c
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

05/09/2023, 07:05

Not After

05/09/2024, 07:05

Subject

SERIALNUMBER=9429041331842,CN=Emsisoft Limited,O=Emsisoft Limited,STREET=315a Hardy St,L=Nelson,ST=Nelson,C=NZ,1.2.840.113549.1.9.1=#0c0f6d6340656d7369736f66742e636f6d,1.3.6.1.4.1.311.60.2.1.3=#13024e5a,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for CodeSign1 - R6 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5b:36:ee:84:26:16:6a:d0:b2:07:88:87:c1:eb:96:a3:34:b2:22:a7:00:2d:7d:c4:b6:9b:b2:1f:c8:60:3a:df
Signer

Actual PE Digest

5b:36:ee:84:26:16:6a:d0:b2:07:88:87:c1:eb:96:a3:34:b2:22:a7:00:2d:7d:c4:b6:9b:b2:1f:c8:60:3a:df

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Buildserver\agent\_work\7\s\a-squared64\EmsiClean.pdb

Imports

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comdlg32

FindTextW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
InitCommonControls
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_DrawIndirect
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

Shell_NotifyIconW
SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW

user32

CopyImage
CreateWindowExW
ChildWindowFromPoint
GetMenuItemInfoW
SetMenuItemInfoW
DefFrameProcW
GetDCEx
PeekMessageW
MonitorFromWindow
GetDlgCtrlID
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
IsWindowUnicode
RegisterWindowMessageW
FillRect
GetMenuStringW
DispatchMessageW
CreateAcceleratorTableW
SendMessageA
DefMDIChildProcW
EnumWindows
GetClassInfoW
ShowOwnedPopups
GetSystemMenu
GetScrollRange
SetScrollPos
GetScrollPos
GetActiveWindow
SetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
DrawFocusRect
EnumChildWindows
GetScrollBarInfo
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
CreatePopupMenu
ScrollWindow
ShowCaret
GetMenuItemID
GetLastActivePopup
CharLowerBuffW
GetSystemMetrics
PostMessageW
DrawMenuBar
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
IsChild
GetClassLongPtrW
SetClassLongPtrW
ClientToScreen
GetClipboardData
SetClipboardData
SetWindowPlacement
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
EnableWindow
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetDC
GetFocus
SetFocus
EndPaint
ExitWindowsEx
ReleaseDC
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
ActivateKeyboardLayout
GetParent
DrawTextW
SetScrollRange
MonitorFromRect
InsertMenuItemW
PeekMessageA
GetPropW
MessageBoxW
MessageBeep
SetPropW
RemovePropW
UpdateWindow
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
EmptyClipboard
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
GetWindowLongPtrW
SetWindowLongPtrW
BringWindowToTop
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
RemoveMenu
GetSysColorBrush
GetKeyboardLayoutNameW
GetWindowDC
TranslateMessage
OpenClipboard
DrawTextExW
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CloseClipboard
DestroyCursor
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
CopyIcon
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
GetMessagePos
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetCursorPos
HideCaret
GetMenu
GetMenuState
SetMenu
SetRect
GetKeyState
FindWindowExW
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetCursor
GetWindow
GetWindowRect
InsertMenuW
KillTimer
WaitMessage
IsWindowEnabled
IsDialogMessageA
TranslateMDISysAccel
GetWindowPlacement
CreateIconIndirect
FindWindowW
DeleteMenu
GetKeyboardLayout

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

SysFreeString
VariantClear
VariantInit
GetErrorInfo
SysReAllocStringLen
SafeArrayCreate
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType

advapi32

ControlService
OpenThreadToken
RegUnLoadKeyW
RegSaveKeyW
EqualSid
DeleteService
RegReplaceKeyW
QueryServiceStatusEx
GetTokenInformation
LookupAccountSidW
RegCreateKeyExW
ChangeServiceConfigW
SetSecurityDescriptorDacl
SetEntriesInAclW
RevertToSelf
RegEnumKeyExW
AdjustTokenPrivileges
QueryServiceConfigW
LookupPrivilegeValueW
OpenSCManagerW
RegOpenKeyExW
AllocateAndInitializeSid
RegDeleteValueW
ImpersonateLoggedOnUser
RegFlushKey
RegEnumValueW
RegQueryValueExW
InitializeSecurityDescriptor
RegRestoreKeyW
EnumServicesStatusW
RegSetValueExW
CloseServiceHandle
RegConnectRegistryW
ConvertStringSidToSidW
GetUserNameW
RegQueryInfoKeyW
StartServiceW
CreateProcessAsUserW
CreateProcessWithLogonW
OpenServiceW
RegLoadKeyW
QueryServiceStatus
RegDeleteKeyW
OpenProcessToken
FreeSid
SetNamedSecurityInfoW
ConvertSidToStringSidW
RegCloseKey
LogonUserW

netapi32

NetWkstaGetInfo
NetApiBufferFree

msvcrt

isupper
isalpha
isalnum
toupper
memchr
memcmp
memcpy
memset
isprint
isspace
iscntrl
isxdigit
ispunct
isgraph
islower
tolower

kernel32

SetFileAttributesW
RtlUnwindEx
QueryDosDeviceW
GetACP
GetExitCodeProcess
CloseHandle
LocalFree
GetCurrentProcessId
SizeofResource
VirtualProtect
TerminateThread
QueryPerformanceFrequency
SetHandleInformation
IsDebuggerPresent
FindNextFileW
GetFullPathNameW
VirtualFree
GetProcessHeap
ExitProcess
HeapAlloc
ReplaceFileW
GetCPInfoExW
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
FileTimeToLocalFileTime
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
FileTimeToDosDateTime
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
CopyFileW
MapViewOfFile
CreateMutexW
LoadLibraryA
GetVolumeInformationW
ResetEvent
MulDiv
FreeResource
GetDriveTypeW
GetVersion
RaiseException
MoveFileW
GlobalAddAtomW
FormatMessageW
OpenProcess
FindVolumeClose
SwitchToThread
GetExitCodeThread
OutputDebugStringW
GetCurrentThread
GetLogicalDrives
SetThreadUILanguage
FindFirstVolumeW
LoadLibraryExW
LockResource
CancelIo
GetCurrentThreadId
UnhandledExceptionFilter
MoveFileExW
GlobalFindAtomW
VirtualQuery
GlobalFree
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
ReleaseMutex
FlushFileBuffers
LoadResource
SuspendThread
GetTickCount
WaitForMultipleObjects
GetFileSize
GlobalDeleteAtom
GetStartupInfoW
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
GlobalLock
VirtualAlloc
GetTempPathW
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVolumePathNamesForVolumeNameW
GetLogicalDriveStringsW
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
DeviceIoControl
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
UnmapViewOfFile
lstrlenW
QueryPerformanceCounter
SetEndOfFile
lstrcmpW
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
EnumResourceNamesW
DeleteFileW
GetLocalTime
WaitForSingleObject
WriteFile
CreateFileMappingW
ExitThread
CreatePipe
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
GetComputerNameW
IsValidLocale
TlsSetValue
CreateDirectoryW
GetOverlappedResult
GetSystemDefaultUILanguage
EnumCalendarInfoW
FindNextVolumeW
LocalAlloc
RemoveDirectoryW
CreateEventW
WaitForMultipleObjectsEx
GetThreadLocale
SetThreadLocale

wintrust

CryptCATCatalogInfoFromContext
CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash
WinVerifyTrust
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext

crypt32

CertGetNameStringW
CryptQueryObject
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptMsgClose

userenv

GetAllUsersProfileDirectoryW

ole32

IsEqualGUID
OleInitialize
CoInitializeEx
CreateBindCtx
OleUninitialize
MkParseDisplayName
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc

secur32

GetUserNameExW

gdi32

Pie
SetBkMode
CreateCompatibleBitmap
GetEnhMetaFileHeader
RectVisible
AngleArc
ResizePalette
SetAbortProc
SetTextColor
StretchBlt
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
PolyBezierTo
CreateICW
CreateDCW
GetStockObject
CreateSolidBrush
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
StartDocW
AbortDoc
GetSystemPaletteEntries
GetEnhMetaFileBits
GetEnhMetaFilePaletteEntries
CreatePenIndirect
CreateFontIndirectW
PolyBezier
EndDoc
GetObjectW
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
Arc
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
SaveDC
DeleteDC
FrameRgn
BitBlt
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
SetWinMetaFileBits
GetStretchBltMode
CreateDIBitmap
SetStretchBltMode
GetDIBits
CreateDIBSection
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetNearestPaletteIndex
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

ntdll

NtQuerySymbolicLinkObject
NtQueryInformationFile
NtClose
RtlInitUnicodeString
NtOpenDirectoryObject
NtOpenSymbolicLinkObject

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 581KB - Virtual size: 581KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 72KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 155B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 648B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 109B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 242KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 281KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 430KB - Virtual size: 430KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug
Size: 109B - Virtual size: 109B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tools/Eset/esetuninstaller.exe
.exe windows:6 windows x86 arch:x86

9a47f1cc66ab9a6bd52b6276191c8e50

Code Sign

87:82:52:60:00:00:00:00:51:d3:73:d9
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

10/06/2015, 13:42

Not After

10/11/2030, 14:12

Subject

CN=Entrust Extended Validation Code Signing CA - EVCS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:f9:7d:05:4a:9b:fc:bf:9d:5e:12:f8:d0:ab:be:07
Certificate

Issuer

CN=Entrust Extended Validation Code Signing CA - EVCS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

08/12/2020, 14:34

Not After

08/12/2023, 14:34

Subject

SERIALNUMBER=31 333 532,CN=ESET\, spol. s r.o.,O=ESET\, spol. s r.o.,L=Bratislava,C=SK,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302534b

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:42:00:ba:5e:23:b0:a1:f3:99:00:00:00:00:00:42
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/07/2015, 20:55

Not After

07/07/2025, 20:55

Subject

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fa:9c:19:a9:f4:39:a7:aa:c6:bf:8d:46:c8:f8:b4:cd:6a:ca:1e
Certificate

Issuer

CN=ESET Code Signing CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

13/07/2023, 00:00

Not After

15/07/2026, 00:00

Subject

CN=ESET\, spol. s r.o.,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7d:90:d1:7c:6b:36:ca:f6:8f:b9:b7:2f:65:68:b8:22:3d:30:2d:a8
Certificate

Issuer

CN=ESET Root Certificate Authority 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

17/07/2020, 00:00

Not After

17/07/2030, 00:00

Subject

CN=ESET Code Signing CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:1b:95:25:17:c8:de:e2:27:42:79:ec:df:05:5d:81:0b:2e:c3:fe
Certificate

Issuer

CN=ESET Timestamping CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

12/07/2023, 00:00

Not After

16/07/2026, 00:00

Subject

CN=ESET Timestamp,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

76:79:fc:14:55:72:11:3a:f7:92:d1:f4:af:3c:4e:3a:8a:8a:6e:38
Certificate

Issuer

CN=ESET Root Certificate Authority 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

16/07/2020, 00:00

Not After

16/07/2030, 00:00

Subject

CN=ESET Timestamping CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

a1:b0:ef:97:0d:2e:60:b3:36:ea:17:b4:6a:bf:3d:59:d1:b9:8f:2c:47:c9:ea:77:56:81:6b:e0:a8:da:fe:4f
Signer

Actual PE Digest

a1:b0:ef:97:0d:2e:60:b3:36:ea:17:b4:6a:bf:3d:59:d1:b9:8f:2c:47:c9:ea:77:56:81:6b:e0:a8:da:fe:4f

Digest Algorithm

sha256

PE Digest Matches

true

a1:b0:ef:97:0d:2e:60:b3:36:ea:17:b4:6a:bf:3d:59:d1:b9:8f:2c:47:c9:ea:77:56:81:6b:e0:a8:da:fe:4f
Signer

Actual PE Digest

a1:b0:ef:97:0d:2e:60:b3:36:ea:17:b4:6a:bf:3d:59:d1:b9:8f:2c:47:c9:ea:77:56:81:6b:e0:a8:da:fe:4f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Uninstaller.pdb

Imports

kernel32

GetExitCodeThread
ExpandEnvironmentStringsW
SetEndOfFile
FlushFileBuffers
SetFileAttributesW
GetFileInformationByHandle
GetSystemInfo
GetLocaleInfoW
GetTimeZoneInformation
VerSetConditionMask
VerifyVersionInfoW
Sleep
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetConsoleOutputCP
ReadConsoleW
PeekConsoleInputA
ReadConsoleInputW
GetNumberOfConsoleInputEvents
SetConsoleMode
GetConsoleMode
GetFullPathNameW
CopyFileW
GetCurrentThread
GetCurrentThreadId
lstrcmpiW
LoadLibraryExW
RaiseException
MultiByteToWideChar
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
MoveFileExW
FindFirstFileW
MoveFileW
DeleteFileW
lstrlenW
GetLogicalDrives
ReleaseMutex
CreateMutexW
SetConsoleCtrlHandler
ExitProcess
GetCurrentProcessId
SetFilePointer
WriteConsoleW
WriteFile
FormatMessageW
GetModuleFileNameW
GetModuleHandleW
WideCharToMultiByte
FindResourceExW
FindResourceW
SizeofResource
LockResource
LoadResource
GetCurrentProcess
LocalFree
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
FreeLibrary
LoadLibraryW
GetProcAddress
DeleteCriticalSection
GetExitCodeProcess
CreateProcessW
WaitForSingleObject
TerminateProcess
ReadFile
PeekNamedPipe
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetLastError
RemoveDirectoryW
FindClose
FindNextFileW
GetCurrentDirectoryW
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetCommandLineW
GetCommandLineA
GetStdHandle
VirtualQuery
VirtualProtect
VirtualAlloc
SystemTimeToTzSpecificLocalTime
GetFileAttributesExW
GetLocalTime
GetFileType
FindFirstFileExW
SetStdHandle
TlsFree
LCMapStringEx
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
OutputDebugStringW
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue

user32

CharNextW
LoadStringW
ExitWindowsEx
GetSystemMetrics
MsgWaitForMultipleObjects

advapi32

RegLoadKeyW
OpenProcessToken
LookupPrivilegeValueW
FreeSid
AllocateAndInitializeSid
LsaRemoveAccountRights
LsaNtStatusToWinError
DeleteAce
EqualSid
GetAclInformation
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
SetServiceStatus
DeleteService
ControlService
QueryServiceStatus
StartServiceW
CreateServiceW
OpenSCManagerW
OpenThreadToken
SetSecurityDescriptorGroup
CopySid
IsValidSid
RegDeleteValueW
RegEnumValueW
RegUnLoadKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW
RevertToSelf
ImpersonateSelf
AddAccessAllowedAceEx
AddAce
GetAce
InitializeAcl
GetLengthSid
GetNamedSecurityInfoW
SetNamedSecurityInfoW
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetTokenInformation
AdjustTokenPrivileges

shell32

SHFileOperationW
ShellExecuteW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CLSIDFromProgID

oleaut32

RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
SysStringLen
VariantClear
SysFreeString
SysAllocString

Sections

.text
Size: 775KB - Virtual size: 775KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tools/F-Secure/FsUninstallationTool.exe
.exe windows:6 windows x86 arch:x86

dd41c37792372a91398ee928ea65e2a3

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:ce:9e:0e:c9:d2:71:3f:0d:21:c2:31:9d:31:0a:60
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

22/06/2022, 00:00

Not After

21/06/2025, 23:59

Subject

SERIALNUMBER=0705579-2,CN=F-Secure Corporation,O=F-Secure Corporation,L=Helsinki,C=FI,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024649

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

87:40:e5:2a:39:2a:7b:b1:9f:f3:06:72:c0:61:49:53:c8:be:03:72:db:b8:a6:5d:33:33:aa:6d:c1:b8:be:46
Signer

Actual PE Digest

87:40:e5:2a:39:2a:7b:b1:9f:f3:06:72:c0:61:49:53:c8:be:03:72:db:b8:a6:5d:33:33:aa:6d:c1:b8:be:46

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\jenkins\workspace\OneClient\ccf_uninstallation_tool\ccf_uninstallation_tool\output\x86\Release_Static\uninstallation_tool_32.pdb

Imports

gdiplus

GdipCreatePath
GdipDeletePath
GdipFree
GdipFillPath
GdipStartPathFigure
GdipAddPathArcI
GdipResetPath
GdipDrawArcI
GdipGetPenWidth
GdiplusShutdown
GdiplusStartup
GdipFillEllipseI
GdipDrawEllipseI
GdipSetPenLineCap197819
GdipDrawPath
GdipSetPenMode
GdipDeletePen
GdipCreatePen1
GdipAlloc
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipScaleMatrix
GdipTranslateMatrix
GdipDeleteMatrix
GdipCreateMatrix
GdipTransformPath
GdipAddPathBezier
GdipAddPathLine
GdipClosePathFigure

kernel32

GetTempPathW
GetTickCount
GetSystemDirectoryW
GetSystemWindowsDirectoryW
GetModuleFileNameW
CopyFileW
MoveFileExW
GetCurrentProcess
LocalFree
VerSetConditionMask
IsWow64Process
VerifyVersionInfoW
SetLastError
CreateProcessW
RaiseException
GetCurrentThread
ExpandEnvironmentStringsW
OutputDebugStringA
GetCurrentThreadId
GetSystemTime
GetLocalTime
GetTimeZoneInformation
FlushFileBuffers
GetFileInformationByHandle
SetFilePointerEx
ReleaseMutex
GetTickCount64
LoadLibraryExW
HeapAlloc
HeapFree
GetProcessHeap
OpenMutexW
GetLocaleInfoA
GetUserDefaultUILanguage
MulDiv
GetShortPathNameW
CreateToolhelp32Snapshot
Module32FirstW
Process32FirstW
Process32NextW
OpenProcess
TerminateProcess
GetCPInfoExW
CreatePipe
SetHandleInformation
ReadFile
GlobalFindAtomW
GlobalDeleteAtom
GlobalAddAtomW
GetModuleFileNameA
LoadLibraryExA
FormatMessageA
DecodePointer
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetFileAttributesW
RtlUnwind
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
GetSystemTimeAsFileTime
LCMapStringEx
EncodePointer
LeaveCriticalSection
GetModuleHandleExW
EnterCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
GetExitCodeThread
Sleep
WaitForSingleObjectEx
SleepConditionVariableSRW
WakeAllConditionVariable
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ExitProcess
DuplicateHandle
GetFileType
GetDateFormatW
RemoveDirectoryW
SizeofResource
LockResource
LoadResource
FindResourceW
GetExitCodeProcess
WaitForSingleObject
WriteFile
CreateFileW
GetModuleHandleW
GetTimeFormatW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateDirectoryW
LoadLibraryW
GetProcAddress
FreeLibrary
ProcessIdToSessionId
GetCurrentProcessId
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSectionEx
GetCommandLineW
CreateMutexW
SetEvent
WaitForMultipleObjects
GetLastError
CreateEventW
CloseHandle
GetStdHandle
WriteConsoleW
FreeConsole
AttachConsole
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
GetFileSizeEx
HeapReAlloc
GetFileAttributesExW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
HeapSize
SetEndOfFile
FreeLibraryAndExitThread

user32

GetMonitorInfoW
MonitorFromPoint
KillTimer
AttachThreadInput
PostQuitMessage
RegisterClassExW
CreateWindowExW
IsIconic
SetActiveWindow
SetForegroundWindow
GetWindowThreadProcessId
SetTimer
IsDialogMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadCursorW
SetCursor
SystemParametersInfoW
GetSysColor
PtInRect
OffsetRect
ScreenToClient
GetCursorPos
GetNextDlgGroupItem
GetSystemMetrics
DrawIconEx
DrawFocusRect
AdjustWindowRect
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
IsWindowEnabled
EnableWindow
IsWindowVisible
SetWindowPos
ShowWindow
FillRect
GetClientRect
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
GetDlgCtrlID
CallWindowProcW
DefWindowProcW
TrackMouseEvent
EnumChildWindows
SetWindowLongW
GetWindowLongW
EndDialog
DialogBoxParamW
CreateDialogParamW
DestroyWindow
GetForegroundWindow
AllowSetForegroundWindow
UnregisterClassW
ExitWindowsEx
SetFocus
PostMessageW
LoadIconW
CheckRadioButton
GetDlgItem
DestroyIcon
GetParent
SendMessageW
DrawTextW
InflateRect

gdi32

CreateFontW
GetObjectW
GetTextExtentExPointW
CreateFontIndirectW
GetStockObject
CreateSolidBrush
GetTextColor
GetTextMetricsW
GetDeviceCaps
SelectObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SetTextColor
SetBkColor
DeleteObject
SetBkMode

advapi32

StartServiceW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
EnumDependentServicesW
DeleteService
ControlService
CloseServiceHandle
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
LookupPrivilegeValueW
RevertToSelf
ImpersonateSelf
AdjustTokenPrivileges
OpenThreadToken
SetNamedSecurityInfoW
SetEntriesInAclW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorControl
GetSecurityDescriptorDacl
ConvertSidToStringSidW
LookupAccountNameW
IsValidSid
GetLengthSid
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteTreeW
RegGetValueW
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSidSubAuthority
GetSidSubAuthorityCount
GetNamedSecurityInfoW
RegEnumValueW

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceInfoListDetailW
SetupDiGetClassDevsExW
SetupDiDestroyDeviceInfoList
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsW
SetupDiGetDeviceRegistryPropertyW
CM_Get_Device_ID_ExW

Sections

.text
Size: 654KB - Virtual size: 653KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tools/GData/AVCleaner.exe
.exe windows:6 windows x86 arch:x86

462fb733f74df2df69b5016091730be3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\j\workspace\OnCommit_AppDev_avcleaner_master\bin\Release32v14x\AVKCleaner.pdb

Imports

kernel32

FindClose
FindFirstFileW
FindNextFileW
DecodePointer
CloseHandle
RaiseException
GetLastError
SetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentProcess
GetCurrentThreadId
FindResourceExW
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadResource
LockResource
SizeofResource
FindResourceW
lstrcmpiW
lstrlenW
MultiByteToWideChar
CreateFileW
DeleteFileW
GetFileAttributesW
RemoveDirectoryW
SetFileAttributesW
SetFileTime
WaitForSingleObject
Sleep
TerminateProcess
GetExitCodeProcess
CreateProcessW
OpenProcess
GetSystemTime
LoadLibraryW
MoveFileExW
SystemTimeToFileTime
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateThread
TerminateThread
GetSystemDirectoryW
GetWindowsDirectoryW
GetVersionExW
LoadLibraryA
WinExec
WideCharToMultiByte
OutputDebugStringW
SetEvent
ResetEvent
CreateEventW
OpenEventW
WaitForMultipleObjects
InitializeSListHead
InterlockedPopEntrySList
GetCurrentProcessId
ResumeThread
GetThreadId
GetModuleHandleA
LocalFree
FormatMessageW
VerSetConditionMask
SearchPathW
FileTimeToLocalFileTime
GetDriveTypeW
GetFileInformationByHandle
GetFileSize
GetFileSizeEx
GetLogicalDrives
GetShortPathNameW
GetTempFileNameW
ReadFile
SetEndOfFile
SetFilePointerEx
WriteFile
GetTempPathW
GetVolumeNameForVolumeMountPointW
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
DeviceIoControl
GetOverlappedResult
CancelIoEx
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
ReleaseMutex
CreateMutexW
OpenMutexW
CreateEventA
InterlockedPushEntrySList
SwitchToThread
GetCurrentThread
SetThreadPriority
GetThreadPriority
ProcessIdToSessionId
GetSystemInfo
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
GetModuleHandleExW
LocalAlloc
QueryFullProcessImageNameW
VerifyVersionInfoW
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
Module32FirstW
Module32NextW
ExpandEnvironmentStringsW
GlobalAlloc
GlobalFree
CreateMutexA
lstrcmpA
OpenMutexA
GetTickCount
IsWow64Process
InitializeCriticalSectionEx
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
GetFullPathNameW
GetLongPathNameW
VirtualProtect
WriteConsoleW
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
SetConsoleCtrlHandler
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStdHandle
ExitProcess
FreeLibraryAndExitThread
ExitThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwind
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
CompareStringEx
GetLocaleInfoEx
GetNativeSystemInfo
GetExitCodeThread
WaitForSingleObjectEx
CloseThreadpoolWait
IsDebuggerPresent
EncodePointer
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
FormatMessageA
FindFirstFileExW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetFinalPathNameByHandleW
SetFileInformationByHandle
AreFileApisANSI
CreateDirectoryExW
CopyFileW
CreateHardLinkW
GetFileInformationByHandleEx
CreateSymbolicLinkW
GetStringTypeW
InitOnceExecuteOnce
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
RtlCaptureStackBackTrace
LCMapStringEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
GetSystemTimeAsFileTime
GetTickCount64
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
VirtualQuery

user32

GetActiveWindow
EndDialog
DialogBoxParamW
GetMonitorInfoW
MonitorFromWindow
LoadImageW
GetWindow
GetParent
GetWindowLongW
MapWindowPoints
MessageBoxW
GetWindowRect
GetClientRect
GetSystemMetrics
SetWindowTextW
SetDlgItemTextW
GetDlgItem
SetWindowPos
IsWindow
SendMessageW
LoadStringW
IsDialogMessageW
SetWindowLongW
CharNextW
CreateDialogParamW
ShowWindow
DestroyWindow
UnregisterClassW
PostQuitMessage
DefWindowProcW
ExitWindowsEx
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
EnableWindow

shell32

SHChangeNotify
SHGetFolderPathW
SHGetSpecialFolderLocation
ShellExecuteW
ShellExecuteExW

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 317KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Tools/K7/K7RT.exe
.exe windows:5 windows x86 arch:x86

915637244f082d18cf3d4ad29e5b0ae8

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:50:ba:6a:14:d5:1e:89:db:75:ff:f8:e6:06:21:8e
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/01/2020, 00:00

Not After

13/12/2021, 12:00

Subject

SERIALNUMBER=040383,CN=K7 Computing Pvt Ltd,O=K7 Computing Pvt Ltd,L=Chennai,ST=Tamil Nadu,C=IN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302494e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:bb:b0:c1:07:9f:1b:17:73:04:a3:3c:18:09:b6:a4
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/01/2020, 00:00

Not After

13/12/2021, 12:00

Subject

SERIALNUMBER=040383,CN=K7 Computing Pvt Ltd,O=K7 Computing Pvt Ltd,L=Chennai,ST=Tamil Nadu,C=IN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302494e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

25:aa:96:72:91:20:80:ad:3a:bb:cf:44:83:f0:4b:57:8a:90:a8:84:0a:50:49:32:1e:07:32:b7:d0:60:71:81
Signer

Actual PE Digest

25:aa:96:72:91:20:80:ad:3a:bb:cf:44:83:f0:4b:57:8a:90:a8:84:0a:50:49:32:1e:07:32:b7:d0:60:71:81

Digest Algorithm

sha256

PE Digest Matches

true

fe:3b:3b:f0:24:92:dd:e1:8c:d6:87:13:d6:04:8e:9f:ff:cb:3f:4c
Signer

Actual PE Digest

fe:3b:3b:f0:24:92:dd:e1:8c:d6:87:13:d6:04:8e:9f:ff:cb:3f:4c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
HeapCreate
HeapDestroy
ExpandEnvironmentStringsA
lstrcpyA
GetSystemDirectoryA
Sleep
SearchPathA
WideCharToMultiByte
ExpandEnvironmentStringsW
SetCurrentDirectoryA
MultiByteToWideChar
GetCurrentProcess
LockResource
LoadResource
SizeofResource
FindResourceA
GetModuleFileNameA
SetErrorMode
WinExec
CreateThread
GetLocaleInfoA
lstrcmpiA
GetFileAttributesA
GetStartupInfoA
CreateProcessA
WaitForSingleObject
GetModuleHandleA
GetWindowsDirectoryA
CopyFileA
CreateFileA
WriteFile
GetLocalTime
lstrlenA
LoadLibraryA
GetProcAddress
FreeLibrary
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
TerminateProcess
CloseHandle
FindFirstFileA
FindClose
FindNextFileA
SetLastError
RemoveDirectoryA
GetShortPathNameA
MoveFileExA
GetProcessHeap
HeapAlloc
HeapFree
GetVersion
DeleteFileA
GetLastError
GetTempPathA
lstrcatA
SetFileAttributesA
FreeResource
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
HeapSize
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetConsoleMode
GetConsoleCP
WaitNamedPipeA
TransactNamedPipe
SetNamedPipeHandleState
GetVersionExA
GetCurrentThreadId
lstrcpynA
ReadFile
GetCurrentProcessId
SetFilePointer
DeviceIoControl
GetModuleHandleW
ExitProcess
GetCommandLineA
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
RtlUnwind
VirtualFree
VirtualAlloc
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetStringTypeA

user32

EnableWindow
SetWindowTextA
SetDlgItemTextA
EndDialog
wsprintfA
ExitWindowsEx
DialogBoxParamA
MessageBoxA
FindWindowA
SendMessageA
SendDlgItemMessageA
GetDlgItem
CharLowerA
PostMessageA

gdi32

GetStockObject
CreateFontIndirectA

advapi32

FreeSid
AllocateAndInitializeSid
RegSetValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyExA
RegEnumKeyA
OpenSCManagerA
OpenServiceA
DeleteService
CloseServiceHandle
RegOpenKeyA
RegQueryValueExA
RegCloseKey
QueryServiceStatus

shell32

ShellExecuteExA
SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoUninitialize
CoInitialize
StringFromGUID2

oleaut32

SysFreeString
SysAllocString

shlwapi

PathFileExistsA
SHDeleteKeyA

ws2_32

WSCDeinstallProvider
WSCGetProviderPath
WSCInstallProvider
WSCWriteProviderOrder
WSAStartup
WSCEnumProtocols
WSACleanup

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Tools/Kaspersky/kavremvr.exe
.exe windows:6 windows x86 arch:x86

8b18edac65cf62fc24dc39039063d3c6

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:bf:f1:25:c6:50:d7:c5:a0:82:20:8f
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/08/2022, 10:44

Not After

04/08/2025, 10:44

Subject

SERIALNUMBER=1027739867473,CN=AO Kaspersky Lab,O=AO Kaspersky Lab,STREET=sh Leningradskoe\, 39A / str 2,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:cc:0c:ca:0c:2c:b1:40:61:6e:db:ac:81:b9:6e
Certificate

Issuer

CN=Kaspersky Lab,O=Kaspersky Lab,L=Moscow,C=RU

Not Before

25/08/2021, 14:06

Not After

25/08/2036, 14:06

Subject

CN=Kaspersky Lab,O=Kaspersky Lab,L=Moscow,C=RU

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e9:8a:2d:ce:e3:e7:bd:4f:c9:2f:c2:33:d0:64:50:10:4c:5f:62:69:b3:5a:b2:75:f2:ae:bd:50:c1:d9:cd:b0
Signer

Actual PE Digest

e9:8a:2d:ce:e3:e7:bd:4f:c9:2f:c2:33:d0:64:50:10:4c:5f:62:69:b3:5a:b2:75:f2:ae:bd:50:c1:d9:cd:b0

Digest Algorithm

sha256

PE Digest Matches

true

e9:8a:2d:ce:e3:e7:bd:4f:c9:2f:c2:33:d0:64:50:10:4c:5f:62:69:b3:5a:b2:75:f2:ae:bd:50:c1:d9:cd:b0
Signer

Actual PE Digest

e9:8a:2d:ce:e3:e7:bd:4f:c9:2f:c2:33:d0:64:50:10:4c:5f:62:69:b3:5a:b2:75:f2:ae:bd:50:c1:d9:cd:b0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\a\c\d_00000000\s\product\kleaner\source\_out\Win32\Release\kavremvr.pdb

Imports

kernel32

ExitProcess
GetProcAddress
LoadLibraryA
OutputDebugStringA
OutputDebugStringW
VirtualProtect

Exports

Exports

mainEECStartup

Sections

.text
Size: 328KB - Virtual size: 328KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eecseg
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14.0MB - Virtual size: 14.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tools/Malwarebytes/mb-support-1.9.11.1017.exe
.exe windows:4 windows x86 arch:x86

3786a4cf8bfee8b4821db03449141df4

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a6:57:f7:78:b3:1a:e5:23:d6:67:13:17:18:d1:6e:b2
Certificate

Issuer

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

Not Before

23/03/2022, 00:00

Not After

16/03/2025, 23:59

Subject

CN=Malwarebytes Inc.,O=Malwarebytes Inc.,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9e:02:b0:e9:4a:ce:b2:10:9c:a1:e9:83:6b:e0:c2:db
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

25/05/2021, 00:00

Not After

24/05/2036, 23:59

Subject

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

19/11/2020, 20:32

Not After

19/11/2035, 20:42

Subject

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:3c:7f:1b:a0:ca:00:37:45:b9:00:00:00:00:00:3c
Certificate

Issuer

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Not Before

15/02/2024, 20:36

Not After

15/02/2025, 20:36

Subject

CN=Microsoft Public RSA Time Stamping Authority,OU=Microsoft America Operations+OU=nShield TSS ESN:A500-05E0-D947,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

16/04/2020, 18:36

Not After

16/04/2045, 18:44

Subject

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:77:b3:9e:4e:bd:90:76:b7:65:a5:00:00:00:00:77:b3
Certificate

Issuer

CN=Microsoft ID Verified CS EOC CA 01,O=Microsoft Corporation,C=US

Not Before

08/06/2024, 23:13

Not After

11/06/2024, 23:13

Subject

CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:77:b3:9e:4e:bd:90:76:b7:65:a5:00:00:00:00:77:b3
Certificate

Issuer

CN=Microsoft ID Verified CS EOC CA 01,O=Microsoft Corporation,C=US

Not Before

08/06/2024, 23:13

Not After

11/06/2024, 23:13

Subject

CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:06:4a:1a:fa:cf:05:61:6a:74:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Not Before

13/04/2021, 17:31

Not After

13/04/2026, 17:31

Subject

CN=Microsoft ID Verified CS EOC CA 01,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

01/04/2021, 20:05

Not After

01/04/2036, 20:15

Subject

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

19/11/2020, 20:32

Not After

19/11/2035, 20:42

Subject

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:38:ff:62:32:e5:01:d4:ad:04:00:00:00:00:00:38
Certificate

Issuer

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Not Before

15/02/2024, 20:36

Not After

15/02/2025, 20:36

Subject

CN=Microsoft Public RSA Time Stamping Authority,OU=Microsoft America Operations+OU=Thales TSS ESN:E462-96F0-442E,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c1:09:5b:e5:36:d0:bb:bc:a4:d2:30:cc:2b:b0:ff:9f:13:0d:ee:72:7c:d8:28:04:4e:b9:83:cf:0b:8b:1e:e2
Signer

Actual PE Digest

c1:09:5b:e5:36:d0:bb:bc:a4:d2:30:cc:2b:b0:ff:9f:13:0d:ee:72:7c:d8:28:04:4e:b9:83:cf:0b:8b:1e:e2

Digest Algorithm

sha256

PE Digest Matches

true

c1:09:5b:e5:36:d0:bb:bc:a4:d2:30:cc:2b:b0:ff:9f:13:0d:ee:72:7c:d8:28:04:4e:b9:83:cf:0b:8b:1e:e2
Signer

Actual PE Digest

c1:09:5b:e5:36:d0:bb:bc:a4:d2:30:cc:2b:b0:ff:9f:13:0d:ee:72:7c:d8:28:04:4e:b9:83:cf:0b:8b:1e:e2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VariantClear
SysAllocString

user32

SendMessageA
SetTimer
DialogBoxParamW
DialogBoxParamA
SetWindowLongA
GetWindowLongA
SetWindowTextW
LoadIconA
LoadStringW
LoadStringA
CharUpperW
CharUpperA
DestroyWindow
EndDialog
PostMessageA
ShowWindow
MessageBoxW
GetDlgItem
KillTimer
SetWindowTextA

shell32

ShellExecuteExA

kernel32

GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
InterlockedIncrement
InterlockedDecrement
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
GetCurrentProcess
TerminateProcess
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
SetUnhandledExceptionFilter
TlsAlloc
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
WaitForSingleObject
CloseHandle
CreateProcessA
SetCurrentDirectoryA
GetCommandLineW
GetVersionExA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetLastError
LoadLibraryA
AreFileApisANSI
GetModuleFileNameA
GetModuleFileNameW
LocalFree
FormatMessageA
FormatMessageW
GetWindowsDirectoryA
SetFileTime
CreateFileW
SetLastError
SetFileAttributesA
RemoveDirectoryA
SetFileAttributesW
RemoveDirectoryW
CreateDirectoryA
CreateDirectoryW
DeleteFileA
DeleteFileW
lstrlenA
GetFullPathNameA
GetFullPathNameW
GetCurrentDirectoryA
GetTempPathA
GetTempFileNameA
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
CreateFileA
GetFileSize
SetFilePointer
ReadFile
WriteFile
SetEndOfFile
GetStdHandle
WaitForMultipleObjects
Sleep
VirtualAlloc
VirtualFree
CreateEventA
SetEvent
ResetEvent
InitializeCriticalSection
RtlUnwind
RaiseException
HeapAlloc
HeapFree
HeapReAlloc
CreateThread
GetCurrentThreadId
TlsSetValue
TlsGetValue
ExitThread

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 552KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Tools/Mcafee/MCPR.exe
.exe windows:4 windows x86 arch:x86

3abe302b6d9a1256e6a915429af4ffd2

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:9e:98:88:d0:f9:7a:54:32:82:7a:5e
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/10/2021, 17:33

Not After

04/10/2024, 17:33

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

47:e0:d8:57:8a:b2:00:08:39:19:fa:11
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

13/10/2023, 14:08

Not After

13/10/2026, 14:08

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

53:f3:e4:85:c5:16:1b:c2:8b:de:46:36:44:a1:fc:b7:5a:02:60:28:cf:18:59:a1:57:48:ab:5a:d1:f7:78:90
Signer

Actual PE Digest

53:f3:e4:85:c5:16:1b:c2:8b:de:46:36:44:a1:fc:b7:5a:02:60:28:cf:18:59:a1:57:48:ab:5a:d1:f7:78:90

Digest Algorithm

sha256

PE Digest Matches

true

53:f3:e4:85:c5:16:1b:c2:8b:de:46:36:44:a1:fc:b7:5a:02:60:28:cf:18:59:a1:57:48:ab:5a:d1:f7:78:90
Signer

Actual PE Digest

53:f3:e4:85:c5:16:1b:c2:8b:de:46:36:44:a1:fc:b7:5a:02:60:28:cf:18:59:a1:57:48:ab:5a:d1:f7:78:90

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
Sleep
GetTickCount
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GetWindowsDirectoryA
SetCurrentDirectoryA
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
CompareFileTime
SetFileAttributesA
GetFileAttributesA
GetShortPathNameA
MoveFileA
GetFullPathNameA
SetFileTime
SearchPathA
CloseHandle
lstrcmpiA
CreateThread
GlobalLock
lstrcmpA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$1/APPSTATS/RegKeyList.txt
$1/APPSTATS/appstats.ini
$1/APPSTATS/appstats_1.ini
$1/Auth/auth.ini
$1/Auth/auth1.ini
$1/Auth/files_authcore.txt
$1/Auth/files_ffplg.txt
$1/Auth/files_ieplg.txt
$1/Auth/master.ini
$1/Auth/reg.txt
$1/CSP/RegKeyList.txt
$1/CSP/csp.ini
$1/CSP/csp1.ini
$1/EMProxy/EmProxy.ini
$1/EMProxy/EmPrxy11.ini
$1/EMProxy/filelist.txt
$1/EMProxy/master.ini
$1/EMProxy/reglist.txt
$1/EULA.txt
$1/FWDriver/FWDriver1.ini
$1/FWDriver/FWDriver2.ini
$1/FWDriver/FWDriver_RegKeyList.txt
$1/FWDriver/depend.ini
$1/FWDriver/fwdriver.ini
$1/FWDriver/master.ini
$1/FWDriverCleanUP.wse
$1/HW/HW.ini
$1/HW/HW1.ini
$1/HW/HW11.ini
$1/HW/HW_RegKeyList.txt
$1/HW/depend.ini
$1/HW/master.ini
$1/HWCleanUP.wse
$1/LAM/FileList.txt
$1/LAM/FileListBeta.txt
$1/LAM/FileListRefresh.txt
$1/LAM/RegKeyList.txt
$1/LAM/RegKeyListBeta.txt
$1/LAM/RegKeyListRefresh.txt
$1/LAM/lam.ini
$1/LAM/lam1.ini
$1/LAM/lambeta.ini
$1/LAM/lamrefresh.ini
$1/MAS/Files_MAS11_Win9x.txt
$1/MAS/Files_MAS11_WinNT.txt
$1/MAS/Files_MAS20_Win9x.txt
$1/MAS/Files_MAS20_WinNT.txt
$1/MAS/RegKeys_MAS11_Win9x.txt
$1/MAS/RegKeys_MAS11_WinNT.txt
$1/MAS/RegKeys_MAS20_Win9x.txt
$1/MAS/RegKeys_MAS20_WinNT.txt
$1/MAS/depend.ini
$1/MAS/mas.ini
$1/MAS/mas1.ini
$1/MAS/mas2.ini
$1/MAS/master.ini
$1/MAS/project.info
$1/MAT/Files_MAT1.txt
$1/MAT/RegKeyList.txt
$1/MAT/mat.ini
$1/MAT/mat1.ini
$1/MBK/MBK.ini
$1/MBK/MBK1.ini
$1/MBK/MBK_RegKeyList.txt
$1/MBK/depend.ini
$1/MBK/master.ini
$1/MBKCleanUP.wse
$1/MCPR/cleanup.ini
$1/MCPR/mcpr.ini
$1/MCPR/regkeylist.txt
$1/MCPRCleanUP.wse
$1/MFP/MFP.ini
$1/MFP/MFP2.ini
$1/MFP/filelist_MFP2.txt
$1/MFP/mfputil_x64.exe
.exe windows:5 windows x64 arch:x64

375125cf54c4147129d3f93d93ac06f3

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:9e:98:88:d0:f9:7a:54:32:82:7a:5e
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/10/2021, 17:33

Not After

04/10/2024, 17:33

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

47:e0:d8:57:8a:b2:00:08:39:19:fa:11
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

13/10/2023, 14:08

Not After

13/10/2026, 14:08

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

24:f0:c1:73:cd:b2:2f:52:b1:3f:e6:8d:1c:4f:1e:6c:42:27:5d:29:f7:a4:93:a1:c0:67:b9:75:d6:7b:cf:f5
Signer

Actual PE Digest

24:f0:c1:73:cd:b2:2f:52:b1:3f:e6:8d:1c:4f:1e:6c:42:27:5d:29:f7:a4:93:a1:c0:67:b9:75:d6:7b:cf:f5

Digest Algorithm

sha256

PE Digest Matches

true

24:f0:c1:73:cd:b2:2f:52:b1:3f:e6:8d:1c:4f:1e:6c:42:27:5d:29:f7:a4:93:a1:c0:67:b9:75:d6:7b:cf:f5
Signer

Actual PE Digest

24:f0:c1:73:cd:b2:2f:52:b1:3f:e6:8d:1c:4f:1e:6c:42:27:5d:29:f7:a4:93:a1:c0:67:b9:75:d6:7b:cf:f5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\seshan\Code\trunk_safeeyes\support-projects\McCleanup\MFPUtil\x64\Release\MFPUtil_x64.pdb

Imports

kernel32

FreeLibrary
CreateProcessW
WaitForSingleObject
LoadLibraryW
GetFileAttributesW
GetModuleFileNameW
GetLastError
GetProcAddress
CloseHandle
WideCharToMultiByte
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
RaiseException
RtlPcToFileHeader
HeapFree
RtlUnwindEx
LCMapStringA
LCMapStringW
GetStringTypeW
HeapAlloc
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA

Sections

.text
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$1/MFP/mfputil_x86.exe
.exe windows:5 windows x86 arch:x86

1864160f6d8d189f3a2346ae1f5e0198

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:9e:98:88:d0:f9:7a:54:32:82:7a:5e
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/10/2021, 17:33

Not After

04/10/2024, 17:33

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

47:e0:d8:57:8a:b2:00:08:39:19:fa:11
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

13/10/2023, 14:08

Not After

13/10/2026, 14:08

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:66:cb:a9:ab:6e:73:6c:fb:53:ca:41:21:37:27:17:63:d4:39:4d:a2:bd:17:fe:c5:eb:8a:11:fa:63:d0:56
Signer

Actual PE Digest

65:66:cb:a9:ab:6e:73:6c:fb:53:ca:41:21:37:27:17:63:d4:39:4d:a2:bd:17:fe:c5:eb:8a:11:fa:63:d0:56

Digest Algorithm

sha256

PE Digest Matches

true

65:66:cb:a9:ab:6e:73:6c:fb:53:ca:41:21:37:27:17:63:d4:39:4d:a2:bd:17:fe:c5:eb:8a:11:fa:63:d0:56
Signer

Actual PE Digest

65:66:cb:a9:ab:6e:73:6c:fb:53:ca:41:21:37:27:17:63:d4:39:4d:a2:bd:17:fe:c5:eb:8a:11:fa:63:d0:56

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\seshan\Code\trunk_safeeyes\support-projects\McCleanup\MFPUtil\Release\MFPUtil_x86.pdb

Imports

kernel32

FreeLibrary
CreateProcessW
WaitForSingleObject
LoadLibraryW
GetFileAttributesW
GetModuleFileNameW
GetLastError
GetProcAddress
CloseHandle
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
RaiseException
HeapFree
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeW
HeapAlloc
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
VirtualAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
GetModuleHandleA

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$1/MFP/regkeylist_MFP2.txt
$1/MFP/x64/mfp.xml
$1/MFP/x64/sediag.exe
.exe windows:5 windows x64 arch:x64

ff273075d3607a6d0bc9ff1a0a970451

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:9e:98:88:d0:f9:7a:54:32:82:7a:5e
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/10/2021, 17:33

Not After

04/10/2024, 17:33

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

47:e0:d8:57:8a:b2:00:08:39:19:fa:11
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

13/10/2023, 14:08

Not After

13/10/2026, 14:08

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a4:a8:be:b5:b4:6f:89:7e:31:fe:67:e7:bf:bb:82:fc:37:97:ec:74:86:64:f2:31:f3:b7:9a:bb:1f:15:1b:01
Signer

Actual PE Digest

a4:a8:be:b5:b4:6f:89:7e:31:fe:67:e7:bf:bb:82:fc:37:97:ec:74:86:64:f2:31:f3:b7:9a:bb:1f:15:1b:01

Digest Algorithm

sha256

PE Digest Matches

true

a4:a8:be:b5:b4:6f:89:7e:31:fe:67:e7:bf:bb:82:fc:37:97:ec:74:86:64:f2:31:f3:b7:9a:bb:1f:15:1b:01
Signer

Actual PE Digest

a4:a8:be:b5:b4:6f:89:7e:31:fe:67:e7:bf:bb:82:fc:37:97:ec:74:86:64:f2:31:f3:b7:9a:bb:1f:15:1b:01

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\BuildEngineSpace\Temp\042c0399-17d6-4d6f-ad18-85b845106b7f\UNIQUE_BUILDFOLDER_1\build\MFP\x64\Release\sediag.pdb

Imports

ws2_32

WSCGetProviderPath32
WSCDeinstallProvider
WSCInstallProvider
WSCDeinstallProvider32
WSCEnumProtocols32
WSCWriteProviderOrder
WSCWriteProviderOrder32
WSCEnumProtocols
WSCGetProviderPath

shell32

DragQueryFileA
DragFinish
SHGetSpecialFolderLocation
SHGetFolderPathA
ShellExecuteExA
ShellExecuteA
SHGetPathFromIDListA
SHAppBarMessage
SHBrowseForFolderA
SHGetFileInfoA
SHGetDesktopFolder

rpcrt4

UuidCreate

kernel32

GetStringTypeW
CompareStringW
WriteConsoleW
GetProcessHeap
CreateFileW
SetEnvironmentVariableA
DeviceIoControl
HeapCreate
GetVersion
HeapSetInformation
GetStdHandle
SetHandleCount
GetTimeZoneInformation
LCMapStringW
IsValidCodePage
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileType
SetStdHandle
HeapSize
HeapQueryInformation
CreateThread
ExitThread
ExitProcess
HeapReAlloc
VirtualQuery
GetSystemInfo
SetThreadStackGuarantee
VirtualAlloc
GetStartupInfoW
GetCommandLineA
HeapAlloc
HeapFree
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
RaiseException
FindResourceExW
QueryPerformanceCounter
VirtualProtect
SearchPathA
GetProfileIntA
GetTempFileNameA
GetNumberFormatA
GetFileTime
GetFileSizeEx
GetFileAttributesA
FileTimeToLocalFileTime
GetFileAttributesExA
SetErrorMode
GetCurrentDirectoryA
lstrcpyA
GetSystemDirectoryW
GetOEMCP
GetCPInfo
FileTimeToSystemTime
GetACP
GlobalFlags
TlsFree
LocalReAlloc
FreeLibrary
GetProcAddress
LoadLibraryA
OutputDebugStringA
GetLocaleInfoA
SizeofResource
LockResource
LoadResource
FindResourceW
WideCharToMultiByte
CloseHandle
GetVersionExA
GetLastError
LoadLibraryExW
Sleep
GetTickCount
GetModuleHandleA
GetTempPathA
MultiByteToWideChar
GetWindowsDirectoryA
GetModuleFileNameA
DeleteFileA
LocalFree
LocalAlloc
GetCurrentProcess
GetCurrentThread
SetLastError
lstrlenA
MulDiv
GetConsoleCP
lstrlenW
FormatMessageA
GlobalUnlock
GlobalLock
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
GlobalAlloc
GlobalSize
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
TlsGetValue
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
lstrcmpiA
GetPrivateProfileStringA
WritePrivateProfileStringA
CopyFileA
GetPrivateProfileIntA
WaitForSingleObject
ResumeThread
SetThreadPriority
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
LoadLibraryExA
lstrcmpA
GetModuleHandleW
GetCurrentProcessId
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LoadLibraryW
GlobalFree
DeactivateActCtx
CreateActCtxW
lstrcmpW
FindResourceA
FreeResource
GetModuleFileNameW
ActivateActCtx
ReleaseActCtx

user32

IsMenu
MonitorFromPoint
UpdateLayeredWindow
UnionRect
MapVirtualKeyExA
IsCharLowerA
LoadImageW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadAcceleratorsA
InsertMenuItemA
TranslateAcceleratorA
LockWindowUpdate
SetCursorPos
SetRect
CreateAcceleratorTableA
LoadAcceleratorsW
FrameRect
GetUpdateRect
RegisterClipboardFormatA
GetKeyboardState
GetKeyboardLayout
ToAsciiEx
CopyAcceleratorTableA
DrawFrameControl
DrawEdge
DrawStateA
GetSystemMenu
LoadMenuW
SetClassLongPtrA
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
DrawIconEx
GetNextDlgGroupItem
LoadImageA
GetIconInfo
OffsetRect
MessageBeep
NotifyWinEvent
EnableScrollBar
HideCaret
DrawFocusRect
InvertRect
GetAsyncKeyState
IsRectEmpty
CreatePopupMenu
GetMenuDefaultItem
IntersectRect
DestroyIcon
WaitMessage
ReleaseCapture
WindowFromPoint
SetCapture
KillTimer
SetTimer
InvalidateRect
DeleteMenu
LoadCursorW
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
CopyImage
SystemParametersInfoA
PostThreadMessageA
GetMenuItemInfoA
InflateRect
RealChildWindowFromPoint
UnregisterClassA
LoadCursorA
GetSysColorBrush
CharUpperA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
MapVirtualKeyA
GetKeyNameTextA
ReleaseDC
GetDC
ShowOwnedPopups
SetCursor
GetMessageA
TranslateMessage
GetCursorPos
PostQuitMessage
GetWindowThreadProcessId
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
CopyIcon
CheckRadioButton
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
GetFocus
GetForegroundWindow
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
DefFrameProcA
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
CreateMenu
SetMenuDefaultItem
DestroyMenu
IsClipboardFormatAvailable
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetForegroundWindow
ShowScrollBar
RedrawWindow
IsWindowVisible
ValidateRect
UpdateWindow
PostMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
GetWindowRect
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
CopyRect
SetWindowLongA
SetWindowPos
PtInRect
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetParent
GetWindowTextLengthA
GetWindowTextA
GetScrollPos
SetScrollPos
GetWindow
GetWindowLongA
SetFocus
UnhookWindowsHookEx
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
BringWindowToTop
GetSystemMetrics
LoadIconW
GetClientRect
IsIconic
DrawIcon
MessageBoxA
DispatchMessageA
PeekMessageA
MsgWaitForMultipleObjects
SendMessageA
EnableWindow
CharUpperBuffA
GetWindowRgn
DestroyCursor
MapDialogRect
SubtractRect
GetDoubleClickTime

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegEnumValueA
RegQueryValueA
RegEnumKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW

ole32

OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateStreamOnHGlobal
RevokeDragDrop
OleDuplicateData
ReleaseStgMedium
CoInitialize
CoInitializeSecurity
DoDragDrop
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
CoInitializeEx
CoCreateInstance
CoUninitialize
CoSetProxyBlanket
CoCreateGuid
CoTaskMemAlloc
CoTaskMemFree
StringFromGUID2

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit
VariantChangeType
SysAllocStringLen
SysStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate

shlwapi

PathRemoveFileSpecW
PathIsUNCA
PathStripToRootA
PathFindFileNameA
PathFindExtensionA
PathAppendA
wnsprintfW

gdi32

DPtoLP
CombineRgn
SetRectRgn
GetTextCharsetInfo
EnumFontFamiliesA
CreateCompatibleBitmap
CreateDIBitmap
CreateFontIndirectA
GetTextMetricsA
GetTextExtentPoint32A
GetBkColor
CreateHatchBrush
GetTextFaceA
SetPixelV
SetPaletteEntries
ExtFloodFill
GetBoundsRect
FrameRgn
FillRgn
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
LPtoDP
EnumFontFamiliesExA
GetRgnBox
OffsetRgn
Rectangle
SetPixel
StretchBlt
SetDIBColorTable
Polygon
Ellipse
Polyline
CreateEllipticRgn
GetTextColor
CreatePolygonRgn
CreateRoundRectRgn
CreateDIBSection
GetSystemPaletteEntries
RealizePalette
GetNearestPaletteIndex
GetPaletteEntries
GetDeviceCaps
CopyMetaFileA
CreateDCA
SetTextColor
SetBkColor
GetObjectA
CreateBitmap
CreateRectRgnIndirect
PatBlt
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
DeleteObject
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateCompatibleDC
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreatePalette

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comctl32

ImageList_GetIconSize

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI

imm32

ImmGetOpenStatus
ImmGetContext
ImmReleaseContext

winmm

PlaySoundA

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 540KB - Virtual size: 540KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$1/MFP/x64/seinst.dll
.dll windows:5 windows x64 arch:x64

50a55411702edaa346f60597a10000c0

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:9e:98:88:d0:f9:7a:54:32:82:7a:5e
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/10/2021, 17:33

Not After

04/10/2024, 17:33

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

47:e0:d8:57:8a:b2:00:08:39:19:fa:11
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

13/10/2023, 14:08

Not After

13/10/2026, 14:08

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

67:67:39:37:d9:49:70:68:2d:ef:12:49:87:46:ce:37:56:a8:27:b6:0f:fe:67:af:d4:64:ec:67:c9:a3:54:61
Signer

Actual PE Digest

67:67:39:37:d9:49:70:68:2d:ef:12:49:87:46:ce:37:56:a8:27:b6:0f:fe:67:af:d4:64:ec:67:c9:a3:54:61

Digest Algorithm

sha256

PE Digest Matches

true

67:67:39:37:d9:49:70:68:2d:ef:12:49:87:46:ce:37:56:a8:27:b6:0f:fe:67:af:d4:64:ec:67:c9:a3:54:61
Signer

Actual PE Digest

67:67:39:37:d9:49:70:68:2d:ef:12:49:87:46:ce:37:56:a8:27:b6:0f:fe:67:af:d4:64:ec:67:c9:a3:54:61

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\BuildEngineSpace\Temp\042c0399-17d6-4d6f-ad18-85b845106b7f\UNIQUE_BUILDFOLDER_1\build\MFP\x64\Release\seinst.pdb

Imports

ws2_32

WSCGetProviderPath32
WSCDeinstallProvider
WSCInstallProvider
WSCDeinstallProvider32
WSCWriteProviderOrder
WSCEnumProtocols32
WSCEnumProtocols
WSCGetProviderPath
WSCWriteProviderOrder32

rpcrt4

UuidCreate

kernel32

GetStartupInfoW
GetConsoleCP
GetConsoleMode
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetLocaleInfoW
CompareStringW
SetHandleCount
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
CreateFileW
SetEnvironmentVariableA
GetVersionExW
LoadLibraryExW
DeviceIoControl
GetProcessHeap
GetStdHandle
LCMapStringW
IsValidCodePage
SizeofResource
LockResource
LoadResource
FlsAlloc
FindResourceW
WideCharToMultiByte
FreeLibrary
GetProcAddress
LoadLibraryA
GetComputerNameA
GetSystemTime
SystemTimeToFileTime
CompareFileTime
TzSpecificLocalTimeToSystemTime
GetTimeZoneInformation
MultiByteToWideChar
GetLocaleInfoA
LoadLibraryW
GetModuleHandleA
lstrlenA
GetLastError
GetWindowsDirectoryA
GetModuleFileNameA
GetVersionExA
DeleteFileA
CloseHandle
LocalFree
LocalAlloc
FlsFree
FlsGetValue
TerminateProcess
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapDestroy
HeapCreate
GetVersion
HeapSetInformation
GetFileType
SetStdHandle
HeapQueryInformation
HeapSize
CreateThread
ExitThread
ExitProcess
HeapReAlloc
GetCommandLineA
FlsSetValue
VirtualQuery
GetSystemInfo
SetThreadStackGuarantee
VirtualAlloc
GetTimeFormatA
GetDateFormatA
HeapAlloc
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
RtlPcToFileHeader
RaiseException
RtlUnwindEx
RtlLookupFunctionEntry
HeapFree
FindResourceExW
GetUserDefaultLCID
GetCurrentProcess
GetCurrentThread
WaitForSingleObject
VirtualProtect
SearchPathA
MulDiv
lstrlenW
FormatMessageA
Sleep
GetProfileIntA
GetTickCount
GetNumberFormatA
GetTempPathA
GetTempFileNameA
GetFileTime
GetFileSizeEx
GetFileAttributesA
GetFileAttributesExA
GetCurrentDirectoryA
GetACP
lstrcpyA
GetSystemDirectoryW
GetOEMCP
GetCPInfo
GlobalFlags
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
TlsGetValue
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
lstrcmpiA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GlobalUnlock
ResumeThread
SetThreadPriority
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
LoadLibraryExA
lstrcmpA
GetModuleHandleW
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GetCurrentProcessId
FindResourceA
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
ActivateActCtx
DeactivateActCtx
lstrcmpW
SetLastError
GlobalFree
CopyFileA
GlobalSize
GlobalAlloc
GlobalLock

user32

CreateMenu
IsMenu
UpdateLayeredWindow
UnionRect
MonitorFromPoint
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadAcceleratorsA
InsertMenuItemA
TranslateAcceleratorA
GetNextDlgGroupItem
LoadImageA
GetIconInfo
EnableScrollBar
InvertRect
GetMenuDefaultItem
LockWindowUpdate
SetCursorPos
SetRect
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyA
ToAsciiEx
CopyAcceleratorTableA
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
DrawStateA
MessageBeep
ReleaseCapture
SetCapture
GetSystemMenu
LoadMenuW
SetClassLongPtrA
GetAsyncKeyState
NotifyWinEvent
WindowFromPoint
CreatePopupMenu
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
OffsetRect
IsRectEmpty
DestroyIcon
IsIconic
KillTimer
SetTimer
InvalidateRect
DeleteMenu
LoadCursorW
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
CopyImage
SystemParametersInfoA
DestroyMenu
GetMenuItemInfoA
InflateRect
RealChildWindowFromPoint
LoadCursorA
GetSysColorBrush
UnregisterClassA
CharUpperA
GetSystemMetrics
CreateDialogIndirectParamA
GetNextDlgTabItem
ShowOwnedPopups
SetCursor
GetMessageA
TranslateMessage
GetActiveWindow
GetCursorPos
PostQuitMessage
GetWindowThreadProcessId
IsWindowEnabled
ShowWindow
PostThreadMessageA
SetWindowTextA
IsDialogMessageA
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
LoadIconW
SubtractRect
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
GetFocus
IsWindow
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetWindowLongPtrA
SetWindowLongPtrA
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
IsWindowVisible
ValidateRect
UpdateWindow
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
GetParent
GetWindowRect
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
WaitMessage
SetMenuDefaultItem
IsClipboardFormatAvailable
FrameRect
GetUpdateRect
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
LoadImageW
RegisterClipboardFormatA
CopyIcon
CharUpperBuffA
GetDoubleClickTime
GetWindowPlacement
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
CopyRect
GetWindowLongA
SetWindowLongA
PtInRect
GetWindow
EndPaint
GetWindowRgn
DestroyCursor
DrawIcon
MoveWindow
MapDialogRect
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
ScreenToClient
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
BringWindowToTop
SetWindowPos
GetDesktopWindow
DialogBoxParamA
PostMessageA
HideCaret
EndDialog
GetDlgItem
SendMessageW
SetWindowTextW
GetSysColor
EnableWindow
RedrawWindow
GetClientRect
SendMessageA
MapVirtualKeyExA
GetKeyNameTextA
LoadIconA
IsCharLowerA
IntersectRect

gdi32

Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateBitmap
CreateCompatibleDC
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateHatchBrush
CreateRectRgnIndirect
SetRectRgn
CombineRgn
PatBlt
DPtoLP
GetTextExtentPoint32A
CreateDIBitmap
CreateCompatibleBitmap
GetTextMetricsA
EnumFontFamiliesA
GetTextCharsetInfo
CreateDIBSection
CreateRoundRectRgn
ExtTextOutA
GetBkColor
GetTextColor
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
GetRgnBox
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
EnumFontFamiliesExA
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
GetTextFaceA
SetPixelV
RectVisible
TextOutA
PtVisible
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
DeleteObject
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateDCA
CopyMetaFileA
GetDeviceCaps
GetObjectA
CreatePolygonRgn
CreateSolidBrush
CreateFontIndirectA

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegEnumKeyA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExW
RegDeleteValueA
RegDeleteKeyA
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegEnumValueA
RegQueryValueA
RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW

shell32

ShellExecuteW
ShellExecuteA
SHGetFileInfoA
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHAppBarMessage
DragQueryFileA
DragFinish

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathRemoveFileSpecW
wnsprintfW

ole32

OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
CreateStreamOnHGlobal
DoDragDrop
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
CoCreateGuid
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoSetProxyBlanket
CoUninitialize
CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoInitialize
ReleaseStgMedium
OleDuplicateData

oleaut32

VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
SysStringLen
VariantChangeType
VariantInit
VariantClear
SysAllocString
SysFreeString
SysAllocStringLen

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

wininet

InternetQueryDataAvailable
HttpOpenRequestA
InternetConnectA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
HttpAddRequestHeadersA

gdiplus

GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundA

Exports

Exports

AllowSilentUninstall
CanUninstallWithoutCode
CheckInstallSID
CheckUninstallCode
CreateSecureFile
EnableUserRoaming
GenerateESRHash
GenerateHelpID
GenerateSecurityHash
GetIPL
GetIPLCount
GetIPLSize
GetMFPProductName
InstallLSP
InstallLSPNoCode
InstallToControlPanel
IsForeignLSPPresent
IsIncompatibleProductPresent
IsSafeEyesDisabled
RemoveFromControlPanel
SetAutomaticDisablementKey
SetDefaultTimedDisablementKey
SetUserRoamingKey
SetupLSP
SetupLSPCategorization
SetupLockDown
ShowMsgDlg
UninstallForeignLSP
UninstallLSP
UninstallLSPNoCode
UpdateEncryptedUsernameAndPasswordToUnicode
UpdateUsernameAndPasswordToEncrypted

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 564KB - Virtual size: 564KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$1/MFP/x86/mfp.xml
$1/MFP/x86/sediag.exe
.exe windows:5 windows x86 arch:x86

e4646d26b3ea46ef4dea314fb8091b27

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:9e:98:88:d0:f9:7a:54:32:82:7a:5e
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/10/2021, 17:33

Not After

04/10/2024, 17:33

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

47:e0:d8:57:8a:b2:00:08:39:19:fa:11
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

13/10/2023, 14:08

Not After

13/10/2026, 14:08

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

23:c6:20:48:bc:ba:66:85:40:20:4f:fe:ac:31:82:9b:1f:26:f1:53:92:8f:41:80:65:db:85:ce:b7:8f:5a:a9
Signer

Actual PE Digest

23:c6:20:48:bc:ba:66:85:40:20:4f:fe:ac:31:82:9b:1f:26:f1:53:92:8f:41:80:65:db:85:ce:b7:8f:5a:a9

Digest Algorithm

sha256

PE Digest Matches

true

23:c6:20:48:bc:ba:66:85:40:20:4f:fe:ac:31:82:9b:1f:26:f1:53:92:8f:41:80:65:db:85:ce:b7:8f:5a:a9
Signer

Actual PE Digest

23:c6:20:48:bc:ba:66:85:40:20:4f:fe:ac:31:82:9b:1f:26:f1:53:92:8f:41:80:65:db:85:ce:b7:8f:5a:a9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\BuildEngineSpace\Temp\042c0399-17d6-4d6f-ad18-85b845106b7f\build\MFP\Win32\Release\sediag.pdb

Imports

ws2_32

WSCInstallProvider
WSCGetProviderPath
WSCWriteProviderOrder
WSCDeinstallProvider
WSCEnumProtocols

shell32

ShellExecuteExA
ShellExecuteA
SHGetFolderPathA
SHAppBarMessage
SHBrowseForFolderA
SHGetFileInfoA
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetSpecialFolderLocation
DragFinish
DragQueryFileA

rpcrt4

UuidCreate

kernel32

DeviceIoControl
CompareStringW
GetStringTypeW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
HeapCreate
GetStdHandle
SetHandleCount
GetTimeZoneInformation
LCMapStringW
IsValidCodePage
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetFileType
SetStdHandle
HeapSize
HeapQueryInformation
CreateThread
ExitThread
ExitProcess
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineA
HeapAlloc
HeapFree
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
RtlUnwind
RaiseException
FindResourceExW
VirtualProtect
SearchPathA
GetProfileIntA
GetTempFileNameA
GetNumberFormatA
GetFileTime
SetEnvironmentVariableA
GetFileAttributesA
FileTimeToLocalFileTime
GetFileAttributesExA
SetErrorMode
GetCurrentDirectoryA
lstrcpyA
GetSystemDirectoryW
GetOEMCP
GetCPInfo
FileTimeToSystemTime
GetACP
GlobalFlags
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
FreeLibrary
GetProcAddress
LoadLibraryA
OutputDebugStringA
GetLocaleInfoA
SizeofResource
LockResource
LoadResource
FindResourceW
WideCharToMultiByte
CloseHandle
GetVersionExA
GetLastError
LoadLibraryExW
Sleep
GetTickCount
GetModuleHandleA
GetTempPathA
MultiByteToWideChar
GetWindowsDirectoryA
GetModuleFileNameA
InterlockedDecrement
DeleteFileA
LocalFree
LocalAlloc
GetCurrentProcess
GetCurrentThread
SetLastError
lstrlenA
MulDiv
lstrlenW
FormatMessageA
GlobalUnlock
CreateFileW
GetProcessHeap
WriteConsoleW
GetFileSizeEx
GlobalLock
GlobalAlloc
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
lstrcmpiA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GlobalSize
WaitForSingleObject
ResumeThread
SetThreadPriority
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
LoadLibraryExA
lstrcmpA
GetModuleHandleW
InterlockedExchange
GetCurrentProcessId
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LoadLibraryW
lstrcmpW
CopyFileA
GlobalFree
DeactivateActCtx
FindResourceA
FreeResource
GetModuleFileNameW
ActivateActCtx
ReleaseActCtx
CreateActCtxW

user32

IsMenu
MonitorFromPoint
UpdateLayeredWindow
UnionRect
MapVirtualKeyExA
IsCharLowerA
LoadImageW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadAcceleratorsA
FrameRect
GetUpdateRect
RegisterClipboardFormatA
CopyIcon
CharUpperBuffA
GetDoubleClickTime
SubtractRect
InsertMenuItemA
TranslateAcceleratorA
LockWindowUpdate
SetCursorPos
SetRect
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToAsciiEx
CopyAcceleratorTableA
DrawFrameControl
DrawEdge
DrawStateA
GetSystemMenu
LoadMenuW
SetClassLongA
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
DrawIconEx
GetNextDlgGroupItem
LoadImageA
GetIconInfo
OffsetRect
MessageBeep
NotifyWinEvent
EnableScrollBar
HideCaret
DrawFocusRect
InvertRect
GetAsyncKeyState
IsRectEmpty
CreatePopupMenu
GetMenuDefaultItem
IntersectRect
DestroyIcon
WaitMessage
ReleaseCapture
WindowFromPoint
SetCapture
KillTimer
SetTimer
PostThreadMessageA
DeleteMenu
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
CopyImage
SystemParametersInfoA
DestroyMenu
GetMenuItemInfoA
InflateRect
RealChildWindowFromPoint
UnregisterClassA
LoadCursorA
GetSysColorBrush
CharUpperA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
MapVirtualKeyA
GetKeyNameTextA
ReleaseDC
GetDC
ShowOwnedPopups
SetCursor
GetMessageA
TranslateMessage
GetCursorPos
PostQuitMessage
GetWindowThreadProcessId
ShowWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
GetForegroundWindow
GetLastActivePopup
DefFrameProcA
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
CreateMenu
SetMenuDefaultItem
InvalidateRect
IsClipboardFormatAvailable
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetForegroundWindow
ShowScrollBar
RedrawWindow
IsWindowVisible
ValidateRect
UpdateWindow
PostMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
GetWindowRect
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
CopyRect
PtInRect
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetParent
GetWindowTextLengthA
GetWindowTextA
GetScrollPos
SetScrollPos
GetWindow
GetWindowLongA
SetFocus
UnhookWindowsHookEx
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
BringWindowToTop
GetSystemMetrics
LoadIconW
GetClientRect
IsIconic
DrawIcon
MessageBoxA
DispatchMessageA
PeekMessageA
MsgWaitForMultipleObjects
SendMessageA
EnableWindow
MapDialogRect
DestroyCursor
GetWindowRgn
MoveWindow
LoadCursorW

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyA
RegQueryValueA
RegEnumValueA

ole32

DoDragDrop
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateStreamOnHGlobal
OleDuplicateData
ReleaseStgMedium
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoInitialize
CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoUninitialize
CoSetProxyBlanket
CoCreateGuid
CoTaskMemAlloc
CoTaskMemFree
StringFromGUID2

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit
SysAllocStringLen
SysStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate
VariantChangeType

shlwapi

PathRemoveFileSpecW
PathIsUNCA
PathStripToRootA
PathFindFileNameA
PathFindExtensionA
PathAppendA
wnsprintfW

gdi32

RealizePalette
GetNearestPaletteIndex
GetPaletteEntries
CreatePalette
GetBkColor
DPtoLP
CombineRgn
SetRectRgn
GetTextFaceA
SetPixelV
SetPaletteEntries
ExtFloodFill
GetBoundsRect
FrameRgn
FillRgn
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
LPtoDP
EnumFontFamiliesExA
GetRgnBox
OffsetRgn
Rectangle
SetPixel
StretchBlt
SetDIBColorTable
Polygon
Ellipse
Polyline
CreateEllipticRgn
GetTextColor
CreatePolygonRgn
CreateRoundRectRgn
CreateDIBSection
GetDeviceCaps
CopyMetaFileA
CreateDCA
SetTextColor
SetBkColor
GetObjectA
CreateBitmap
CreateRectRgnIndirect
PatBlt
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
DeleteObject
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateCompatibleDC
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
GetTextExtentPoint32A
GetTextMetricsA
CreateFontIndirectA
CreateDIBitmap
CreateCompatibleBitmap
EnumFontFamiliesA
GetTextCharsetInfo
GetSystemPaletteEntries

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

comctl32

ImageList_GetIconSize

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI

imm32

ImmGetOpenStatus
ImmGetContext
ImmReleaseContext

winmm

PlaySoundA

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 271KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$1/MFP/x86/seinst.dll
.dll windows:5 windows x86 arch:x86

dec6fd6b8d895599001c8d86d940702a

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:9e:98:88:d0:f9:7a:54:32:82:7a:5e
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/10/2021, 17:33

Not After

04/10/2024, 17:33

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

47:e0:d8:57:8a:b2:00:08:39:19:fa:11
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

13/10/2023, 14:08

Not After

13/10/2026, 14:08

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

50:18:f3:13:ac:8a:a9:4c:0b:e2:08:22:da:26:58:ec:61:6c:10:f4:59:bb:87:df:f3:7d:41:e6:61:73:5e:8e
Signer

Actual PE Digest

50:18:f3:13:ac:8a:a9:4c:0b:e2:08:22:da:26:58:ec:61:6c:10:f4:59:bb:87:df:f3:7d:41:e6:61:73:5e:8e

Digest Algorithm

sha256

PE Digest Matches

true

50:18:f3:13:ac:8a:a9:4c:0b:e2:08:22:da:26:58:ec:61:6c:10:f4:59:bb:87:df:f3:7d:41:e6:61:73:5e:8e
Signer

Actual PE Digest

50:18:f3:13:ac:8a:a9:4c:0b:e2:08:22:da:26:58:ec:61:6c:10:f4:59:bb:87:df:f3:7d:41:e6:61:73:5e:8e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\BuildEngineSpace\Temp\042c0399-17d6-4d6f-ad18-85b845106b7f\build\MFP\Win32\Release\seinst.pdb

Imports

ws2_32

WSCGetProviderPath
WSCEnumProtocols
WSCInstallProvider
WSCWriteProviderOrder
WSCDeinstallProvider

rpcrt4

UuidCreate

kernel32

CompareStringW
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
CreateFileW
SetEnvironmentVariableA
GetVersionExW
LoadLibraryExW
DeviceIoControl
GetProcessHeap
InterlockedCompareExchange
SizeofResource
LockResource
LoadResource
FindResourceW
WideCharToMultiByte
FreeLibrary
GetProcAddress
LoadLibraryA
GetComputerNameA
GetSystemTime
SystemTimeToFileTime
CompareFileTime
FreeEnvironmentStringsW
TzSpecificLocalTimeToSystemTime
GetTimeZoneInformation
MultiByteToWideChar
GetLocaleInfoA
LoadLibraryW
GetModuleHandleA
lstrlenA
GetLastError
GetWindowsDirectoryA
GetModuleFileNameA
GetVersionExA
InterlockedDecrement
DeleteFileA
CloseHandle
LocalFree
LocalAlloc
GetLocaleInfoW
GetCurrentThread
WaitForSingleObject
GetStringTypeW
GetConsoleMode
GetConsoleCP
GetStartupInfoW
SetHandleCount
GetStdHandle
LCMapStringW
IsValidCodePage
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapDestroy
HeapCreate
IsProcessorFeaturePresent
GetFileType
SetStdHandle
HeapQueryInformation
HeapSize
CreateThread
ExitThread
ExitProcess
HeapReAlloc
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualAlloc
GetDateFormatA
GetTimeFormatA
HeapAlloc
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
RaiseException
RtlUnwind
HeapFree
FindResourceExW
GetUserDefaultLCID
MulDiv
lstrlenW
QueryPerformanceCounter
GetCurrentProcess
GetEnvironmentStringsW
VirtualProtect
SearchPathA
FormatMessageA
GlobalUnlock
GlobalLock
Sleep
GetProfileIntA
GetTickCount
GetNumberFormatA
GetTempPathA
GetTempFileNameA
GetFileTime
GetFileSizeEx
GetFileAttributesA
GetFileAttributesExA
GetCurrentDirectoryA
GetACP
lstrcpyA
GetSystemDirectoryW
GetOEMCP
GetCPInfo
GlobalFlags
InterlockedIncrement
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
lstrcmpiA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
ResumeThread
GlobalAlloc
SetThreadPriority
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
LoadLibraryExA
lstrcmpA
GetModuleHandleW
InterlockedExchange
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GetCurrentProcessId
FindResourceA
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
ActivateActCtx
DeactivateActCtx
lstrcmpW
SetLastError
GlobalFree
CopyFileA
GlobalSize

user32

CreateMenu
IsMenu
UpdateLayeredWindow
UnionRect
MonitorFromPoint
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadAcceleratorsA
InsertMenuItemA
TranslateAcceleratorA
GetNextDlgGroupItem
LoadImageA
GetIconInfo
EnableScrollBar
InvertRect
GetMenuDefaultItem
LockWindowUpdate
SetCursorPos
SetRect
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyA
ToAsciiEx
CopyAcceleratorTableA
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
DrawStateA
MessageBeep
ReleaseCapture
SetCapture
GetSystemMenu
LoadMenuW
SetClassLongA
GetAsyncKeyState
NotifyWinEvent
WindowFromPoint
CreatePopupMenu
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
OffsetRect
IsRectEmpty
DestroyIcon
IsIconic
KillTimer
SetTimer
InvalidateRect
LoadCursorW
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
CopyImage
SystemParametersInfoA
DestroyMenu
GetMenuItemInfoA
IntersectRect
InflateRect
RealChildWindowFromPoint
LoadCursorA
GetSysColorBrush
UnregisterClassA
CharUpperA
GetSystemMetrics
CreateDialogIndirectParamA
GetNextDlgTabItem
ShowOwnedPopups
SetCursor
GetMessageA
TranslateMessage
GetActiveWindow
GetCursorPos
PostQuitMessage
GetWindowThreadProcessId
PostThreadMessageA
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuA
EnableMenuItem
CheckMenuItem
LoadIconW
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
IsWindow
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
IsWindowVisible
ValidateRect
UpdateWindow
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
GetParent
GetWindowRect
EqualRect
WaitMessage
SetMenuDefaultItem
IsClipboardFormatAvailable
FrameRect
GetUpdateRect
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
LoadImageW
RegisterClipboardFormatA
CopyIcon
CharUpperBuffA
GetDoubleClickTime
IsCharLowerA
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
GetWindowLongA
SetWindowLongA
GetKeyNameTextA
MapVirtualKeyExA
SubtractRect
MapDialogRect
DrawIcon
DestroyCursor
CopyRect
PtInRect
GetWindow
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
ScreenToClient
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
BringWindowToTop
SetWindowPos
GetDesktopWindow
DialogBoxParamA
PostMessageA
HideCaret
EndDialog
GetDlgItem
SendMessageW
SetWindowTextW
GetSysColor
EnableWindow
RedrawWindow
GetClientRect
SendMessageA
GetWindowRgn
RegisterWindowMessageA
DeleteMenu

gdi32

Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateBitmap
CreateCompatibleDC
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateHatchBrush
CreateRectRgnIndirect
SetRectRgn
CombineRgn
PatBlt
DPtoLP
GetTextExtentPoint32A
CreateDIBitmap
CreateCompatibleBitmap
GetTextMetricsA
EnumFontFamiliesA
GetTextCharsetInfo
CreateDIBSection
CreateRoundRectRgn
ExtTextOutA
GetBkColor
GetTextColor
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
GetRgnBox
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
EnumFontFamiliesExA
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
GetTextFaceA
SetPixelV
RectVisible
TextOutA
PtVisible
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
DeleteObject
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateDCA
CopyMetaFileA
GetDeviceCaps
GetObjectA
CreatePolygonRgn
CreateSolidBrush
CreateFontIndirectA

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegEnumKeyA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExW
RegDeleteValueA
RegDeleteKeyA
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegEnumValueA
RegQueryValueA
RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW

shell32

ShellExecuteW
ShellExecuteA
SHGetFileInfoA
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHAppBarMessage
DragQueryFileA
DragFinish

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathRemoveFileSpecW
wnsprintfW

ole32

OleCreateMenuDescriptor
CoTaskMemFree
CoCreateGuid
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
CreateStreamOnHGlobal
DoDragDrop
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
CoTaskMemAlloc
StringFromGUID2
CoSetProxyBlanket
CoUninitialize
CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoInitialize
ReleaseStgMedium
OleDuplicateData

oleaut32

SysAllocString
VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
SysStringLen
SysAllocStringLen
VariantChangeType
VariantInit
VariantClear
SysFreeString

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

wininet

InternetOpenA
InternetQueryDataAvailable
HttpOpenRequestA
InternetConnectA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
InternetCloseHandle
HttpAddRequestHeadersA

gdiplus

GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree

imm32

ImmGetContext
ImmReleaseContext
ImmGetOpenStatus

winmm

PlaySoundA

Exports

Exports

AllowSilentUninstall
CanUninstallWithoutCode
CheckInstallSID
CheckUninstallCode
CreateSecureFile
EnableUserRoaming
GenerateESRHash
GenerateHelpID
GenerateSecurityHash
GetIPL
GetIPLCount
GetIPLSize
GetMFPProductName
InstallLSP
InstallLSPNoCode
InstallToControlPanel
IsForeignLSPPresent
IsIncompatibleProductPresent
IsSafeEyesDisabled
RemoveFromControlPanel
SetAutomaticDisablementKey
SetDefaultTimedDisablementKey
SetUserRoamingKey
SetupLSP
SetupLSPCategorization
SetupLockDown
ShowMsgDlg
UninstallForeignLSP
UninstallLSP
UninstallLSPNoCode
UpdateEncryptedUsernameAndPasswordToUnicode
UpdateUsernameAndPasswordToEncrypted

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$1/MGS/RegKeyList.txt
$1/MGS/RemoveUWP.ps1
$1/MGS/cleanMGSTasks.bat
$1/MGS/master.ini
$1/MGS/mgs.ini
$1/MGS/mgs10.ini
$1/MHN/master.ini
$1/MHN/mhn.ini
$1/MHN/mhn10.ini
$1/MHN/mhn12.ini
$1/MHN/mhn_10_files.txt
$1/MHN/mhn_10_regkeylist.txt
$1/MHN/mhn_12_files.txt
$1/MHN/mhn_12_regkeylist.txt
$1/MHN/project.info
$1/MNA/McSHIns.dll
.dll windows:5 windows x86 arch:x86

1af4354f2ce591c3730b0cff082585e8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:4a:36:1e:16:8a:81:a8:f3:ef:aa:da:33:25:08:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

13/09/2008, 00:00

Not After

09/10/2011, 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IIS,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f0:38:75:41:dd:ed:fe:1d:f0:4c:86:6b:f8:4a:d5:af:d3:c5:0f:ee
Signer

Actual PE Digest

f0:38:75:41:dd:ed:fe:1d:f0:4c:86:6b:f8:4a:d5:af:d3:c5:0f:ee

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\BuildSystem\Node\SHAREDSVC_LI100_6338073368317.Build\build\Win32\Release\McSHIns.pdb

Imports

kernel32

GetLocaleInfoA
GetThreadLocale
GetVersionExW
CloseHandle
GetCurrentProcess
GetProcAddress
GetModuleHandleW
GetFileAttributesW
FindClose
FindFirstFileW
EnterCriticalSection
LeaveCriticalSection
WriteFile
SetFilePointer
ReadFile
GetFileSize
CreateFileA
GetWindowsDirectoryA
GetPrivateProfileStringA
GetPrivateProfileStructA
WritePrivateProfileStringA
WritePrivateProfileStructA
lstrcmpiW
GetShortPathNameW
GetACP
GetTempFileNameW
MoveFileExW
SetFileAttributesW
GetCurrentProcessId
CreateMutexW
GetModuleFileNameW
RemoveDirectoryW
FindNextFileW
DeleteFileW
CreateDirectoryW
InitializeCriticalSection
DeleteCriticalSection
GetCurrentDirectoryW
CreateFileW
OutputDebugStringW
InterlockedIncrement
InterlockedDecrement
GetLocalTime
GetCurrentThreadId
ReleaseMutex
WaitForSingleObject
VirtualQuery
Sleep
InterlockedCompareExchange
MultiByteToWideChar
WideCharToMultiByte
CopyFileW
GetLastError
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
LoadLibraryA
InitializeCriticalSectionAndSpinCount
InterlockedExchange
HeapFree
RaiseException
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
GetCommandLineA
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeW
HeapCreate
HeapDestroy
VirtualFree
HeapReAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
GetModuleHandleA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

shell32

SHGetFolderPathW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysAllocStringByteLen
SysAllocString
SysFreeString
SysStringLen
SysStringByteLen

Exports

Exports

AddSharedSvcToFW
RemoveSharedSvcFromFW
RemoveSvcFromFW

Sections

.text
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$1/MNA/master.ini
$1/MNA/mna.ini
$1/MNA/mna10.ini
$1/MNA/mna_10_files.txt
$1/MNA/mna_10_regkeylist.txt
$1/MNA/project.info
$1/MOBK/mobk.ini
$1/MOBK/mobkc.ini
$1/MOCP/MOCP.ini
$1/MOCP/MOCP30.ini
$1/MOCP/filelist_MOCP30.txt
$1/MOCP/regkeylist_MOCP30.txt
$1/MPS/Files_Win2K_SHRED_6_0.txt
$1/MPS/Files_Win2K_SHR_5_0.txt
$1/MPS/Files_Win98_SHRED_6_0.txt
$1/MPS/Files_Win98_SHR_5_0.txt
$1/MPS/RegKeyList.txt
$1/MPS/RegKeyList_mps9.txt
$1/MPS/Reg_Win2K_SHRED_6_0.txt
$1/MPS/Reg_Win2K_SHR_5_0.txt
$1/MPS/Reg_Win98_SHRED_6_0.txt
$1/MPS/Reg_Win98_SHR_5_0.txt
$1/MPS/Regmps10.txt
$1/MPS/Regmps11.txt
$1/MPS/Regmps12.txt
$1/MPS/Regmps13.txt
$1/MPS/depend.ini
$1/MPS/master.ini
$1/MPS/mps10.ini
$1/MPS/mps11.ini
$1/MPS/mps12.ini
$1/MPS/mps13.ini
$1/MPS/mps7.ini
$1/MPS/mps8.ini
$1/MPS/mps9.ini
$1/MPS/mps_uninst.ini
$1/MPS/mpscu.ini
$1/MPS/mpscu1.ini
$1/MPS/mpsunins.dll
.dll windows:6 windows x86 arch:x86

8bd64d5326b7ecd53885bbea84e91316

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:9e:98:88:d0:f9:7a:54:32:82:7a:5e
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/10/2021, 17:33

Not After

04/10/2024, 17:33

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

47:e0:d8:57:8a:b2:00:08:39:19:fa:11
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

13/10/2023, 14:08

Not After

13/10/2026, 14:08

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ba:97:23:4e:81:01:84:68:4d:c6:dd:0f:41:6d:7a:65:4f:be:59:4c:d2:2e:af:22:a5:e9:52:5c:37:e5:71:d3
Signer

Actual PE Digest

ba:97:23:4e:81:01:84:68:4d:c6:dd:0f:41:6d:7a:65:4f:be:59:4c:d2:2e:af:22:a5:e9:52:5c:37:e5:71:d3

Digest Algorithm

sha256

PE Digest Matches

true

ba:97:23:4e:81:01:84:68:4d:c6:dd:0f:41:6d:7a:65:4f:be:59:4c:d2:2e:af:22:a5:e9:52:5c:37:e5:71:d3
Signer

Actual PE Digest

ba:97:23:4e:81:01:84:68:4d:c6:dd:0f:41:6d:7a:65:4f:be:59:4c:d2:2e:af:22:a5:e9:52:5c:37:e5:71:d3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\BuildEngineSpace\Temp\285a4d90-a3de-4f27-b448-97f2220cba44\build\Win32\Release\mpsunins.pdb

Imports

advapi32

CryptAcquireContextW

kernel32

GetLastError
HeapFree
InitializeCriticalSectionAndSpinCount
HeapSize
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
DeleteCriticalSection
GetProcessHeap
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
WriteConsoleW
CloseHandle
CreateEventW
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
InterlockedFlushSList
SetLastError
RtlUnwind
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
GetFileType
GetStringTypeW
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW

Exports

Exports

mpsunins

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$1/MPS/project.info
$1/MPS/proxy1.ini
$1/MPS/proxy_uninst.ini
$1/MPS/redirector1.ini
$1/MPS/redirector_uninst.ini
$1/MPS/shr5.ini
$1/MPS/shred.ini
$1/MPS/shred6.ini
$1/MPS/shredder.ini
$1/MPS/shredder_uninst.ini
$1/MPS/unreglsp.bat
$1/MPS/unregproxysvc.bat
$1/MPS/unregredirsvc.bat
$1/MPSCleanUP.wse
$1/MQC/Depend.ini
$1/MQC/dummy.ini
$1/MQC/master.ini
$1/MQC/mcpins.dll
.dll windows:6 windows x86 arch:x86

6b2310cfec788fb640c6338cce459854

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:9e:98:88:d0:f9:7a:54:32:82:7a:5e
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/10/2021, 17:33

Not After

04/10/2024, 17:33

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

47:e0:d8:57:8a:b2:00:08:39:19:fa:11
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

13/10/2023, 14:08

Not After

13/10/2026, 14:08

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a0:ba:07:87:5f:35:89:62:87:1d:2a:27:2f:d4:29:e4:e6:56:b4:ee:58:11:c3:b9:58:b2:d2:ce:69:4a:d0:e4
Signer

Actual PE Digest

a0:ba:07:87:5f:35:89:62:87:1d:2a:27:2f:d4:29:e4:e6:56:b4:ee:58:11:c3:b9:58:b2:d2:ce:69:4a:d0:e4

Digest Algorithm

sha256

PE Digest Matches

true

a0:ba:07:87:5f:35:89:62:87:1d:2a:27:2f:d4:29:e4:e6:56:b4:ee:58:11:c3:b9:58:b2:d2:ce:69:4a:d0:e4
Signer

Actual PE Digest

a0:ba:07:87:5f:35:89:62:87:1d:2a:27:2f:d4:29:e4:e6:56:b4:ee:58:11:c3:b9:58:b2:d2:ce:69:4a:d0:e4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\BuildEngineSpace\Temp\3779b680-1eb3-4c38-8787-7aa0332c5dfa\build\Win32\Release\McpIns.pdb

Imports

wintrust

WinVerifyTrust

kernel32

DeleteCriticalSection
SetLastError
LoadLibraryExW
ReleaseSRWLockShared
AcquireSRWLockShared
GlobalFindAtomW
IsBadReadPtr
SystemTimeToFileTime
GetCurrentProcessId
GetCurrentDirectoryW
OutputDebugStringW
GetVersionExW
GetModuleFileNameW
CreateFileW
LockFileEx
UnlockFileEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetWindowsDirectoryW
GlobalAddAtomW
CopyFileW
MoveFileW
MoveFileExW
ReplaceFileW
DeleteFileA
DecodePointer
GetTempPathA
GetTempFileNameA
FreeEnvironmentStringsW
RaiseException
InitializeCriticalSectionEx
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GetSystemTime
GetDateFormatW
GetModuleHandleW
GetShortPathNameW
FindNextFileW
FindClose
FindFirstFileW
DeleteFileW
SetEndOfFile
WriteConsoleW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
SetStdHandle
FlushFileBuffers
GetStdHandle
GetACP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
GetFileType
GetConsoleCP
WideCharToMultiByte
GetProcAddress
LoadLibraryW
FreeLibrary
CloseHandle
GetLastError
MultiByteToWideChar
GetCurrentProcess
FindFirstFileExA
FindNextFileA
SetFileAttributesA
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
GetStringTypeW
FormatMessageW
InitializeCriticalSectionAndSpinCount
CreateEventW
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
LCMapStringW
GetLocaleInfoW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
RtlUnwind
InterlockedFlushSList
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
SetFilePointerEx
ReadFile
GetConsoleMode
ReadConsoleW
WriteFile
IsValidCodePage

user32

wsprintfW

advapi32

RegEnumKeyExW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyW
RegDeleteValueW
GetUserNameW
RegGetValueW
RegLoadKeyW
OpenProcessToken
RegDeleteKeyW
RegUnLoadKeyW
RegSaveKeyW

shell32

SHCreateDirectoryExW
SHGetFolderPathW

ole32

StringFromGUID2

shlwapi

SHCopyKeyW
PathAppendW
PathFileExistsA
PathRemoveFileSpecW
PathFileExistsW
PathAddExtensionA
PathStripToRootW
PathFindFileNameA
PathRemoveExtensionA
PathRemoveFileSpecA
PathFindExtensionW

crypt32

CryptDecodeObject
CryptMsgOpenToDecode
CryptMsgClose
CryptMsgUpdate
CryptMsgGetParam
CertCloseStore
CertGetSubjectCertificateFromStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertGetNameStringW
CryptQueryObject
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy

Exports

Exports

DllCreateTasks
DllMcprUnInstall
DllPostInstall
DllPreUnInstall

Sections

.text
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$1/MQC/mqc.ini
$1/MQC/mqc10.ini
$1/MQC/mqc70.ini
$1/MQC/mqc80.ini
$1/MQC/mqc_10_regkeylist.txt
$1/MQC/mqc_70_regkeylist.txt
$1/MQC/mqc_80_regkeylist.txt
$1/MQC/mqc_files_70.txt
$1/MQC/mqc_files_80.txt
$1/MQC/mqccu.ini
$1/MQC/mqccu1.ini
$1/MQC/mqccu10.ini
$1/MQC/msc.ini
$1/MQC/project.info
$1/MSAD/RegKeyList.txt
$1/MSAD/msad.ini
$1/MSAD/msad1.ini
$1/MSAD/wa1.ini
$1/MSC/McMSCIns.dll
.dll windows:5 windows x86 arch:x86

f8996250f9e74620c20dad4c3d0072de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\BuildEngineSpace\Temp\39f7d586-30a1-4672-a4ff-541ba00aee6e\UNIQUE_BUILDFOLDER_1\build\Win32\Release\McMSCIns.pdb

Imports

wintrust

WinVerifyTrust

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

ReleaseMutex
CreateDirectoryW
lstrlenA
GetShortPathNameW
SetFilePointer
CreateFileA
GetWindowsDirectoryA
IsBadStringPtrW
CopyFileW
GetTempFileNameW
MoveFileExW
SetFileAttributesW
LoadLibraryExW
GetWindowsDirectoryW
GetLocalTime
OpenMutexW
GetCurrentDirectoryW
GetVolumeInformationW
GetDateFormatW
GetLocaleInfoW
SystemTimeToFileTime
GetSystemTimeAsFileTime
GlobalUnlock
GlobalLock
FlushFileBuffers
SetLastError
InterlockedExchange
SwitchToThread
GetEnvironmentVariableW
OutputDebugStringW
InitializeCriticalSectionAndSpinCount
WritePrivateProfileStringW
WritePrivateProfileStructW
SetStdHandle
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
QueryPerformanceCounter
IsBadWritePtr
VerSetConditionMask
VerifyVersionInfoW
HeapAlloc
GetProcessHeap
HeapFree
InterlockedDecrement
InterlockedIncrement
OpenEventW
GetModuleHandleW
RemoveDirectoryW
GetLongPathNameW
RaiseException
SetEndOfFile
WriteFile
DeleteFileW
WaitForSingleObject
CreateFileW
GetFileSize
CreateMutexW
EnterCriticalSection
LeaveCriticalSection
FindFirstFileW
FindNextFileW
FindClose
DeleteCriticalSection
InitializeCriticalSection
GetThreadLocale
GetLocaleInfoA
GetACP
EncodePointer
MultiByteToWideChar
WideCharToMultiByte
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
lstrcmpiW
LocalFree
OpenProcess
lstrlenW
CreateProcessW
GetProcAddress
GetSystemDirectoryW
LoadLibraryW
GetLastError
GlobalAlloc
GetCurrentProcess
GlobalFree
FreeLibrary
CloseHandle
GetVersionExW
WriteConsoleW
SetEnvironmentVariableA
GetStringTypeW
HeapSize
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
SetHandleCount
GetTimeZoneInformation
GetStdHandle
ExitProcess
HeapCreate
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
HeapReAlloc
HeapDestroy
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
GetFileAttributesW
IsBadReadPtr
LocalAlloc
GetModuleFileNameW
SetEnvironmentVariableW
GetUserDefaultLCID
InterlockedCompareExchange
Sleep
VirtualQuery
GetTickCount
GetCurrentThreadId
ReadFile
GetCurrentProcessId
CompareStringW
GetDateFormatA
GetTimeFormatA
GetCPInfo
LCMapStringW
GetCommandLineA
DecodePointer

user32

DispatchMessageW
TranslateMessage
MsgWaitForMultipleObjectsEx
PeekMessageW
LoadBitmapW
LoadIconW
PostMessageW
LoadStringW
wsprintfW
FindWindowW
LoadImageW

advapi32

RegQueryInfoKeyW
TraceEvent
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
DeleteAce
SetSecurityDescriptorControl
SetFileSecurityW
GetExplicitEntriesFromAclW
GetFileSecurityW
GetSecurityDescriptorDacl
GetAclInformation
GetAce
QueryServiceConfigW
QueryServiceStatusEx
StartServiceW
ControlService
QueryServiceStatus
DeleteService
RegEnumValueW
GetSecurityDescriptorControl
RegCreateKeyExA
RegDeleteKeyW
RegSetValueExA
OpenSCManagerW
LockServiceDatabase
OpenServiceW
QueryServiceConfig2W
ChangeServiceConfig2W
CloseServiceHandle
UnlockServiceDatabase
RegEnumKeyExA
RegDeleteValueA
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumKeyExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
GetTokenInformation
AllocateAndInitializeSid
EqualSid
OpenProcessToken
FreeSid

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHChangeNotify
SHCreateDirectoryExW

ole32

CoTaskMemFree
PropVariantClear
CoTaskMemAlloc
CoGetClassObject
StringFromGUID2
CoInitialize
CLSIDFromString
CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal
CoCreateInstance

oleaut32

SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
LoadTypeLi
CreateDispTypeInfo
CreateStdDispatch
SysStringByteLen
VariantChangeTypeEx
VariantChangeType
VariantCopy
VariantClear
VariantInit
SysStringLen
SysAllocString
SysFreeString

shlwapi

SHDeleteKeyW
PathAppendW
SHCopyKeyW
PathFileExistsW
SHStrDupW

crypt32

CryptMsgClose
CertFreeCertificateContext
CertCloseStore
CertGetNameStringW
CertGetCertificateContextProperty
CryptDecodeObject
CryptMsgGetParam
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertGetSubjectCertificateFromStore
CryptQueryObject
CertFreeCertificateChain

psapi

EnumProcessModules
GetModuleInformation
GetModuleFileNameExW

Exports

Exports

ConditionHandlerAppEntitlement
CreateShortCuts
CreateVSOScheduledScanTask
DetectIncompatible
DllFUFunction
DllInstallFunction
DllPreUninstall
DllSrvFunction
DllUninstallFunction
DllUpgradeFunction
McGetMSCInstaller
NoUIUninstallRemoveMSCRegKey
OnFreeLibrary
PostInstall
PreInstall
RefreshPackageInfoAndShortcut
RemoveMPSLogTemplates
RemoveProductsStatus
StartApplication
SubmitProductsStatus
UninstallIncompatible
UpdateTaskNextRunTime
WriteRTLFlag

Sections

.text
Size: 439KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$1/MSC/Reg_Win2K_MSC_6_0.txt
$1/MSC/Reg_Win98_MSC_6_0.txt
$1/MSC/ReleaseNotes.txt
$1/MSC/filelist70.txt
$1/MSC/master.ini
$1/MSC/mcmsc.ini
$1/MSC/mcmsc7.ini
$1/MSC/msc.ini
$1/MSC/msc6.ini
$1/MSC/mscclnup.dll
.dll windows:5 windows x86 arch:x86

fee0b08f3f0c4814ecd5407a209185f3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5d:c9:8b:9a:dd:1b:30:09:09:83:cb:e5:3b:9e:64:06
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05/03/2014, 00:00

Not After

04/03/2017, 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ef:be:8b:1f:57:dc:70:66:14:a3:04:6b:2f:cf:af:33:d2:da:9d:f3
Signer

Actual PE Digest

ef:be:8b:1f:57:dc:70:66:14:a3:04:6b:2f:cf:af:33:d2:da:9d:f3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Team_MSC_1\SecurityCenter\pkg\cleanup\mscclnup\Release\mscclnup.pdb

Imports

wintrust

WinVerifyTrust

kernel32

IsBadReadPtr
SystemTimeToFileTime
HeapAlloc
GetProcessHeap
HeapFree
CloseHandle
LoadLibraryW
GetProcAddress
GetLastError
FreeLibrary
GetVersionExW
InterlockedCompareExchange
SwitchToThread
WriteConsoleW
SetStdHandle
RaiseException
GetConsoleMode
GetConsoleCP
SetFilePointer
Sleep
InterlockedExchange
LoadLibraryExW
SetLastError
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
OutputDebugStringW
GetModuleFileNameW
CreateFileW
GetCurrentProcessId
GetCommandLineA
GetCurrentThreadId
DecodePointer
FlushFileBuffers
EncodePointer
RtlUnwind
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
HeapSize
IsProcessorFeaturePresent
WriteFile
LCMapStringW
MultiByteToWideChar
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection

advapi32

RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW

shell32

SHGetFolderPathW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

crypt32

CertGetCertificateContextProperty
CertGetNameStringW
CryptDecodeObject
CertFreeCertificateContext
CertFreeCertificateChain
CryptMsgClose
CryptMsgGetParam
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertGetSubjectCertificateFromStore
CertCloseStore
CryptQueryObject

Exports

Exports

RemoveMSCDesktopShortcut
StopMcAgentEXE

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$1/MSC/reglist70.txt
$1/MSC/reglist7064.txt
$1/MSHR/Files_Win2K_SHRED_5_0.txt
$1/MSHR/Files_Win2K_SHRED_6_0.txt
$1/MSHR/Files_Win2K_SHR_5_0.txt
$1/MSHR/Files_Win98_SHRED_5_0.txt
$1/MSHR/Files_Win98_SHRED_6_0.txt
$1/MSHR/Files_Win98_SHR_5_0.txt
$1/MSHR/Reg_Win2K_SHRED_5_0.txt
$1/MSHR/Reg_Win2K_SHRED_6_0.txt
$1/MSHR/Reg_Win2K_SHR_5_0.txt
$1/MSHR/Reg_Win98_SHRED_5_0.txt
$1/MSHR/Reg_Win98_SHRED_6_0.txt
$1/MSHR/Reg_Win98_SHR_5_0.txt
$1/MSHR/depend.ini
$1/MSHR/master.ini
$1/MSHR/shr5.ini
$1/MSHR/shred.ini
$1/MSHR/shred6.ini
$1/MSK/Depend.ini
$1/MSK/dummy.ini
$1/MSK/master.ini
$1/MSK/msc.ini
$1/MSK/msk.ini
$1/MSK/msk100.ini
$1/MSK/msk110.ini
$1/MSK/msk120.ini
$1/MSK/msk130.ini
$1/MSK/msk61.ini
$1/MSK/msk70.ini
$1/MSK/msk80.ini
$1/MSK/msk90.ini
$1/MSK/msk_100_regkeylist.txt
$1/MSK/msk_110_regkeylist.txt
$1/MSK/msk_120_regkeylist.txt
$1/MSK/msk_130_regkeylist.txt
$1/MSK/msk_61_regkeylist.txt
$1/MSK/msk_70_regkeylist.txt
$1/MSK/msk_80_regkeylist.txt
$1/MSK/msk_90_regkeylist.txt
$1/MSK/msk_files_100.txt
$1/MSK/msk_files_110.txt
$1/MSK/msk_files_120.txt
$1/MSK/msk_files_130.txt
$1/MSK/msk_files_61.txt
$1/MSK/msk_files_70.txt
$1/MSK/msk_files_80.txt
$1/MSK/msk_files_90.txt
$1/MSK/mskcu.ini
$1/MSK/mskcu1.ini
$1/MSK/project.info
$1/MSK/unregplg.bat
$1/MSKCleanUP.wse
$1/MWL/master.ini
$1/MWL/mwl.ini
$1/MWL/mwl20.ini
$1/MWL/mwl_20_files.txt
$1/MWL/mwl_20_regkeylist.txt
$1/MWL/project.info
$1/MXD/FileList.txt
$1/MXD/RegKeyList.txt
$1/MXD/mxd.ini
$1/MXD/mxd15.ini
$1/MasCleanUP.wse
$1/McClnUI.exe
.exe windows:6 windows x86 arch:x86

979dd30e6f04fff503bd2c4783d6f3a4

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:9e:98:88:d0:f9:7a:54:32:82:7a:5e
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/10/2021, 17:33

Not After

04/10/2024, 17:33

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

47:e0:d8:57:8a:b2:00:08:39:19:fa:11
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

13/10/2023, 14:08

Not After

13/10/2026, 14:08

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d8:3f:89:61:67:d8:0b:00:b2:c0:27:f6:35:98:d3:1b:1c:24:ca:9c:63:ac:12:6d:31:45:3c:8c:30:32:c5:7b
Signer

Actual PE Digest

d8:3f:89:61:67:d8:0b:00:b2:c0:27:f6:35:98:d3:1b:1c:24:ca:9c:63:ac:12:6d:31:45:3c:8c:30:32:c5:7b

Digest Algorithm

sha256

PE Digest Matches

true

d8:3f:89:61:67:d8:0b:00:b2:c0:27:f6:35:98:d3:1b:1c:24:ca:9c:63:ac:12:6d:31:45:3c:8c:30:32:c5:7b
Signer

Actual PE Digest

d8:3f:89:61:67:d8:0b:00:b2:c0:27:f6:35:98:d3:1b:1c:24:ca:9c:63:ac:12:6d:31:45:3c:8c:30:32:c5:7b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\B\T\cf3a508b-ac92-488b-86c3-1b2e101b9c5a\build\Win32\Release\McClnUI.pdb

Imports

crypt32

CryptBinaryToStringW
CryptMsgOpenToDecode
CryptMsgUpdate
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CryptDecodeObject
CryptQueryObject
CertGetNameStringW
CertGetCertificateContextProperty
CertFreeCertificateContext
CertGetSubjectCertificateFromStore
CertCloseStore
CryptMsgGetParam
CryptMsgClose
CertGetCertificateChain

wintrust

WinVerifyTrust

psapi

GetModuleFileNameExW
GetModuleInformation
EnumProcessModules

kernel32

ProcessIdToSessionId
WritePrivateProfileStringW
WritePrivateProfileStructW
GetWindowsDirectoryW
GetComputerNameW
GetSystemDefaultLocaleName
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
GetFileSizeEx
MapViewOfFile
WaitForSingleObjectEx
LocalFileTimeToFileTime
SetFileTime
DosDateTimeToFileTime
FormatMessageA
QueryPerformanceCounter
GetSystemTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
LockFileEx
UnlockFile
HeapCompact
DeleteFileA
LoadLibraryA
CreateFileA
FlushViewOfFile
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapValidate
UnlockFileEx
SetEndOfFile
GetFullPathNameA
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
GetFullPathNameW
AreFileApisANSI
TryEnterCriticalSection
DeviceIoControl
GlobalMemoryStatusEx
QueryFullProcessImageNameW
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
CreateThread
GlobalFindAtomW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GlobalAddAtomW
GetSystemInfo
MoveFileW
ReplaceFileW
SetFileAttributesA
GetTempFileNameA
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
SetStdHandle
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
ExitProcess
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
WriteConsoleW
GetStdHandle
VirtualAlloc
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLocaleInfoEx
GetCPInfo
CompareStringEx
GetLongPathNameW
GetTickCount
VirtualQuery
InitializeCriticalSectionAndSpinCount
GetLocalTime
GetCurrentProcessId
CreateMutexW
ReleaseMutex
OutputDebugStringW
SetFilePointer
GetCurrentThreadId
CopyFileW
CreateFileW
lstrlenW
GetModuleHandleExW
GlobalAlloc
GetSystemDirectoryW
InitializeCriticalSection
GetExitCodeProcess
MoveFileExW
IsWow64Process
GetGeoInfoW
GetUserGeoID
GlobalFree
MultiByteToWideChar
SetFileAttributesW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
VerifyVersionInfoW
VerSetConditionMask
SetLastError
LoadLibraryExW
ExpandEnvironmentStringsW
WideCharToMultiByte
WriteFile
DisconnectNamedPipe
FlushFileBuffers
ConnectNamedPipe
CreateNamedPipeW
ResetEvent
CreateEventW
Sleep
CreateProcessW
K32GetModuleBaseNameW
K32EnumProcessModules
OpenProcess
K32EnumProcesses
GetCurrentProcess
RemoveDirectoryW
CreateDirectoryW
GetCurrentDirectoryW
GetTempPathW
GetUserDefaultLCID
GetProcessHeap
FormatMessageW
GetEnvironmentVariableW
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
HeapCreate
ReadFile
FreeLibrary
GetModuleFileNameW
WaitForSingleObject
SetEvent
CloseHandle
LoadLibraryW
DecodePointer
GetProcAddress
GetModuleHandleW
FindResourceExW
FindResourceW
SizeofResource
LockResource
LoadResource
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
LocalFree
LocalAlloc
LCMapStringEx
EncodePointer
IsProcessorFeaturePresent
GetFileInformationByHandleEx
SetFilePointerEx
SetFileInformationByHandle
GetFileInformationByHandle
FindFirstFileExW
GetExitCodeThread
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
InitOnceComplete
InitOnceBeginInitialize
QueryPerformanceFrequency
GetStringTypeW
LoadLibraryExA
VirtualProtect
GetFileSize

user32

MsgWaitForMultipleObjects
GetDC
ReleaseDC
LoadStringW
GetMessageW
DispatchMessageW
UnregisterClassW
TranslateMessage
LoadBitmapW
LoadIconW
DialogBoxParamW
PtInRect
MessageBoxW
LoadAcceleratorsW
TranslateAcceleratorW
IsDialogMessageW
LoadCursorW
RegisterClassExW
GetClientRect
GetDesktopWindow
CreateWindowExW
ShowWindow
UpdateWindow
GetWindowLongW
SetWindowLongW
InvalidateRect
SetWindowPos
SendMessageW
GetDlgItem
SetWindowTextW
MapWindowPoints
PostMessageW
SetTimer
SetLayeredWindowAttributes
BeginPaint
EndPaint
GetCursorPos
ScreenToClient
SetCursor
SetDlgItemTextW
SendDlgItemMessageW
GetWindowRect
CreateDialogParamW
DefWindowProcW
PostQuitMessage
GetDlgItemTextW
DestroyWindow
RedrawWindow
EnableWindow
GetDlgCtrlID
EndDialog
KillTimer
MsgWaitForMultipleObjectsEx
PeekMessageW
GetParent

gdi32

SetBkColor
GetStockObject
SetBkMode
GetObjectW
SelectObject
BitBlt
CreateCompatibleDC
DeleteDC
CreateFontW
CreateBitmap
DeleteObject

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExW
FreeSid
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
InitiateSystemShutdownExW
CreateProcessAsUserW
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessDeniedAce
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptEncrypt
CryptImportKey
CryptGetHashParam
CryptSetKeyParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RevertToSelf
ImpersonateLoggedOnUser
RegQueryInfoKeyW
RegEnumValueW
EventWriteTransfer
EventUnregister
EventRegister
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
TraceEvent
RegSetValueExW
RegSetKeySecurity
RegNotifyChangeKeyValue
RegGetKeySecurity
RegFlushKey
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
EqualSid
GetTokenInformation
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHGetKnownFolderPath
SHGetFolderPathW
ShellExecuteW

ole32

CLSIDFromString
CoCreateGuid
CLSIDFromProgID
StringFromGUID2
StringFromCLSID
CoCreateInstance
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoGetClassObject
CoGetPSClsid
CoSetProxyBlanket

oleaut32

VarUdateFromDate
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantCopy
LoadRegTypeLi
LoadTypeLi
SysStringLen
SysAllocStringLen
VariantClear
VariantInit
SysFreeString
SysAllocString

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameA
PathAddExtensionA
PathRemoveFileSpecA
SHDeleteKeyW
PathFileExistsW
PathFileExistsA
StrTrimW
StrRChrW
PathFindExtensionW
PathRemoveFileSpecW
PathRemoveExtensionA
PathStripToRootW
PathAppendW

ws2_32

WSAStartup
WSACleanup
WSAGetLastError
accept
bind
listen
connect
ioctlsocket
recv
recvfrom
getsockopt
htons
freeaddrinfo
inet_ntop
inet_pton
setsockopt
getpeername
getnameinfo
gethostname
getsockname
select
getaddrinfo
getservbyport
getservbyname
send
sendto
shutdown
socket
closesocket
getprotobyname
getprotobynumber

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInfoList
SetupDiOpenDeviceInterfaceW
SetupDiEnumDeviceInterfaces

wtsapi32

WTSEnumerateSessionsW
WTSEnumerateProcessesW
WTSFreeMemory

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 478KB - Virtual size: 478KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$1/McProxy/McProxy1.ini
$1/McProxy/McProxy4.ini
$1/McProxy/McProxy_uninst.ini
$1/McProxy/RegKeyList_McProxy1.txt
$1/McProxy/RegKeyList_McProxy4.txt
$1/McProxy/depend.ini
$1/McProxy/master.ini
$1/McSvcHost/master.ini
$1/McSvcHost/mcsvhost.ini
$1/McSvcHost/mcsvhost10.ini
$1/McSvcHost/mcsvhost_10_files.txt
$1/McSvcHost/mcsvhost_10_regkeylist.txt
$1/McSvcHost/project.info
$1/Mpf/MPFP_FileList.txt
$1/Mpf/MPFP_RegKeyList.txt
$1/Mpf/MPFP_RegKeyList11.txt
$1/Mpf/MPFP_RegKeyList13.txt
$1/Mpf/MPFP_RegKeyList_NetBTDependency.txt
$1/Mpf/depend.ini
$1/Mpf/firesvc.exe
.exe windows:6 windows x86 arch:x86

df4ddaa445e637b13b0e771e0fec6ffc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

58:7c:d2:1a:05:d3:4d:3d:df:aa:91:28:52:1c:f4:fc
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

21/07/2016, 00:00

Not After

21/07/2019, 23:59

Subject

CN=McAfee\, Inc.,OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

63:85:a6:08:fb:d8:58:eb:44:71:a0:22:cc:e7:6b:8f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/08/2016, 00:00

Not After

21/07/2019, 23:59

Subject

CN=McAfee\, Inc.,OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

29:b5:bf:84:3d:bc:40:c9:a7:41:be:2e:f6:05:5c:8c:c6:27:ee:79:00:8a:1e:df:13:2e:32:4c:04:8e:39:67
Signer

Actual PE Digest

29:b5:bf:84:3d:bc:40:c9:a7:41:be:2e:f6:05:5c:8c:c6:27:ee:79:00:8a:1e:df:13:2e:32:4c:04:8e:39:67

Digest Algorithm

sha256

PE Digest Matches

true

aa:74:aa:aa:06:92:df:ff:d6:f1:76:05:1c:d9:a0:f4:fe:42:f8:e1
Signer

Actual PE Digest

aa:74:aa:aa:06:92:df:ff:d6:f1:76:05:1c:d9:a0:f4:fe:42:f8:e1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\BuildEngineSpace\Temp\739ccb56-46ea-4790-92db-afe0e861e6af\build\Win32\Release\firesvc.pdb

Imports

kernel32

HeapFree
GetModuleFileNameW
InitializeCriticalSectionEx
GetSystemDirectoryW
HeapSize
GetLastError
DeleteFileW
HeapReAlloc
RaiseException
LoadLibraryW
HeapAlloc
DecodePointer
GetProcAddress
MoveFileExW
DeleteCriticalSection
GetProcessHeap
FreeLibrary
CopyFileW
GetModuleHandleW
LoadLibraryExW
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
CloseHandle
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
CompareStringW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetFileType
SetStdHandle
GetStringTypeW
CreateFileW

shlwapi

PathRemoveFileSpecW
PathAppendW

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$1/Mpf/firesvc64.exe
.exe windows:6 windows x64 arch:x64

8476af8211a6be9d7ded394f65a4ed52

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

58:7c:d2:1a:05:d3:4d:3d:df:aa:91:28:52:1c:f4:fc
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

21/07/2016, 00:00

Not After

21/07/2019, 23:59

Subject

CN=McAfee\, Inc.,OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

63:85:a6:08:fb:d8:58:eb:44:71:a0:22:cc:e7:6b:8f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/08/2016, 00:00

Not After

21/07/2019, 23:59

Subject

CN=McAfee\, Inc.,OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0e:61:ce:f1:3f:a6:01:ac:6d:2c:17:bc:c4:75:f1:c2:c4:8d:45:6f:d6:56:4b:c6:dd:2a:37:2d:f5:68:04:c4
Signer

Actual PE Digest

0e:61:ce:f1:3f:a6:01:ac:6d:2c:17:bc:c4:75:f1:c2:c4:8d:45:6f:d6:56:4b:c6:dd:2a:37:2d:f5:68:04:c4

Digest Algorithm

sha256

PE Digest Matches

true

4c:3a:db:5b:b6:fa:6a:2e:24:74:56:03:5b:29:5d:13:ea:ae:f1:57
Signer

Actual PE Digest

4c:3a:db:5b:b6:fa:6a:2e:24:74:56:03:5b:29:5d:13:ea:ae:f1:57

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\BuildEngineSpace\Temp\739ccb56-46ea-4790-92db-afe0e861e6af\UNIQUE_BUILDFOLDER_1\build\x64\Release\firesvc.pdb

Imports

kernel32

HeapFree
GetModuleFileNameW
InitializeCriticalSectionEx
GetSystemDirectoryW
HeapSize
GetLastError
DeleteFileW
HeapReAlloc
RaiseException
LoadLibraryW
HeapAlloc
GetProcAddress
MoveFileExW
DeleteCriticalSection
GetProcessHeap
FreeLibrary
CopyFileW
GetModuleHandleW
LoadLibraryExW
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
CloseHandle
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
CompareStringW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetFileType
SetStdHandle
GetStringTypeW
CreateFileW

shlwapi

PathRemoveFileSpecW
PathAppendW

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$1/Mpf/master.ini
$1/Mpf/mpf11.ini
$1/Mpf/mpf13.ini
$1/Mpf/mpfp.ini
$1/Mpf/mpfp1.ini
$1/Mpf/mpfp2.ini
$1/Mpf/mpfpcu.ini
$1/Mpf/mpfpcu1.ini
$1/Mpf/msc.ini
$1/Mpf/msc1.ini
$1/Mpf/project.info
$1/MpfCleanUP.wse
$1/NMC/master.ini
$1/NMC/nmc.ini
$1/NMC/nmc10.ini
$1/NMC/nmc_10_files.txt
$1/NMC/nmc_10_regkeylist.txt
$1/NMC/project.info
$1/PCB/pcb.ini
$1/PCB/pcb1.ini
$1/PEF/RegKeyList.txt
$1/PEF/pef.ini
$1/PEF/pef1.ini
$1/RESIDUE/RegKeyList_ForceRemove.txt
$1/RESIDUE/RegKeyList_ResidueSVC.txt
$1/RESIDUE/RegKeyList_ResidueSVC_wss.txt
$1/RESIDUE/RegKeyList_Trace.txt
$1/RESIDUE/residue.ini
$1/RESIDUE/residueflist.txt
$1/RESIDUE/residuesvc.ini
$1/RedirSvc/RedirSvc1.ini
$1/RedirSvc/RedirSvc_uninst.ini
$1/RedirSvc/RegKeyList_RedirSvc1.txt
$1/RedirSvc/depend.ini
$1/RedirSvc/master.ini
$1/Remediation/remedi.ini
$1/Remediation/remedi8.ini
$1/SafeConnect/FileList.txt
$1/SafeConnect/RegKeyList.txt
$1/SafeConnect/SafeConnect.ini
$1/SafeConnect/SafeConnect10.ini
$1/SafeConnect/clean_safeconnect.bat
$1/SafeConnect/master.ini
$1/SafeFamily/MFSY.ini
$1/SafeFamily/MFSY1.ini
$1/Silent_VsCleanUP.wse
$1/StartCleanup.bat
$1/StartCleanupDebug.bat
$1/StopServices/stopservices.ini
$1/StopServices/stopservices1.ini
$1/Sustainability/RegKeyList.txt
$1/Sustainability/Sustainability.ini
$1/Sustainability/Sustainability1.ini
$1/Symlink/RegKeyList.txt
$1/Symlink/Symlink.ini
$1/Symlink/Symlink10.ini
$1/Symlink/master.ini
$1/TrueKey/BCARegKeyList.txt
$1/TrueKey/CSPRegKeyList.txt
$1/TrueKey/ITARegKeyList.txt
$1/TrueKey/TrueKey.ini
$1/TrueKey/TrueKey1.ini
$1/TrueKey/TrueKeyRegKeyList.txt
$1/TrueKey/YAP.ini
$1/TrueKey/YAP1.ini
$1/TrueKey/YapRegKeyList.txt
$1/VS/Casper/2.6/32/installer.exe
.exe windows:5 windows x86 arch:x86

84423f4d61c24fb9e63b80494ec26f2c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5d:c9:8b:9a:dd:1b:30:09:09:83:cb:e5:3b:9e:64:06
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05/03/2014, 00:00

Not After

04/03/2017, 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b6:31:7b:bb:44:20:e2:d0:e3:6e:25:12:81:93:97:c4
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

05/04/2016, 00:00

Not After

05/04/2019, 23:59

Subject

CN=Intel Corporation,OU=ISecG Enterprise,O=Intel Corporation,POSTALCODE=95054,STREET=FM1-110+STREET=2200 Mission College Blvd,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:b2:d1:cc:f0:2e:20:dc:c9:5c:62:89:4f:7f:9e:5f:5f:c0:57:bf
Certificate

Issuer

CN=QuoVadis Root Certification Authority,OU=Root Certification Authority,O=QuoVadis Limited,C=BM

Not Before

30/05/2014, 16:35

Not After

17/03/2021, 18:33

Subject

CN=QuoVadis Issuing CA G4,O=QuoVadis Limited,C=BM

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

28:a1:1e:74:fc:0b:87:54:58:0f:50:95:4c:47:c9:4e:67:75:4f:28
Certificate

Issuer

CN=QuoVadis Issuing CA G4,O=QuoVadis Limited,C=BM

Not Before

24/04/2015, 21:46

Not After

24/04/2018, 21:46

Subject

CN=timestamp.intel.com,OU=Thales TSS ESN:E892-D055-162F+OU=Thales TSS ESN:E892-D055-162F,O=Intel Corporation,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0d:da:27:ee:02:19:10:c8:8f:06:02:db:9c:74:6a:18:4f:c0:d3:9c:47:3e:49:eb:a3:22:ce:41:52:a3:ae:ab
Signer

Actual PE Digest

0d:da:27:ee:02:19:10:c8:8f:06:02:db:9c:74:6a:18:4f:c0:d3:9c:47:3e:49:eb:a3:22:ce:41:52:a3:ae:ab

Digest Algorithm

sha256

PE Digest Matches

true

c9:fe:b4:3c:5e:55:07:9d:a3:8a:4b:b2:69:fe:ae:14:d9:36:88:cd
Signer

Actual PE Digest

c9:fe:b4:3c:5e:55:07:9d:a3:8a:4b:b2:69:fe:ae:14:d9:36:88:cd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BUILD_655005\BUILD\update\av_solution\release\installer.pdb

Imports

setupapi

SetupCloseInfFile
SetupInstallServicesFromInfSectionW
SetupOpenInfFileW

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

ntdll

VerSetConditionMask
RtlUnwind

kernel32

lstrlenW
SetEndOfFile
EncodePointer
GetCPInfo
IsDebuggerPresent
HeapReAlloc
CreateThread
ExitThread
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
AreFileApisANSI
HeapSize
GetStdHandle
IsValidCodePage
GetACP
GetOEMCP
GetStartupInfoW
FlushFileBuffers
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetEnvironmentVariableA
VerifyVersionInfoW
GetFileAttributesExW
GetFullPathNameW
GetProcessHeap
HeapFree
HeapAlloc
ExpandEnvironmentStringsW
GetModuleFileNameW
OutputDebugStringW
FormatMessageA
GetSystemInfo
GetVersionExA
QueryPerformanceFrequency
QueryPerformanceCounter
CreateFileA
GetOverlappedResult
WriteFile
CreateNamedPipeA
ConnectNamedPipe
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetSystemDirectoryA
LoadLibraryA
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
WaitForMultipleObjects
ResetEvent
SetEvent
GetCurrentThreadId
GetCurrentThread
GetExitCodeThread
CreateEventA
LoadLibraryExA
InterlockedExchange
ExitProcess
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
InterlockedIncrement
GetFileSizeEx
MultiByteToWideChar
CreateFileW
ReadFile
InterlockedDecrement
GetVersion
IsWow64Process
IsProcessorFeaturePresent
GetVersionExW
GetCurrentProcess
GetModuleHandleA
GetTickCount
SetErrorMode
GetCommandLineW
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32NextW
LockResource
Process32FirstW
MoveFileW
GetExitCodeProcess
SizeofResource
CopyFileW
OpenProcess
WaitForSingleObject
CreateProcessW
LoadResource
FindResourceW
GetDriveTypeW
CloseHandle
OpenEventW
FindNextFileW
CreateEventW
FindClose
Sleep
FindFirstFileW
GetLongPathNameW
GetModuleHandleW
DeleteFileW
WideCharToMultiByte
GetPrivateProfileStringW
LoadLibraryExW
GetNativeSystemInfo
RemoveDirectoryW
GetFileAttributesW
MoveFileExW
SetCurrentDirectoryW
GetCurrentDirectoryW
LocalFree
DeleteCriticalSection
DecodePointer
LocalAlloc
GetProcAddress
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
LoadLibraryW
FreeLibrary
GetModuleHandleExW

psapi

GetModuleFileNameExW

user32

wsprintfW
GetSystemMetrics

advapi32

RegOpenKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyW
GetTraceEnableFlags
GetTraceLoggerHandle
UnregisterTraceGuids
GetTraceEnableLevel
RegisterTraceGuidsW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
EnumerateTraceGuids
StartTraceW
EnableTrace
ControlTraceW
QueryServiceConfigW
GetServiceDisplayNameW
ChangeServiceConfigW
ConvertSecurityDescriptorToStringSecurityDescriptorW
AddAccessDeniedAceEx
FreeSid
AllocateAndInitializeSid
InitializeAcl
QueryServiceObjectSecurity
AddAccessAllowedAceEx
SetServiceObjectSecurity
OpenThreadToken
OpenProcessToken
GetSecurityDescriptorDacl
AdjustTokenPrivileges
GetLengthSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupPrivilegeValueW
CopySid
GetTokenInformation
CryptExportKey
CryptGenKey
CryptGetKeyParam
CryptDestroyKey
CryptGenRandom
CryptReleaseContext
RegCreateKeyExA
RegDeleteKeyA
ImpersonateLoggedOnUser
RevertToSelf
CryptAcquireContextA
CryptImportKey
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptGetHashParam
CryptDeriveKey
CryptSetKeyParam
CryptDecrypt
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegEnumValueW
ControlService
QueryServiceStatus
StartServiceW
ChangeServiceConfig2W
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
TraceEvent

shell32

SHGetFolderPathW
SHCreateDirectoryExW
SHFileOperationW
ord165

shlwapi

SHDeleteKeyW
PathGetDriveNumberW
PathIsNetworkPathW
PathIsRelativeW

ole32

CoUninitialize
CoInitialize
CoTaskMemFree
CLSIDFromString
StringFromCLSID
CoCreateGuid
StringFromGUID2
CoCreateInstance

ws2_32

WSACleanup
closesocket
getsockopt
setsockopt
gethostname
ioctlsocket
send
gethostbyaddr
recv
WSASetLastError
__WSAFDIsSet
select
shutdown
WSAStringToAddressA
WSAStartup
getservbyname
inet_ntoa
gethostbyname
inet_addr
WSAEnumNetworkEvents
WSAGetLastError
connect
getservbyport
WSACreateEvent
WSACloseEvent
WSAEventSelect
ntohl
ntohs
htonl
htons
socket

oleaut32

SysStringByteLen
SysAllocStringLen
SysAllocStringByteLen
SysFreeString
VariantInit
SysAllocString
VariantClear

wintrust

WinVerifyTrust

crypt32

CertNameToStrA
CertGetCertificateContextProperty
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain
CertSetCertificateContextProperty
CertGetNameStringA
CertFindChainInStore
CertOpenSystemStoreA
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject
CertGetIssuerCertificateFromStore
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CertCreateCertificateContext
CryptVerifyMessageSignature
CertVerifySubjectCertificateContext
CryptMsgClose

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 274KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$1/VS/Casper/2.6/32/mfeavsinst.xml
$1/VS/Casper/2.6/64/installer.exe
.exe windows:5 windows x64 arch:x64

fd2a15696a4d0c9fe9dbe0c56ea446cd

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5d:c9:8b:9a:dd:1b:30:09:09:83:cb:e5:3b:9e:64:06
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05/03/2014, 00:00

Not After

04/03/2017, 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b6:31:7b:bb:44:20:e2:d0:e3:6e:25:12:81:93:97:c4
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

05/04/2016, 00:00

Not After

05/04/2019, 23:59

Subject

CN=Intel Corporation,OU=ISecG Enterprise,O=Intel Corporation,POSTALCODE=95054,STREET=FM1-110+STREET=2200 Mission College Blvd,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:b2:d1:cc:f0:2e:20:dc:c9:5c:62:89:4f:7f:9e:5f:5f:c0:57:bf
Certificate

Issuer

CN=QuoVadis Root Certification Authority,OU=Root Certification Authority,O=QuoVadis Limited,C=BM

Not Before

30/05/2014, 16:35

Not After

17/03/2021, 18:33

Subject

CN=QuoVadis Issuing CA G4,O=QuoVadis Limited,C=BM

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

28:a1:1e:74:fc:0b:87:54:58:0f:50:95:4c:47:c9:4e:67:75:4f:28
Certificate

Issuer

CN=QuoVadis Issuing CA G4,O=QuoVadis Limited,C=BM

Not Before

24/04/2015, 21:46

Not After

24/04/2018, 21:46

Subject

CN=timestamp.intel.com,OU=Thales TSS ESN:E892-D055-162F+OU=Thales TSS ESN:E892-D055-162F,O=Intel Corporation,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

11:50:38:69:36:46:d0:24:86:ed:8d:b7:12:c2:a8:0a:e8:fb:29:42:98:a0:8a:6f:a1:f6:c1:09:67:1b:fe:06
Signer

Actual PE Digest

11:50:38:69:36:46:d0:24:86:ed:8d:b7:12:c2:a8:0a:e8:fb:29:42:98:a0:8a:6f:a1:f6:c1:09:67:1b:fe:06

Digest Algorithm

sha256

PE Digest Matches

true

60:65:15:65:5d:48:e4:be:34:9f:2f:b3:39:25:08:81:96:ed:67:ea
Signer

Actual PE Digest

60:65:15:65:5d:48:e4:be:34:9f:2f:b3:39:25:08:81:96:ed:67:ea

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\BUILD_655006\BUILD\update\av_solution\amd64rel\installer.pdb

Imports

setupapi

SetupOpenInfFileW
SetupCloseInfFile
SetupInstallServicesFromInfSectionW

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

ntdll

RtlUnwindEx
VerSetConditionMask
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlPcToFileHeader

kernel32

SetEndOfFile
EncodePointer
GetCPInfo
IsDebuggerPresent
HeapReAlloc
CreateThread
ExitThread
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
AreFileApisANSI
lstrlenW
GetModuleHandleExW
HeapSize
GetStdHandle
IsValidCodePage
GetACP
GetOEMCP
GetStartupInfoW
FlushFileBuffers
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetEnvironmentVariableA
VerifyVersionInfoW
GetFileAttributesExW
GetFullPathNameW
GetCurrentProcess
GetProcessHeap
HeapFree
ExpandEnvironmentStringsW
HeapAlloc
GetModuleFileNameW
OutputDebugStringW
FormatMessageA
GetSystemInfo
GetVersionExA
QueryPerformanceFrequency
QueryPerformanceCounter
CreateFileA
GetOverlappedResult
WriteFile
CreateNamedPipeA
ConnectNamedPipe
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetSystemDirectoryA
LoadLibraryA
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
WaitForMultipleObjects
ResetEvent
SetEvent
GetCurrentThreadId
GetCurrentThread
GetExitCodeThread
CreateEventA
LoadLibraryExA
ExitProcess
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetFileSizeEx
MultiByteToWideChar
CreateFileW
ReadFile
GetVersion
IsProcessorFeaturePresent
GetVersionExW
GetModuleHandleA
GetTickCount
SetErrorMode
GetCommandLineW
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32NextW
LockResource
Process32FirstW
MoveFileW
GetExitCodeProcess
SizeofResource
CopyFileW
OpenProcess
WaitForSingleObject
CreateProcessW
LoadResource
FindResourceW
GetDriveTypeW
CloseHandle
OpenEventW
FindNextFileW
CreateEventW
FindClose
Sleep
FindFirstFileW
GetLongPathNameW
GetModuleHandleW
DeleteFileW
WideCharToMultiByte
GetPrivateProfileStringW
LoadLibraryExW
GetNativeSystemInfo
RemoveDirectoryW
GetFileAttributesW
MoveFileExW
SetCurrentDirectoryW
GetCurrentDirectoryW
LocalFree
DeleteCriticalSection
DecodePointer
LocalAlloc
GetProcAddress
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
LoadLibraryW
FreeLibrary

psapi

GetModuleFileNameExW

user32

GetSystemMetrics
wsprintfW

advapi32

RegCloseKey
GetNamedSecurityInfoW
SetNamedSecurityInfoW
EnumerateTraceGuids
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyW
GetTraceEnableFlags
GetTraceLoggerHandle
UnregisterTraceGuids
GetTraceEnableLevel
RegisterTraceGuidsW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
StartTraceW
EnableTrace
ControlTraceW
QueryServiceConfigW
GetServiceDisplayNameW
ChangeServiceConfigW
ConvertSecurityDescriptorToStringSecurityDescriptorW
AddAccessDeniedAceEx
FreeSid
AllocateAndInitializeSid
InitializeAcl
QueryServiceObjectSecurity
AddAccessAllowedAceEx
SetServiceObjectSecurity
OpenThreadToken
OpenProcessToken
GetSecurityDescriptorDacl
AdjustTokenPrivileges
GetLengthSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupPrivilegeValueW
CopySid
GetTokenInformation
CryptExportKey
CryptGenKey
CryptGetKeyParam
CryptDestroyKey
CryptGenRandom
CryptReleaseContext
RegCreateKeyExA
RegDeleteKeyA
ImpersonateLoggedOnUser
RevertToSelf
CryptAcquireContextA
CryptImportKey
CryptDestroyHash
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDeriveKey
CryptSetKeyParam
CryptDecrypt
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegEnumValueW
ControlService
QueryServiceStatus
StartServiceW
ChangeServiceConfig2W
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
TraceEvent

shell32

SHFileOperationW
SHGetFolderPathW
ord165
SHCreateDirectoryExW

shlwapi

PathIsNetworkPathW
PathIsRelativeW
SHDeleteKeyW
PathGetDriveNumberW

ole32

StringFromCLSID
CoCreateGuid
CLSIDFromString
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoInitialize
CoUninitialize

ws2_32

gethostbyaddr
getservbyport
WSASetLastError
WSACleanup
closesocket
getsockopt
setsockopt
socket
ioctlsocket
send
recv
getservbyname
connect
WSACreateEvent
select
shutdown
WSACloseEvent
WSAEventSelect
ntohl
ntohs
htonl
htons
gethostname
WSAStringToAddressA
gethostbyname
inet_ntoa
WSAStartup
inet_addr
WSAEnumNetworkEvents
WSAGetLastError
__WSAFDIsSet

oleaut32

SysStringByteLen
SysAllocStringLen
SysAllocStringByteLen
SysFreeString
VariantInit
SysAllocString
VariantClear

wintrust

WinVerifyTrust

crypt32

CryptVerifyMessageSignature
CertVerifySubjectCertificateContext
CertGetIssuerCertificateFromStore
CertNameToStrA
CertFreeCertificateChain
CertGetCertificateContextProperty
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertSetCertificateContextProperty
CertGetNameStringA
CertFindChainInStore
CertOpenSystemStoreA
CertCreateCertificateContext
CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptMsgClose

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 451KB - Virtual size: 450KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$1/VS/Casper/2.6/64/mfeavsinst.xml
$1/VS/Casper/latest/32/mfeamcin.exe
.exe windows:5 windows x86 arch:x86

5553d42d102df7e3ac059fba9ed73bf2

Code Sign

63:85:a6:08:fb:d8:58:eb:44:71:a0:22:cc:e7:6b:8f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/08/2016, 00:00

Not After

21/07/2019, 23:59

Subject

CN=McAfee\, Inc.,OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

da:6e:88:13:1a:19:8f:bf:d5:1d:94:e5:e4:c3:1a:bc:2a:d3:a8:f4:4b:01:4a:49:a0:12:58:62:c4:47:f8:77
Signer

Actual PE Digest

da:6e:88:13:1a:19:8f:bf:d5:1d:94:e5:e4:c3:1a:bc:2a:d3:a8:f4:4b:01:4a:49:a0:12:58:62:c4:47:f8:77

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BUILD_693644\BUILD\update\av_solution\release\mfeamcin.pdb

Imports

setupapi

SetupCloseInfFile
SetupInstallServicesFromInfSectionW
SetupOpenInfFileW

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

ntdll

VerSetConditionMask
RtlUnwind

kernel32

lstrlenW
SetEndOfFile
EncodePointer
GetCPInfo
IsDebuggerPresent
HeapReAlloc
CreateThread
ExitThread
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
AreFileApisANSI
HeapSize
GetStdHandle
IsValidCodePage
GetACP
GetOEMCP
GetStartupInfoW
FlushFileBuffers
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetEnvironmentVariableA
GetFileAttributesExW
GetFullPathNameW
GetProcessHeap
HeapFree
HeapAlloc
GetModuleFileNameW
OutputDebugStringW
ExpandEnvironmentStringsW
FormatMessageA
GetSystemInfo
GetVersionExA
QueryPerformanceFrequency
QueryPerformanceCounter
CreateFileA
GetOverlappedResult
WriteFile
CreateNamedPipeA
ConnectNamedPipe
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetSystemDirectoryA
LoadLibraryA
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
WaitForMultipleObjects
ResetEvent
SetEvent
GetCurrentThreadId
GetCurrentThread
GetExitCodeThread
CreateEventA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
LoadLibraryExA
InterlockedExchange
VerifyVersionInfoW
ExitProcess
SetLastError
GetFileSizeEx
MultiByteToWideChar
CreateFileW
ReadFile
InterlockedIncrement
InterlockedDecrement
GetVersion
IsWow64Process
IsProcessorFeaturePresent
GetVersionExW
GetCurrentProcess
GetModuleHandleA
GetTickCount
SetErrorMode
GetCommandLineW
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32NextW
LockResource
Process32FirstW
MoveFileW
GetExitCodeProcess
SizeofResource
CopyFileW
OpenProcess
WaitForSingleObject
CreateProcessW
LoadResource
FindResourceW
GetDriveTypeW
CloseHandle
OpenEventW
FindNextFileW
CreateEventW
FindClose
Sleep
FindFirstFileW
GetLongPathNameW
GetModuleHandleW
DeleteFileW
WideCharToMultiByte
GetPrivateProfileStringW
LoadLibraryExW
GetNativeSystemInfo
RemoveDirectoryW
GetFileAttributesW
MoveFileExW
SetCurrentDirectoryW
GetCurrentDirectoryW
LocalFree
DeleteCriticalSection
DecodePointer
LocalAlloc
GetProcAddress
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
LoadLibraryW
FreeLibrary
GetModuleHandleExW

psapi

GetModuleFileNameExW

user32

wsprintfW
GetSystemMetrics

advapi32

RegOpenKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyW
GetTraceEnableFlags
GetTraceLoggerHandle
UnregisterTraceGuids
GetTraceEnableLevel
RegisterTraceGuidsW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
EnumerateTraceGuids
StartTraceW
EnableTrace
ControlTraceW
QueryServiceConfigW
GetServiceDisplayNameW
ChangeServiceConfigW
ConvertSecurityDescriptorToStringSecurityDescriptorW
AddAccessDeniedAceEx
FreeSid
AllocateAndInitializeSid
InitializeAcl
QueryServiceObjectSecurity
AddAccessAllowedAceEx
SetServiceObjectSecurity
OpenThreadToken
OpenProcessToken
GetSecurityDescriptorDacl
AdjustTokenPrivileges
GetLengthSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupPrivilegeValueW
CopySid
GetTokenInformation
CryptExportKey
CryptGenKey
CryptGetKeyParam
CryptDestroyKey
CryptGenRandom
CryptReleaseContext
RegCreateKeyExA
RegDeleteKeyA
ImpersonateLoggedOnUser
RevertToSelf
CryptAcquireContextA
CryptImportKey
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptGetHashParam
CryptDeriveKey
CryptSetKeyParam
CryptDecrypt
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegEnumValueW
ControlService
QueryServiceStatus
StartServiceW
ChangeServiceConfig2W
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
TraceEvent

shell32

SHGetFolderPathW
SHCreateDirectoryExW
SHFileOperationW
ord165

shlwapi

SHDeleteKeyW
PathGetDriveNumberW
PathIsNetworkPathW
PathIsRelativeW

ole32

CoUninitialize
CoInitialize
CoTaskMemFree
CLSIDFromString
StringFromCLSID
CoCreateGuid
StringFromGUID2
CoCreateInstance

ws2_32

WSACleanup
closesocket
getsockopt
setsockopt
gethostname
ioctlsocket
send
gethostbyaddr
recv
WSASetLastError
__WSAFDIsSet
select
shutdown
WSAStringToAddressA
WSAStartup
getservbyname
inet_ntoa
gethostbyname
inet_addr
WSAEnumNetworkEvents
WSAGetLastError
connect
getservbyport
WSACreateEvent
WSACloseEvent
WSAEventSelect
ntohl
ntohs
htonl
htons
socket

oleaut32

SysStringByteLen
SysAllocStringLen
SysAllocStringByteLen
SysFreeString
VariantInit
SysAllocString
VariantClear

wintrust

WinVerifyTrust

crypt32

CertNameToStrA
CertGetCertificateContextProperty
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain
CertSetCertificateContextProperty
CertGetNameStringA
CertFindChainInStore
CertOpenSystemStoreA
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject
CertGetIssuerCertificateFromStore
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CertCreateCertificateContext
CryptVerifyMessageSignature
CertVerifySubjectCertificateContext
CryptMsgClose

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 275KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 292KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$1/VS/Casper/latest/32/mfeavsinst.xml
$1/VS/Casper/latest/32/mfeavsinst_lam.xml
$1/VS/Casper/latest/64/mfeamcin.exe
.exe windows:5 windows x64 arch:x64

23f9e55579a0736567178af39e5045af

Code Sign

63:85:a6:08:fb:d8:58:eb:44:71:a0:22:cc:e7:6b:8f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/08/2016, 00:00

Not After

21/07/2019, 23:59

Subject

CN=McAfee\, Inc.,OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

33:3e:df:89:bc:e0:57:b8:ba:f4:23:a6:21:ea:93:bb:c7:18:f2:ec:24:6d:ea:83:98:20:27:a8:d6:03:71:10
Signer

Actual PE Digest

33:3e:df:89:bc:e0:57:b8:ba:f4:23:a6:21:ea:93:bb:c7:18:f2:ec:24:6d:ea:83:98:20:27:a8:d6:03:71:10

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\BUILD_693645\BUILD\update\av_solution\amd64rel\mfeamcin.pdb

Imports

setupapi

SetupOpenInfFileW
SetupCloseInfFile
SetupInstallServicesFromInfSectionW

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

ntdll

RtlUnwindEx
VerSetConditionMask
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlPcToFileHeader

kernel32

lstrlenW
SetEndOfFile
EncodePointer
GetCPInfo
IsDebuggerPresent
HeapReAlloc
CreateThread
ExitThread
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
AreFileApisANSI
GetModuleHandleExW
HeapSize
GetStdHandle
IsValidCodePage
GetACP
GetOEMCP
GetStartupInfoW
FlushFileBuffers
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetEnvironmentVariableA
GetFileAttributesExW
GetFullPathNameW
GetCurrentProcess
GetProcessHeap
HeapFree
HeapAlloc
GetModuleFileNameW
ExpandEnvironmentStringsW
OutputDebugStringW
FormatMessageA
GetSystemInfo
GetVersionExA
QueryPerformanceFrequency
QueryPerformanceCounter
CreateFileA
GetOverlappedResult
WriteFile
CreateNamedPipeA
ConnectNamedPipe
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetSystemDirectoryA
LoadLibraryA
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
WaitForMultipleObjects
ResetEvent
SetEvent
GetCurrentThreadId
GetCurrentThread
GetExitCodeThread
CreateEventA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
LoadLibraryExA
VerifyVersionInfoW
ExitProcess
SetLastError
GetFileSizeEx
MultiByteToWideChar
CreateFileW
ReadFile
GetVersion
IsProcessorFeaturePresent
GetVersionExW
GetModuleHandleA
GetTickCount
SetErrorMode
GetCommandLineW
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32NextW
LockResource
Process32FirstW
MoveFileW
GetExitCodeProcess
SizeofResource
CopyFileW
OpenProcess
WaitForSingleObject
CreateProcessW
LoadResource
FindResourceW
GetDriveTypeW
CloseHandle
OpenEventW
FindNextFileW
CreateEventW
FindClose
Sleep
FindFirstFileW
GetLongPathNameW
GetModuleHandleW
DeleteFileW
WideCharToMultiByte
GetPrivateProfileStringW
LoadLibraryExW
GetNativeSystemInfo
RemoveDirectoryW
GetFileAttributesW
MoveFileExW
SetCurrentDirectoryW
GetCurrentDirectoryW
LocalFree
DeleteCriticalSection
DecodePointer
LocalAlloc
GetProcAddress
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
LoadLibraryW
FreeLibrary

psapi

GetModuleFileNameExW

user32

GetSystemMetrics
wsprintfW

advapi32

RegCloseKey
GetNamedSecurityInfoW
SetNamedSecurityInfoW
EnumerateTraceGuids
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyW
GetTraceEnableFlags
GetTraceLoggerHandle
UnregisterTraceGuids
GetTraceEnableLevel
RegisterTraceGuidsW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
StartTraceW
EnableTrace
ControlTraceW
QueryServiceConfigW
GetServiceDisplayNameW
ChangeServiceConfigW
ConvertSecurityDescriptorToStringSecurityDescriptorW
AddAccessDeniedAceEx
FreeSid
AllocateAndInitializeSid
InitializeAcl
QueryServiceObjectSecurity
AddAccessAllowedAceEx
SetServiceObjectSecurity
OpenThreadToken
OpenProcessToken
GetSecurityDescriptorDacl
AdjustTokenPrivileges
GetLengthSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupPrivilegeValueW
CopySid
GetTokenInformation
CryptExportKey
CryptGenKey
CryptGetKeyParam
CryptDestroyKey
CryptGenRandom
CryptReleaseContext
RegCreateKeyExA
RegDeleteKeyA
ImpersonateLoggedOnUser
RevertToSelf
CryptAcquireContextA
CryptImportKey
CryptDestroyHash
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDeriveKey
CryptSetKeyParam
CryptDecrypt
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegEnumValueW
ControlService
QueryServiceStatus
StartServiceW
ChangeServiceConfig2W
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
TraceEvent

shell32

SHFileOperationW
SHGetFolderPathW
ord165
SHCreateDirectoryExW

shlwapi

PathIsNetworkPathW
PathIsRelativeW
SHDeleteKeyW
PathGetDriveNumberW

ole32

StringFromCLSID
CoCreateGuid
CLSIDFromString
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoInitialize
CoUninitialize

ws2_32

gethostbyaddr
getservbyport
WSASetLastError
WSACleanup
closesocket
getsockopt
setsockopt
socket
ioctlsocket
send
recv
getservbyname
connect
WSACreateEvent
select
shutdown
WSACloseEvent
WSAEventSelect
ntohl
ntohs
htonl
htons
gethostname
WSAStringToAddressA
gethostbyname
inet_ntoa
WSAStartup
inet_addr
WSAEnumNetworkEvents
WSAGetLastError
__WSAFDIsSet

oleaut32

SysStringByteLen
SysAllocStringLen
SysAllocStringByteLen
SysFreeString
VariantInit
SysAllocString
VariantClear

wintrust

WinVerifyTrust

crypt32

CryptVerifyMessageSignature
CertVerifySubjectCertificateContext
CertGetIssuerCertificateFromStore
CertNameToStrA
CertFreeCertificateChain
CertGetCertificateContextProperty
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertSetCertificateContextProperty
CertGetNameStringA
CertFindChainInStore
CertOpenSystemStoreA
CertCreateCertificateContext
CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptMsgClose

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 451KB - Virtual size: 450KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 386KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$1/VS/Casper/latest/64/mfeavsinst.xml
$1/VS/Casper/latest/64/mfeavsinst_lam.xml
$1/VS/ReleaseNotes.txt
$1/VS/SdOASMon.dll
.dll windows:4 windows x86 arch:x86

4f8e1fb56e1432421c0c907cb7a0e180

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\McAfee\CVS\sunsrc\build\win32\release\SdOASMon.pdb

Imports

wintrust

WinVerifyTrust

kernel32

Sleep
SystemTimeToFileTime
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetVersionExA
LoadLibraryA
GetSystemDirectoryA
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
lstrlenA
GetLastError
GetACP
GetLocaleInfoA
GetThreadLocale
GetCurrentProcessId
FindClose
FindFirstFileA
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleFileNameW
OutputDebugStringA
GetShortPathNameA
RaiseException
GetCurrentThreadId
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
HeapReAlloc
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCPInfo
GetOEMCP
VirtualAlloc
WriteFile
HeapSize
InterlockedExchange
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

advapi32

RegDeleteKeyW
CloseServiceHandle
RegCloseKey
RegSetValueExW
RegOpenKeyExW

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString

Exports

Exports

SdOASMon

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$1/VS/VSCore/10.16/MCAFEECERTS/McAfeeCerts.xml
.xml
$1/VS/VSCore/10.16/Packages/vscore/vtpinfo.exe
.exe windows:6 windows x86 arch:x86

75e8380a42d85ebe52b19873a1bfecd5

Code Sign

7b:52:e6:04:46:ec:9b:17:8e:92:9f:7c:36:15:4a:eb
Certificate

Issuer

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Not Before

25/02/2021, 00:00

Not After

25/02/2022, 23:59

Subject

CN=McAfee\, Inc.,OU=Engineering,O=McAfee\, Inc.,POSTALCODE=95054,STREET=2821 Mission College Blvd,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ca:c1:f1:dd:01:7e:80:f1:2b:4d:17:c1:69:6d:9b:a5
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

27/10/2014, 00:00

Not After

26/10/2024, 23:59

Subject

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/07/2015, 21:03

Not After

22/07/2025, 21:03

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

36:89:c4:13:24:8e:63:d3:a2:78:b4:ea
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

12/07/2019, 18:58

Not After

12/07/2022, 18:58

Subject

CN=McAfee\, Inc.,OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:f3:8d:02:55:ab:48:e2:d7:27:50:2f:66:b2:59:9f:26:d2:12:05:2e:67:10:71:f5:9f:8f:e6:16:8f:e7:59
Signer

Actual PE Digest

35:f3:8d:02:55:ab:48:e2:d7:27:50:2f:66:b2:59:9f:26:d2:12:05:2e:67:10:71:f5:9f:8f:e6:16:8f:e7:59

Digest Algorithm

sha256

PE Digest Matches

true

35:f3:8d:02:55:ab:48:e2:d7:27:50:2f:66:b2:59:9f:26:d2:12:05:2e:67:10:71:f5:9f:8f:e6:16:8f:e7:59
Signer

Actual PE Digest

35:f3:8d:02:55:ab:48:e2:d7:27:50:2f:66:b2:59:9f:26:d2:12:05:2e:67:10:71:f5:9f:8f:e6:16:8f:e7:59

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\workspace\McAfee\Corporate_Products\MPT\NA\SYSCORE\build_job\syscore\build\release_2019\bin\Release\vtpinfo.pdb

Imports

kernel32

GetCurrentDirectoryW
CreateFileW
GetFileSize
ReadFile
WriteFile
OutputDebugStringW
CloseHandle
GetLastError
SetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
CreateProcessW
FreeLibrary
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetProcAddress
LoadLibraryExW
LocalAlloc
LocalFree
FormatMessageA
FormatMessageW
LoadLibraryW
FileTimeToSystemTime
GetStdHandle
GetEnvironmentVariableW
SetEnvironmentVariableW
SetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileInformationByHandle
GetFileTime
GetFullPathNameW
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFilePointer
SetFileTime
DuplicateHandle
SetErrorMode
CreatePipe
SetEvent
ResetEvent
CreateEventW
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
CreateThread
GetCurrentThreadId
GetSystemTimeAsFileTime
CopyFileExW
MoveFileW
MoveFileExW
GetComputerNameW
SystemTimeToFileTime
FreeConsole
SetConsoleCtrlHandler
GenerateConsoleCtrlEvent
MultiByteToWideChar
GetSystemDirectoryW
GetModuleHandleW
GetCurrentThread
DeviceIoControl
GetCurrentProcessId
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
WriteConsoleW
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetCommandLineA
GetCommandLineW
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
SetFilePointerEx
GetConsoleMode
ReadConsoleW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleOutputCP
GetFileSizeEx
HeapSize
HeapReAlloc
DecodePointer

Sections

.text
Size: 449KB - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bldvar
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$1/VS/VSCore/4.6/32/DAInstall.exe
.exe windows:4 windows x86 arch:x86

860d02467a6068edaa9db0fe37c0dbd9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5d:c9:8b:9a:dd:1b:30:09:09:83:cb:e5:3b:9e:64:06
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05/03/2014, 00:00

Not After

04/03/2017, 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ab:56:77:88:88:64:6b:ed:da:6a:d6:d4:2e:04:b1:e0:1a:30:54:5f
Signer

Actual PE Digest

ab:56:77:88:88:64:6b:ed:da:6a:d6:d4:2e:04:b1:e0:1a:30:54:5f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BUILD_440197\BUILD\VSCore\release\DAInstall.pdb

Imports

msvcrt

_onexit
_lock
__dllonexit
_unlock
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
iswdigit
qsort
printf
towlower
?terminate@@YAXXZ
_controlfp
towupper
realloc
memmove
wcschr
_errno
_wfopen
fwprintf
vfwprintf
fclose
vwprintf
time
localtime
_wcsnicmp
swscanf
wprintf
_wcslwr
iswspace
wcsrchr
_snwprintf
_wcsicmp
wcsstr
wcsncpy
memset
malloc
free
memcpy

kernel32

GetLocalTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
OutputDebugStringA
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
DebugBreak
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
TerminateProcess
GetTickCount
GetCurrentThreadId
MoveFileW
CreateDirectoryW
SetErrorMode
CreateFileW
CloseHandle
DeviceIoControl
LocalFree
LocalAlloc
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleHandleW
GetLastError
GetCurrentProcess
GetVersionExW
GetShortPathNameW
GetSystemTimeAsFileTime
MoveFileExW
RemoveDirectoryW
GetModuleFileNameW
LoadLibraryExW
FindClose
FindFirstFileW
WriteFile
SetEndOfFile
SetFilePointer
WideCharToMultiByte
MultiByteToWideChar
ReadFile
GetFileSize
FindNextFileW
lstrlenW
GetSystemDirectoryW
DeleteFileW
GetFileAttributesW
Sleep
CopyFileW
FormatMessageW
InterlockedDecrement
InterlockedCompareExchange
InterlockedIncrement

user32

LoadStringW
wsprintfW

advapi32

OpenProcessToken
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
RegSetValueExW
GetTokenInformation
SetSecurityDescriptorOwner
RegGetKeySecurity
RegOpenKeyExW
RegSetKeySecurity
RegCloseKey
TraceEvent
LookupPrivilegeValueW
AdjustTokenPrivileges
ConvertStringSidToSidW
GetFileSecurityW
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetLengthSid
GetAclInformation
InitializeAcl
AddAce
GetAce
EqualSid
AddAccessAllowedAce
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
SetFileSecurityW
FreeSid
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags

shell32

SHGetFolderPathW

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bldvar
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$1/VS/VSCore/4.6/32/mfeapfk.inf
$1/VS/VSCore/4.6/32/mfeavfk.inf
$1/VS/VSCore/4.6/32/mfebopk.inf
$1/VS/VSCore/4.6/32/mfefirek.inf
$1/VS/VSCore/4.6/32/mfehidin.exe
.exe windows:5 windows x86 arch:x86

bccdaa9888134cf1ca42259ef1662433

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5d:c9:8b:9a:dd:1b:30:09:09:83:cb:e5:3b:9e:64:06
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05/03/2014, 00:00

Not After

04/03/2017, 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4b:a3:78:a5:cd:09:9f:e8:2c:60:f9:9d:74:23:31:e4:e7:c5:5d:6a
Signer

Actual PE Digest

4b:a3:78:a5:cd:09:9f:e8:2c:60:f9:9d:74:23:31:e4:e7:c5:5d:6a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BUILD_442000\BUILD\SYSCore\release\mfehidin.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

setupapi

SetupCloseInfFile
SetupInstallServicesFromInfSectionW
SetupInstallFromInfSectionW
SetupOpenInfFileW
SetupInitDefaultQueueCallbackEx
SetupFindNextLine
SetupCopyOEMInfW
SetupDefaultQueueCallbackW
SetupFindFirstLineW
SetupGetStringFieldW

cabinet

ord23
ord20
ord22

kernel32

InterlockedIncrement
InterlockedDecrement
SetErrorMode
GetStdHandle
SetEndOfFile
CreateDirectoryW
GetCurrentDirectoryW
MoveFileW
CopyFileExW
GetTickCount
TerminateProcess
GetSystemInfo
GetVersionExA
InterlockedCompareExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TlsAlloc
TlsSetValue
TlsGetValue
DebugBreak
InitializeCriticalSectionAndSpinCount
GetFileAttributesExW
GetSystemWindowsDirectoryW
QueryDosDeviceW
GetLogicalDriveStringsW
GetCurrentDirectoryA
VirtualProtect
IsBadReadPtr
HeapAlloc
HeapFree
RtlUnwind
DeleteFileA
HeapReAlloc
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
GetModuleHandleA
ExitProcess
GetModuleFileNameA
GetProcessHeap
TlsFree
HeapSize
GetCPInfo
GetACP
GetOEMCP
GetTimeZoneInformation
LCMapStringA
MultiByteToWideChar
SetLastError
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
VirtualQuery
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetTempPathA
GetTempFileNameA
GetFileAttributesExA
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetModuleHandleW
GetWindowsDirectoryW
ReadFile
GetEnvironmentVariableW
GetLocalTime
GetCurrentThreadId
FindFirstFileW
RemoveDirectoryW
FindClose
DeleteFileW
FindNextFileW
GetSystemDirectoryW
GetModuleFileNameW
Sleep
CreateProcessW
WaitForSingleObject
GetSystemTimeAsFileTime
GetShortPathNameW
MoveFileExW
GetFileAttributesW
SetFileAttributesW
LoadLibraryA
WideCharToMultiByte
GetFullPathNameA
DeviceIoControl
CloseHandle
CreateFileW
GetLastError
LoadLibraryW
GetProcAddress
FreeLibrary
LocalAlloc
LocalFree
SetConsoleCtrlHandler
GetCurrentProcess
GetExitCodeProcess
SetCurrentDirectoryW
GetFullPathNameW
CreateMutexW
LoadLibraryExW
GetVersionExW
CreateDirectoryA
SetFilePointer
WriteFile
LCMapStringW
CreateFileA
GetVersion
OutputDebugStringA

advapi32

CryptReleaseContext
GetExplicitEntriesFromAclW
IsValidSid
EqualSid
LookupPrivilegeValueW
AdjustTokenPrivileges
BuildTrusteeWithSidW
SetEntriesInAclW
FreeSid
AllocateAndInitializeSid
RegEnumValueW
CryptAcquireContextW
CryptGetProvParam
RegSetValueExW
RegCreateKeyExW
OpenProcessToken
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegQueryValueExW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
ControlService
QueryServiceStatus
StartServiceW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyW
RegSetValueW
RegOpenKeyW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
ChangeServiceConfig2W
CreateServiceW
OpenSCManagerW
OpenServiceW
ChangeServiceConfigW
CloseServiceHandle
StartTraceW
EnableTrace
ControlTraceW
TraceEvent
GetSecurityDescriptorDacl

shell32

SHGetFolderPathW

shlwapi

SHGetValueW
SHSetValueW
wnsprintfW
SHDeleteKeyW

ole32

CoInitialize
CoCreateInstance

oleaut32

VariantInit
SysStringLen
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysAllocStringLen

crypt32

CertOpenStore
CertFindCertificateInStore
CertVerifySubjectCertificateContext
CryptAcquireCertificatePrivateKey
CertGetCertificateChain
CryptSignMessage
CertFreeCertificateChain
CertFreeCertificateContext
CertCloseStore
CryptVerifyDetachedMessageSignature

sfc

SfcIsFileProtected

Sections

.text
Size: 313KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bldvar
Size: 512B - Virtual size: 19B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$1/VS/VSCore/4.6/32/mfehidk.inf
$1/VS/VSCore/4.6/32/mfendisk.inf
$1/VS/VSCore/4.6/32/mfendisk_m.inf
$1/VS/VSCore/4.6/32/mfenlfk.inf
$1/VS/VSCore/4.6/32/mfetdi2k.inf
$1/VS/VSCore/4.6/32/mfewfpk.inf
$1/VS/VSCore/4.6/32/vscore.xml
$1/VS/VSCore/4.6/64/DAInstall.exe
.exe windows:5 windows x64 arch:x64

297a7bdeb8d026c12612658f8de81871

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5d:c9:8b:9a:dd:1b:30:09:09:83:cb:e5:3b:9e:64:06
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05/03/2014, 00:00

Not After

04/03/2017, 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:a9:61:d8:82:1f:a4:51:bf:ab:13:19:32:d2:a7:6d:3d:2d:82:3f
Signer

Actual PE Digest

52:a9:61:d8:82:1f:a4:51:bf:ab:13:19:32:d2:a7:6d:3d:2d:82:3f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\BUILD_440197\BUILD\VSCore\amd64rel\DAInstall.pdb

Imports

msvcrt

_onexit
_lock
__dllonexit
_unlock
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
exit
_cexit
_exit
_XcptFilter
__wgetmainargs
?terminate@@YAXXZ
iswdigit
qsort
towlower
wcschr
towupper
realloc
memmove
_wfopen
fwprintf
vfwprintf
fclose
vwprintf
time
localtime
_wcsnicmp
swscanf
wprintf
_wcslwr
iswspace
wcsrchr
_snwprintf
_wcsicmp
wcsstr
wcsncpy
memset
malloc
free
__C_specific_handler
memcpy

kernel32

GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
DebugBreak
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
TerminateProcess
GetTickCount
GetCurrentThreadId
MoveFileW
GetFileAttributesW
SetErrorMode
CreateFileW
CloseHandle
DeviceIoControl
LocalFree
LocalAlloc
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleHandleW
GetLastError
GetCurrentProcess
GetVersionExW
GetShortPathNameW
GetSystemTimeAsFileTime
MoveFileExW
GetModuleFileNameW
LoadLibraryExW
FindClose
FindFirstFileW
SetFilePointer
ReadFile
lstrlenW
GetSystemDirectoryW
DeleteFileW
Sleep
CopyFileW
FormatMessageW
GetLocalTime
FindNextFileW

user32

LoadStringW
wsprintfW

advapi32

RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
GetTokenInformation
SetSecurityDescriptorOwner
RegGetKeySecurity
RegOpenKeyExW
RegSetKeySecurity
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
ConvertStringSidToSidW
GetFileSecurityW
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
InitializeAcl
GetAce
EqualSid
AddAce
AddAccessAllowedAce
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
SetFileSecurityW
FreeSid
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
TraceEvent

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bldvar
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$1/VS/VSCore/4.6/64/mfeapfk.inf
$1/VS/VSCore/4.6/64/mfeavfk.inf
$1/VS/VSCore/4.6/64/mfefirek.inf
$1/VS/VSCore/4.6/64/mfehidin.exe
.exe windows:5 windows x64 arch:x64

5299e86d38a7ee05cf1ca5a5d99733db

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5d:c9:8b:9a:dd:1b:30:09:09:83:cb:e5:3b:9e:64:06
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05/03/2014, 00:00

Not After

04/03/2017, 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

49:7a:9d:07:25:4c:17:66:6b:16:62:f7:72:5c:ca:52:5a:e4:7c:31
Signer

Actual PE Digest

49:7a:9d:07:25:4c:17:66:6b:16:62:f7:72:5c:ca:52:5a:e4:7c:31

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\BUILD_442000\BUILD\SYSCore\amd64rel\mfehidin.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

setupapi

SetupOpenInfFileW
SetupInitDefaultQueueCallbackEx
SetupFindFirstLineW
SetupDefaultQueueCallbackW
SetupInstallFromInfSectionW
SetupInstallServicesFromInfSectionW
SetupCloseInfFile
SetupFindNextLine
SetupCopyOEMInfW
SetupGetStringFieldW

cabinet

ord23
ord20
ord22

kernel32

SetLastError
SetErrorMode
GetStdHandle
SetEndOfFile
CreateDirectoryW
GetCurrentDirectoryW
MoveFileW
CopyFileExW
GetTickCount
TerminateProcess
GetSystemInfo
GetVersionExA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
DebugBreak
InitializeCriticalSectionAndSpinCount
GetFileAttributesExW
GetSystemWindowsDirectoryW
QueryDosDeviceW
GetLogicalDriveStringsW
GetVersion
GetTempPathA
VirtualProtect
IsBadReadPtr
HeapAlloc
HeapFree
RtlLookupFunctionEntry
RtlUnwindEx
DeleteFileA
HeapReAlloc
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
ExitProcess
GetModuleFileNameA
HeapSetInformation
HeapCreate
GetProcessHeap
OutputDebugStringA
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
RtlPcToFileHeader
HeapSize
GetCPInfo
GetOEMCP
GetTimeZoneInformation
LCMapStringW
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetStringTypeW
GetConsoleCP
GetConsoleMode
VirtualAlloc
SetThreadStackGuarantee
VirtualQuery
FlushFileBuffers
SetStdHandle
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetTempFileNameA
GetFileAttributesExA
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetModuleHandleW
GetWindowsDirectoryW
ReadFile
GetEnvironmentVariableW
GetLocalTime
GetCurrentThreadId
FindFirstFileW
RemoveDirectoryW
DeleteFileW
FindNextFileW
FindClose
GetSystemWow64DirectoryW
GetSystemDirectoryW
GetModuleFileNameW
Sleep
CreateProcessW
WaitForSingleObject
GetSystemTimeAsFileTime
GetShortPathNameW
MoveFileExW
GetFileAttributesW
SetFileAttributesW
LoadLibraryA
WideCharToMultiByte
GetFullPathNameA
DeviceIoControl
CloseHandle
CreateFileW
GetLastError
LoadLibraryW
GetProcAddress
FreeLibrary
LocalAlloc
LocalFree
GetCurrentProcess
GetExitCodeProcess
SetConsoleCtrlHandler
SetCurrentDirectoryW
GetFullPathNameW
CreateMutexW
LoadLibraryExW
GetVersionExW
CreateDirectoryA
SetFilePointer
WriteFile
CreateFileA
GetACP
GetCurrentDirectoryA

advapi32

CryptReleaseContext
GetExplicitEntriesFromAclW
IsValidSid
EqualSid
LookupPrivilegeValueW
AdjustTokenPrivileges
BuildTrusteeWithSidW
SetEntriesInAclW
FreeSid
AllocateAndInitializeSid
RegEnumValueW
CryptAcquireContextW
CryptGetProvParam
RegSetValueExW
RegCreateKeyExW
OpenProcessToken
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegQueryValueExW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
ControlService
QueryServiceStatus
StartServiceW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyW
RegSetValueW
RegOpenKeyW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
ChangeServiceConfig2W
CreateServiceW
OpenSCManagerW
OpenServiceW
ChangeServiceConfigW
CloseServiceHandle
StartTraceW
EnableTrace
ControlTraceW
TraceEvent
GetSecurityDescriptorDacl

shell32

SHGetFolderPathW

shlwapi

SHSetValueW
SHDeleteKeyW
wnsprintfW
SHGetValueW

ole32

CoInitialize
CoCreateInstance

oleaut32

SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysAllocStringLen
VariantInit
SysStringLen

crypt32

CertOpenStore
CertFindCertificateInStore
CertVerifySubjectCertificateContext
CryptAcquireCertificatePrivateKey
CertGetCertificateChain
CryptSignMessage
CertFreeCertificateChain
CertFreeCertificateContext
CertCloseStore
CryptVerifyDetachedMessageSignature

sfc

SfcIsFileProtected

Sections

.text
Size: 379KB - Virtual size: 378KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bldvar
Size: 512B - Virtual size: 19B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$1/VS/VSCore/4.6/64/mfehidk.inf
$1/VS/VSCore/4.6/64/mfendisk.inf
$1/VS/VSCore/4.6/64/mfendisk_m.inf
$1/VS/VSCore/4.6/64/mfenlfk.inf
$1/VS/VSCore/4.6/64/mfetdi2k.inf
$1/VS/VSCore/4.6/64/mfewfpk.inf
$1/VS/VSCore/4.6/64/vscore.xml
$1/VS/VSCore/4.6/64/x86/DAInstall.exe
.exe windows:4 windows x86 arch:x86

860d02467a6068edaa9db0fe37c0dbd9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5d:c9:8b:9a:dd:1b:30:09:09:83:cb:e5:3b:9e:64:06
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05/03/2014, 00:00

Not After

04/03/2017, 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ab:56:77:88:88:64:6b:ed:da:6a:d6:d4:2e:04:b1:e0:1a:30:54:5f
Signer

Actual PE Digest

ab:56:77:88:88:64:6b:ed:da:6a:d6:d4:2e:04:b1:e0:1a:30:54:5f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BUILD_440197\BUILD\VSCore\release\DAInstall.pdb

Imports

msvcrt

_onexit
_lock
__dllonexit
_unlock
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
iswdigit
qsort
printf
towlower
?terminate@@YAXXZ
_controlfp
towupper
realloc
memmove
wcschr
_errno
_wfopen
fwprintf
vfwprintf
fclose
vwprintf
time
localtime
_wcsnicmp
swscanf
wprintf
_wcslwr
iswspace
wcsrchr
_snwprintf
_wcsicmp
wcsstr
wcsncpy
memset
malloc
free
memcpy

kernel32

GetLocalTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
OutputDebugStringA
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
DebugBreak
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
TerminateProcess
GetTickCount
GetCurrentThreadId
MoveFileW
CreateDirectoryW
SetErrorMode
CreateFileW
CloseHandle
DeviceIoControl
LocalFree
LocalAlloc
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleHandleW
GetLastError
GetCurrentProcess
GetVersionExW
GetShortPathNameW
GetSystemTimeAsFileTime
MoveFileExW
RemoveDirectoryW
GetModuleFileNameW
LoadLibraryExW
FindClose
FindFirstFileW
WriteFile
SetEndOfFile
SetFilePointer
WideCharToMultiByte
MultiByteToWideChar
ReadFile
GetFileSize
FindNextFileW
lstrlenW
GetSystemDirectoryW
DeleteFileW
GetFileAttributesW
Sleep
CopyFileW
FormatMessageW
InterlockedDecrement
InterlockedCompareExchange
InterlockedIncrement

user32

LoadStringW
wsprintfW

advapi32

OpenProcessToken
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
RegSetValueExW
GetTokenInformation
SetSecurityDescriptorOwner
RegGetKeySecurity
RegOpenKeyExW
RegSetKeySecurity
RegCloseKey
TraceEvent
LookupPrivilegeValueW
AdjustTokenPrivileges
ConvertStringSidToSidW
GetFileSecurityW
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetLengthSid
GetAclInformation
InitializeAcl
AddAce
GetAce
EqualSid
AddAccessAllowedAce
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
SetFileSecurityW
FreeSid
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags

shell32

SHGetFolderPathW

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bldvar
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$1/VS/VSCore/5.6/32/cfwids.inf
$1/VS/VSCore/5.6/32/lam10.xml
$1/VS/VSCore/5.6/32/mfeaack.inf
$1/VS/VSCore/5.6/32/mfeavfk.inf
$1/VS/VSCore/5.6/32/mfedisk.inf
$1/VS/VSCore/5.6/32/mfeelamk.inf
$1/VS/VSCore/5.6/32/mfefirek.inf
$1/VS/VSCore/5.6/32/mfehidin.exe
.exe windows:5 windows x86 arch:x86

fb1b21acb2a6c089014f2a644b8a18c9

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

58:7c:d2:1a:05:d3:4d:3d:df:aa:91:28:52:1c:f4:fc
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

21/07/2016, 00:00

Not After

21/07/2019, 23:59

Subject

CN=McAfee\, Inc.,OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

63:85:a6:08:fb:d8:58:eb:44:71:a0:22:cc:e7:6b:8f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/08/2016, 00:00

Not After

21/07/2019, 23:59

Subject

CN=McAfee\, Inc.,OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d6:cd:2b:d9:af:26:02:43:41:de:bd:22:dd:0a:91:0e:1a:ef:94:d6:02:6b:8d:05:53:0d:41:e2:57:56:07:49
Signer

Actual PE Digest

d6:cd:2b:d9:af:26:02:43:41:de:bd:22:dd:0a:91:0e:1a:ef:94:d6:02:6b:8d:05:53:0d:41:e2:57:56:07:49

Digest Algorithm

sha256

PE Digest Matches

true

24:17:78:88:91:10:08:fb:8d:dd:8e:16:41:5f:e4:96:e1:10:63:28
Signer

Actual PE Digest

24:17:78:88:91:10:08:fb:8d:dd:8e:16:41:5f:e4:96:e1:10:63:28

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BUILD_682131\BUILD\SYSCore\release\mfehidin.pdb

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

crypt32

CertCloseStore
CertFindCertificateInStore
CertOpenStore
CertFreeCertificateContext
CertCompareCertificate
CertEnumCertificatesInStore
CertAddSerializedElementToStore
CertSerializeCertificateStoreElement
CertCreateCertificateContext
CryptVerifyMessageSignature
CryptVerifyDetachedMessageSignature
CertVerifySubjectCertificateContext
CryptAcquireCertificatePrivateKey
CertGetCertificateChain
CryptSignMessage
CertFreeCertificateChain
CertDeleteCertificateFromStore

setupapi

SetupDefaultQueueCallbackW
SetupOpenInfFileW
SetupGetStringFieldW
SetupFindFirstLineW
SetupFindNextLine
SetupCopyOEMInfW
SetupInstallFromInfSectionW
SetupInstallServicesFromInfSectionW
SetupCloseInfFile
SetupInitDefaultQueueCallbackEx

cabinet

ord23
ord20
ord22

kernel32

CreateDirectoryW
SetFilePointer
Module32FirstW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
SetCurrentDirectoryW
GetLocalTime
GetEnvironmentVariableW
MultiByteToWideChar
SetLastError
InterlockedIncrement
InterlockedDecrement
SetErrorMode
GetStdHandle
SetEndOfFile
SetEnvironmentVariableW
MoveFileW
CopyFileExW
SetEvent
GetSystemInfo
GetVersionExA
InterlockedCompareExchange
QueryDosDeviceW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetFileAttributesExW
GetSystemWindowsDirectoryW
GetExitCodeProcess
GetLogicalDriveStringsW
DeleteCriticalSection
GetFileSizeEx
InitializeCriticalSection
VirtualProtect
IsBadReadPtr
TlsAlloc
TlsSetValue
TlsGetValue
DebugBreak
TransactNamedPipe
SetNamedPipeHandleState
WaitNamedPipeW
HeapFree
HeapAlloc
RtlUnwind
RaiseException
DeleteFileA
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapDestroy
CreateMutexW
VirtualFree
VirtualAlloc
GetModuleHandleA
CreateFileA
GetModuleFileNameA
TlsFree
GetCPInfo
GetACP
GetOEMCP
OutputDebugStringA
HeapSize
WideCharToMultiByte
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
LCMapStringA
LCMapStringW
LoadLibraryExA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
VirtualQuery
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
CompareStringA
CompareStringW
SetEnvironmentVariableA
FileTimeToLocalFileTime
GetCurrentThreadId
FindFirstFileW
RemoveDirectoryW
FindClose
DeleteFileW
FindNextFileW
GetCurrentProcess
GetModuleHandleW
CreateFileW
DeviceIoControl
GetSystemDirectoryW
CreateProcessW
WaitForSingleObject
CloseHandle
Sleep
GetSystemTimeAsFileTime
GetShortPathNameW
MoveFileExW
GetFileAttributesW
SetFileAttributesW
LoadLibraryA
GetFullPathNameW
LoadLibraryW
LocalAlloc
LocalFree
GetCurrentDirectoryW
OutputDebugStringW
GetModuleFileNameW
LoadLibraryExW
GetProcAddress
FreeLibrary
GetLastError
GetVersionExW
GetCurrentDirectoryA
GetTempPathA
GetFileAttributesExA
GetTempFileNameA
FileTimeToDosDateTime
GetWindowsDirectoryW
ReadFile
FlushFileBuffers
GetCurrentProcessId
SetConsoleCtrlHandler
GetCommandLineW
FindResourceW
LoadResource
SizeofResource
LockResource
GetTempPathW
WriteFile
ExitProcess
ReleaseMutex
EnterCriticalSection
HeapCreate

user32

wsprintfW

advapi32

EnableTrace
QueryServiceStatusEx
CryptCreateHash
ControlTraceW
EnumerateTraceGuids
GetSecurityDescriptorDacl
GetExplicitEntriesFromAclW
IsValidSid
SetNamedSecurityInfoW
GetNamedSecurityInfoW
EqualSid
BuildTrusteeWithSidW
SetEntriesInAclW
FreeSid
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptAcquireContextW
CryptGetProvParam
AllocateAndInitializeSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
ControlService
RegQueryInfoKeyW
RegEnumKeyExW
ChangeServiceConfig2W
CreateServiceW
ChangeServiceConfigW
RegFlushKey
RegLoadKeyW
RegUnLoadKeyW
RegEnumValueW
RegSetValueExW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegCreateKeyW
RegSetValueW
OpenServiceW
QueryServiceStatus
StartServiceW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenSCManagerW
CloseServiceHandle
RegCreateKeyExW
RegOpenKeyW
RegDeleteValueW
RegDeleteKeyW
TraceEvent
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
StartTraceW
CryptReleaseContext
QueryAllTracesW

shell32

SHGetFolderPathW

shlwapi

SHDeleteKeyW
wnsprintfW
SHSetValueW
SHGetValueW

ole32

StringFromGUID2
CoCreateInstance
CoInitialize

oleaut32

SysAllocString
SysStringLen
VarBstrCat
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
VariantInit
GetErrorInfo
SysFreeString

wintrust

CryptCATClose
WinVerifyTrust

sfc

SfcIsFileProtected

rpcrt4

UuidCreate
UuidFromStringW

Sections

.text
Size: 509KB - Virtual size: 509KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 114KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bldvar
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$1/VS/VSCore/5.6/32/mfehidk.inf
$1/VS/VSCore/5.6/32/mfendisk.inf
$1/VS/VSCore/5.6/32/mfendisk_m.inf
$1/VS/VSCore/5.6/32/mfenlfk.inf
$1/VS/VSCore/5.6/32/mferkdet.inf
$1/VS/VSCore/5.6/32/mfetdi2k.inf
$1/VS/VSCore/5.6/32/mfewfpk.inf
$1/VS/VSCore/5.6/32/vscore.xml
$1/VS/VSCore/5.6/64/cfwids.inf
$1/VS/VSCore/5.6/64/lam10.xml
$1/VS/VSCore/5.6/64/mfeaack.inf
$1/VS/VSCore/5.6/64/mfeavfk.inf
$1/VS/VSCore/5.6/64/mfedisk.inf
$1/VS/VSCore/5.6/64/mfeelamk.inf
$1/VS/VSCore/5.6/64/mfefirek.inf
$1/VS/VSCore/5.6/64/mfehidin.exe
.exe windows:5 windows x64 arch:x64

bf6af4149f148069d7947907354f712a

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

58:7c:d2:1a:05:d3:4d:3d:df:aa:91:28:52:1c:f4:fc
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

21/07/2016, 00:00

Not After

21/07/2019, 23:59

Subject

CN=McAfee\, Inc.,OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

63:85:a6:08:fb:d8:58:eb:44:71:a0:22:cc:e7:6b:8f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/08/2016, 00:00

Not After

21/07/2019, 23:59

Subject

CN=McAfee\, Inc.,OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c6:b0:22:77:29:ff:f2:83:7e:42:0a:e5:cc:2f:30:b6:c4:9b:fb:69:b3:50:72:15:be:83:ba:f7:0c:09:83:e0
Signer

Actual PE Digest

c6:b0:22:77:29:ff:f2:83:7e:42:0a:e5:cc:2f:30:b6:c4:9b:fb:69:b3:50:72:15:be:83:ba:f7:0c:09:83:e0

Digest Algorithm

sha256

PE Digest Matches

true

4f:cf:c9:ac:83:fb:54:8a:88:95:49:77:d1:18:d8:12:fe:75:a9:d4
Signer

Actual PE Digest

4f:cf:c9:ac:83:fb:54:8a:88:95:49:77:d1:18:d8:12:fe:75:a9:d4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\BUILD_682131\BUILD\SYSCore\amd64rel\mfehidin.pdb

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

crypt32

CertCloseStore
CertFindCertificateInStore
CertOpenStore
CertFreeCertificateContext
CertCompareCertificate
CertEnumCertificatesInStore
CertAddSerializedElementToStore
CertSerializeCertificateStoreElement
CertCreateCertificateContext
CryptVerifyMessageSignature
CryptVerifyDetachedMessageSignature
CertVerifySubjectCertificateContext
CryptAcquireCertificatePrivateKey
CertGetCertificateChain
CryptSignMessage
CertFreeCertificateChain
CertDeleteCertificateFromStore

setupapi

SetupInitDefaultQueueCallbackEx
SetupOpenInfFileW
SetupGetStringFieldW
SetupFindFirstLineW
SetupFindNextLine
SetupCopyOEMInfW
SetupInstallFromInfSectionW
SetupInstallServicesFromInfSectionW
SetupCloseInfFile
SetupDefaultQueueCallbackW

cabinet

ord23
ord20
ord22

kernel32

CreateFileA
CreateDirectoryW
SetFilePointer
Module32FirstW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
SetCurrentDirectoryW
GetLocalTime
GetEnvironmentVariableW
MultiByteToWideChar
SetLastError
SetErrorMode
GetStdHandle
SetEndOfFile
SetEnvironmentVariableW
MoveFileW
CopyFileExW
SetEvent
GetSystemInfo
GetVersionExA
QueryDosDeviceW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetFileAttributesExW
GetSystemWindowsDirectoryW
EnterCriticalSection
GetLogicalDriveStringsW
CreateMutexW
DeleteCriticalSection
GetFileSizeEx
InitializeCriticalSection
VirtualProtect
IsBadReadPtr
DebugBreak
TransactNamedPipe
SetNamedPipeHandleState
WaitNamedPipeW
HeapFree
HeapAlloc
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
DeleteFileA
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentThreadId
RtlCaptureContext
HeapSetInformation
HeapCreate
GetCurrentDirectoryA
GetModuleFileNameA
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetCPInfo
GetACP
GetOEMCP
OutputDebugStringA
HeapSize
WideCharToMultiByte
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoW
QueryPerformanceCounter
GetTickCount
LCMapStringW
GetStringTypeW
GetConsoleCP
GetConsoleMode
VirtualAlloc
SetThreadStackGuarantee
VirtualQuery
SetStdHandle
WriteConsoleW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
FindFirstFileW
RemoveDirectoryW
FindClose
DeleteFileW
FindNextFileW
GetCurrentProcess
GetModuleHandleW
CreateFileW
DeviceIoControl
GetSystemWow64DirectoryW
GetSystemDirectoryW
CreateProcessW
WaitForSingleObject
CloseHandle
Sleep
GetSystemTimeAsFileTime
GetShortPathNameW
MoveFileExW
GetFileAttributesW
SetFileAttributesW
LoadLibraryA
GetFullPathNameW
LoadLibraryW
LocalAlloc
LocalFree
GetCurrentDirectoryW
OutputDebugStringW
GetModuleFileNameW
LoadLibraryExW
GetProcAddress
FreeLibrary
GetLastError
GetVersionExW
GetTempPathA
GetTempFileNameA
FileTimeToLocalFileTime
GetFileAttributesExA
FileTimeToDosDateTime
GetWindowsDirectoryW
ReadFile
FlushFileBuffers
GetCurrentProcessId
SetConsoleCtrlHandler
GetCommandLineW
FindResourceW
LoadResource
SizeofResource
LockResource
GetTempPathW
WriteFile
ReleaseMutex
ExitProcess
GetExitCodeProcess
RtlVirtualUnwind

user32

wsprintfW

advapi32

EnableTrace
QueryServiceStatusEx
CryptCreateHash
ControlTraceW
EnumerateTraceGuids
GetSecurityDescriptorDacl
GetExplicitEntriesFromAclW
IsValidSid
SetNamedSecurityInfoW
GetNamedSecurityInfoW
EqualSid
BuildTrusteeWithSidW
SetEntriesInAclW
FreeSid
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptAcquireContextW
AllocateAndInitializeSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
ControlService
RegQueryInfoKeyW
RegEnumKeyExW
ChangeServiceConfig2W
CreateServiceW
ChangeServiceConfigW
RegFlushKey
RegLoadKeyW
RegUnLoadKeyW
RegEnumValueW
RegSetValueExW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegCreateKeyW
RegSetValueW
OpenServiceW
QueryServiceStatus
StartServiceW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenSCManagerW
CloseServiceHandle
RegCreateKeyExW
RegOpenKeyW
RegDeleteValueW
RegDeleteKeyW
TraceEvent
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
StartTraceW
CryptReleaseContext
CryptGetProvParam
QueryAllTracesW

shell32

SHGetFolderPathW

shlwapi

SHDeleteKeyW
wnsprintfW
SHSetValueW
SHGetValueW

ole32

StringFromGUID2
CoInitialize
CoCreateInstance

oleaut32

GetErrorInfo
SysAllocString
SysStringLen
VarBstrCat
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
VariantInit
SysFreeString

wintrust

CryptCATClose
WinVerifyTrust

sfc

SfcIsFileProtected

rpcrt4

UuidFromStringW
UuidCreate

Sections

.text
Size: 600KB - Virtual size: 600KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 210KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 118KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bldvar
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$1/VS/VSCore/5.6/64/mfehidk.inf
$1/VS/VSCore/5.6/64/mfendisk.inf
$1/VS/VSCore/5.6/64/mfendisk_m.inf
$1/VS/VSCore/5.6/64/mfenlfk.inf
$1/VS/VSCore/5.6/64/mferkdet.inf
$1/VS/VSCore/5.6/64/mfetdi2k.inf
$1/VS/VSCore/5.6/64/mfewfpk.inf
$1/VS/VSCore/5.6/64/vscore.xml
$1/VS/VSCore/latest/32/cfwids.inf
$1/VS/VSCore/latest/32/guids.xml
$1/VS/VSCore/latest/32/mfeaack.inf
$1/VS/VSCore/latest/32/mfeaacsk.inf
$1/VS/VSCore/latest/32/mfeavfk.inf
$1/VS/VSCore/latest/32/mfebopk.inf
$1/VS/VSCore/latest/32/mfeclftk.inf
$1/VS/VSCore/latest/32/mfedisk.inf
$1/VS/VSCore/latest/32/mfeelamk.inf
$1/VS/VSCore/latest/32/mfefirek.inf
$1/VS/VSCore/latest/32/mfehck.inf
$1/VS/VSCore/latest/32/mfehidin.exe
.exe windows:5 windows x86 arch:x86

69bcfb17baab5873df0176492121369b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BUILD_956429\BUILD\SYSCore\release\mfehidin.pdb

Imports

setupapi

SetupCloseInfFile
SetupInstallServicesFromInfSectionW
SetupInstallFromInfSectionW
SetupDefaultQueueCallbackW
SetupInitDefaultQueueCallbackEx
SetupOpenInfFileW
SetupGetStringFieldW
SetupFindFirstLineW
SetupFindNextLine
SetupCopyOEMInfW

psapi

GetModuleFileNameExW

kernel32

FileTimeToLocalFileTime
GetFileAttributesExA
GetTempFileNameA
GetTempPathA
GetCurrentDirectoryA
CreateFileA
CreateDirectoryW
SetFilePointer
Module32FirstW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
SetCurrentDirectoryW
GetLocalTime
GetEnvironmentVariableW
InterlockedCompareExchange
CreateThread
InterlockedExchange
LoadLibraryA
RaiseException
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
SetErrorMode
GetStdHandle
SetEndOfFile
SetEnvironmentVariableW
MoveFileW
CopyFileExW
CreateEventW
SetEvent
SetFilePointerEx
GetSystemInfo
QueryDosDeviceW
GetLogicalDriveStringsW
InitializeCriticalSectionAndSpinCount
GetFileAttributesExW
GetSystemWindowsDirectoryW
FileTimeToDosDateTime
VirtualProtect
IsBadReadPtr
TlsAlloc
TlsSetValue
TlsGetValue
DebugBreak
TransactNamedPipe
SetNamedPipeHandleState
RtlUnwind
HeapFree
HeapAlloc
GetFileType
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
DeleteFileA
GetVersionExA
HeapReAlloc
TlsFree
UnhandledExceptionFilter
GetWindowsDirectoryW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetModuleHandleA
ExitProcess
GetModuleFileNameA
OutputDebugStringA
HeapSize
GetCPInfo
GetACP
GetOEMCP
GetProcessHeap
SetStdHandle
SetHandleCount
GetStartupInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
QueryPerformanceCounter
GetTickCount
LCMapStringA
LCMapStringW
LoadLibraryExA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualQuery
CompareStringA
CompareStringW
SetEnvironmentVariableA
ReadFile
FlushFileBuffers
GetCurrentProcessId
SetConsoleCtrlHandler
GetCommandLineW
CreateMutexW
FindResourceW
LoadResource
SizeofResource
LockResource
GetTempPathW
WriteFile
ReleaseMutex
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleExW
GetExitCodeProcess
InitializeCriticalSection
GetCurrentThreadId
FindFirstFileW
RemoveDirectoryW
FindClose
DeleteFileW
FindNextFileW
GetCurrentDirectoryW
OutputDebugStringW
GetModuleFileNameW
LoadLibraryExW
GetCurrentProcess
DeviceIoControl
GetSystemDirectoryW
GetModuleHandleW
CreateFileW
WaitNamedPipeW
OpenProcess
TerminateProcess
CreateProcessW
WaitForSingleObject
CloseHandle
Sleep
GetSystemTimeAsFileTime
GetShortPathNameW
MoveFileExW
GetFileAttributesW
SetFileAttributesW
GetFullPathNameW
GetLastError
LoadLibraryW
GetProcAddress
FreeLibrary
LocalAlloc
LocalFree
SetLastError
SetUnhandledExceptionFilter

user32

wsprintfW

advapi32

GetExplicitEntriesFromAclW
QueryServiceConfig2W
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptAcquireContextW
CryptGetProvParam
CryptReleaseContext
StartTraceW
EnableTrace
QueryAllTracesW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
EqualSid
BuildTrusteeWithSidW
SetEntriesInAclW
FreeSid
AllocateAndInitializeSid
GetSidIdentifierAuthority
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
DeleteService
ChangeServiceConfig2W
CreateServiceW
ChangeServiceConfigW
ControlService
RegQueryInfoKeyW
RegEnumKeyExW
RegFlushKey
RegLoadKeyW
RegUnLoadKeyW
RegEnumValueW
RegSetValueExW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
QueryServiceConfigW
QueryServiceStatus
StartServiceW
RegCreateKeyW
RegSetValueW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyExW
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
CloseServiceHandle
RegOpenKeyW
RegDeleteValueW
RegDeleteKeyW
TraceEvent
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
GetSecurityDescriptorDacl
EnumerateTraceGuids
ControlTraceW
IsValidSid

shell32

SHGetFolderPathW

shlwapi

SHDeleteKeyW
SHSetValueW
wnsprintfW
SHGetValueW

ole32

StringFromGUID2
CoTaskMemFree
CoInitialize
CoCreateInstance
StringFromCLSID
CoCreateGuid

oleaut32

SysStringByteLen
SysAllocStringLen
SysAllocString
SysStringLen
VarBstrCat
VariantInit
GetErrorInfo
VariantClear
SysAllocStringByteLen
SysFreeString

rpcrt4

UuidCreate
UuidFromStringW

Sections

.text
Size: 668KB - Virtual size: 668KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 126KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bldvar
Size: 512B - Virtual size: 78B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 259KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$1/VS/VSCore/latest/32/mfehidk.inf
$1/VS/VSCore/latest/32/mfenlfk.inf
$1/VS/VSCore/latest/32/mfeplk.inf
$1/VS/VSCore/latest/32/mferkdet.inf
$1/VS/VSCore/latest/32/mfetdi2k.inf
$1/VS/VSCore/latest/32/mfewfpk.inf
$1/VS/VSCore/latest/32/wss.xml
$1/VS/VSCore/latest/64/cfwids.inf
$1/VS/VSCore/latest/64/guids.xml
$1/VS/VSCore/latest/64/mfeaack.inf
$1/VS/VSCore/latest/64/mfeaacsk.inf
$1/VS/VSCore/latest/64/mfeavfk.inf
$1/VS/VSCore/latest/64/mfebopk.inf
$1/VS/VSCore/latest/64/mfeclftk.inf
$1/VS/VSCore/latest/64/mfedisk.inf
$1/VS/VSCore/latest/64/mfeelamk.inf
$1/VS/VSCore/latest/64/mfefirek.inf
$1/VS/VSCore/latest/64/mfehck.inf
$1/VS/VSCore/latest/64/mfehidin.exe
.exe windows:5 windows x64 arch:x64

fd1b976ad30b27d287a57d9c833435c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\BUILD_956429\BUILD\SYSCore\amd64rel\mfehidin.pdb

Imports

setupapi

SetupCloseInfFile
SetupInstallServicesFromInfSectionW
SetupInstallFromInfSectionW
SetupDefaultQueueCallbackW
SetupInitDefaultQueueCallbackEx
SetupOpenInfFileW
SetupGetStringFieldW
SetupFindFirstLineW
SetupFindNextLine
SetupCopyOEMInfW

psapi

GetModuleFileNameExW

kernel32

FileTimeToDosDateTime
FileTimeToLocalFileTime
GetFileAttributesExA
GetTempFileNameA
GetTempPathA
GetCurrentDirectoryA
CreateFileA
CreateDirectoryW
SetFilePointer
Module32FirstW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
SetCurrentDirectoryW
GetLocalTime
GetEnvironmentVariableW
CreateThread
LoadLibraryA
RaiseException
MultiByteToWideChar
SetErrorMode
GetStdHandle
SetEndOfFile
SetEnvironmentVariableW
MoveFileW
CopyFileExW
CreateEventW
SetEvent
SetFilePointerEx
GetSystemInfo
QueryDosDeviceW
GetLogicalDriveStringsW
InitializeCriticalSectionAndSpinCount
GetFileAttributesExW
GetSystemWindowsDirectoryW
GetWindowsDirectoryW
IsBadReadPtr
DebugBreak
TransactNamedPipe
SetNamedPipeHandleState
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
HeapAlloc
RtlPcToFileHeader
GetFileType
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
DeleteFileA
GetVersionExW
HeapReAlloc
EncodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
HeapSetInformation
HeapCreate
ExitProcess
GetModuleFileNameA
OutputDebugStringA
HeapSize
GetCPInfo
GetACP
GetOEMCP
GetProcessHeap
SetStdHandle
SetHandleCount
GetStartupInfoW
WriteConsoleW
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
LCMapStringW
GetStringTypeW
VirtualAlloc
SetThreadStackGuarantee
VirtualQuery
CompareStringW
SetEnvironmentVariableA
ReadFile
FlushFileBuffers
GetCurrentProcessId
SetConsoleCtrlHandler
GetCommandLineW
CreateMutexW
FindResourceW
LoadResource
SizeofResource
LockResource
GetTempPathW
WriteFile
ReleaseMutex
DeleteCriticalSection
EnterCriticalSection
GetModuleHandleExW
LeaveCriticalSection
GetExitCodeProcess
InitializeCriticalSection
GetCurrentThreadId
FindFirstFileW
RemoveDirectoryW
FindClose
DeleteFileW
FindNextFileW
GetCurrentDirectoryW
OutputDebugStringW
GetModuleFileNameW
LoadLibraryExW
GetCurrentProcess
DeviceIoControl
GetSystemWow64DirectoryW
GetSystemDirectoryW
GetModuleHandleW
CreateFileW
WaitNamedPipeW
OpenProcess
TerminateProcess
CreateProcessW
WaitForSingleObject
CloseHandle
Sleep
GetSystemTimeAsFileTime
GetShortPathNameW
MoveFileExW
GetFileAttributesW
SetFileAttributesW
GetFullPathNameW
GetLastError
LoadLibraryW
GetProcAddress
FreeLibrary
LocalAlloc
LocalFree
SetLastError
VirtualProtect
DecodePointer

user32

wsprintfW

advapi32

GetExplicitEntriesFromAclW
QueryServiceConfig2W
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptAcquireContextW
CryptGetProvParam
CryptReleaseContext
StartTraceW
EnableTrace
QueryAllTracesW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
EqualSid
BuildTrusteeWithSidW
SetEntriesInAclW
FreeSid
AllocateAndInitializeSid
GetSidIdentifierAuthority
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
DeleteService
ChangeServiceConfig2W
CreateServiceW
ChangeServiceConfigW
ControlService
RegQueryInfoKeyW
RegEnumKeyExW
RegFlushKey
RegLoadKeyW
RegUnLoadKeyW
RegEnumValueW
RegSetValueExW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
QueryServiceConfigW
QueryServiceStatus
StartServiceW
RegCreateKeyW
RegSetValueW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyExW
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
CloseServiceHandle
RegOpenKeyW
RegDeleteValueW
RegDeleteKeyW
TraceEvent
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
GetSecurityDescriptorDacl
EnumerateTraceGuids
ControlTraceW
IsValidSid

shell32

SHGetFolderPathW

shlwapi

SHDeleteKeyW
SHSetValueW
wnsprintfW
SHGetValueW

ole32

CoTaskMemFree
CoInitialize
CoCreateInstance
CoCreateGuid
StringFromCLSID
StringFromGUID2

oleaut32

SysAllocStringByteLen
SysStringByteLen
SysAllocString
SysStringLen
VarBstrCat
SysAllocStringLen
VariantInit
GetErrorInfo
VariantClear
SysFreeString

rpcrt4

UuidFromStringW
UuidCreate

Sections

.text
Size: 807KB - Virtual size: 807KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 323KB - Virtual size: 323KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 133KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bldvar
Size: 512B - Virtual size: 82B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 259KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$1/VS/VSCore/latest/64/mfehidk.inf
$1/VS/VSCore/latest/64/mfenlfk.inf
$1/VS/VSCore/latest/64/mfeplk.inf
$1/VS/VSCore/latest/64/mferkdet.inf
$1/VS/VSCore/latest/64/mfetdi2k.inf
$1/VS/VSCore/latest/64/mfewfpk.inf
$1/VS/VSCore/latest/64/wss.xml
$1/VS/casper.bat
$1/VS/casper64.bat
$1/VS/filelist.txt
$1/VS/flist11.txt
$1/VS/flist12.txt
$1/VS/flist14.txt
$1/VS/flist16.txt
$1/VS/lockdown.reg
$1/VS/master.ini
$1/VS/mcvs.ini
$1/VS/mcvs10.ini
$1/VS/mcvs11.ini
$1/VS/mcvs12.ini
$1/VS/mcvs13.ini
$1/VS/mcvs14.ini
$1/VS/mcvs16.ini
$1/VS/mcvs9.ini
$1/VS/mcvsoins.dll
.dll windows:6 windows x86 arch:x86

5492ab88a0bf60da32b538518009bc92

Code Sign

63:85:a6:08:fb:d8:58:eb:44:71:a0:22:cc:e7:6b:8f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/08/2016, 00:00

Not After

21/07/2019, 23:59

Subject

CN=McAfee\, Inc.,OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

80:da:e2:16:e6:08:94:60:d8:8f:a1:a3:48:61:91:eb:14:5d:d2:b8:b1:9f:dc:71:9a:5b:ca:9a:28:59:02:34
Signer

Actual PE Digest

80:da:e2:16:e6:08:94:60:d8:8f:a1:a3:48:61:91:eb:14:5d:d2:b8:b1:9f:dc:71:9a:5b:ca:9a:28:59:02:34

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\BuildEngineSpace\Temp\e22c8013-6a61-4d99-8e83-e66c2d3030d9\build\Win32\Release\mcvsoins.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

GetTickCount
GetExitCodeProcess
CreateProcessW
GetModuleHandleW
GetProcAddress
LocalAlloc
LocalFree
lstrlenW
VerSetConditionMask
GetCurrentProcess
GetCurrentProcessId
VerifyVersionInfoW
GetSystemDirectoryW
LoadLibraryExW
OpenEventW
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
CloseHandle
VirtualQuery
Sleep
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
GetLastError
RaiseException
DecodePointer
GetProcessHeap
HeapSize
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
HeapReAlloc
HeapAlloc
HeapDestroy
FreeLibrary
WideCharToMultiByte
CreateFileW
FindClose
FindFirstFileW
GetFileAttributesW
SetFilePointer
WriteFile
OutputDebugStringW
ReleaseMutex
CreateMutexW
GetCurrentThreadId
GetLocalTime
FindResourceExW
GetModuleFileNameW
LoadResource
LockResource
SizeofResource
FindResourceW
SetLastError
EncodePointer
SetEndOfFile
MultiByteToWideChar
GetStringTypeW
FormatMessageW
QueryPerformanceCounter
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
InitializeSListHead
RtlUnwind
InterlockedFlushSList
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
GetACP
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
ReadFile
ReadConsoleW
WritePrivateProfileStringW
WritePrivateProfileStructW
GetCurrentDirectoryW
CreateDirectoryW

advapi32

TraceEvent
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegQueryValueExA
RegSetValueExA
RegSetValueExW
RegSetKeySecurity
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegNotifyChangeKeyValue
RegGetKeySecurity
RegFlushKey
RegEnumKeyExW
RegEnumKeyExA
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
FreeSid
RegisterTraceGuidsW

shell32

SHGetFolderPathW
SHGetKnownFolderPath

ole32

CoTaskMemFree
CLSIDFromString
StringFromGUID2

shlwapi

SHDeleteKeyW
PathRemoveFileSpecW
PathAppendW

Exports

Exports

CSISAllocateMemory
CSISAttachSettingHooks
CSISPreInstallHook
CSISStartSoftwareHook
OnFreeLibrary
PreInstall
StartApplication
_CSISAllocateMemory@8
_CSISAttachSettingHooks@36
_CSISPreInstallHook@4
_CSISStartSoftwareHook@4

Sections

.text
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$1/VS/project.info
$1/VS/reglist.txt
$1/VS/rlist11.txt
$1/VS/rlist12.txt
$1/VS/rlist12_64.txt
$1/VS/rlist13.txt
$1/VS/rlist14.txt
$1/VS/rlist16.txt
$1/VS/vscore.bat
$1/VS/vscore64.bat
$1/VS/vscore64wss.bat
$1/VS/vscorewss.bat
$1/VUL/RegKeyList1.txt
$1/VUL/vul.ini
$1/VUL/vul1.ini
$1/VsCleanUP.wse
$1/WPS/RegKeyList.txt
$1/WPS/drivers/22.6/x64/mc-sec-installer.exe
.exe windows:6 windows x64 arch:x64

9f9a361806f030c8f794019ee6d4bfe1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Jenkins\workspace\finch_SDK_Goldfinch_Build_master\_sdk\x64Release\mc-sec-installer.pdb

Imports

kernel32

IsDebuggerPresent
GetCurrentProcess
CreateFileW
GetCurrentThread
GetDriveTypeW
InstallELAMCertificateInfo
CopyFileW
SetDefaultDllDirectories
MultiByteToWideChar
LoadLibraryExA
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
CreateMutexExW
GetProcAddress
HeapAlloc
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
GetLastError
FormatMessageW
GetVolumeNameForVolumeMountPointW
ReleaseMutex
GetCurrentThreadId
GetFileAttributesW
WaitForSingleObject
FindClose
GetModuleHandleExW
ReleaseSemaphore
FindNextFileW
SetLastError
HeapFree
CreateSemaphoreExW
FindFirstFileW
GetLogicalDrives
GetVolumeInformationW
DeleteFileW
GetModuleFileNameA
VirtualQuery
VirtualProtect
GetSystemInfo
WriteConsoleW
FindFirstFileExW
GetFileAttributesExW
GetFinalPathNameByHandleW
SetEndOfFile
SetFileInformationByHandle
SetFilePointerEx
AreFileApisANSI
GetFileInformationByHandleEx
WideCharToMultiByte
LocalFree
FormatMessageA
LCMapStringEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
CompareStringEx
GetCPInfo
GetStringTypeW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleFileNameW
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
HeapReAlloc
GetFileSizeEx
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
ReadConsoleW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
HeapSize
RtlUnwind

advapi32

OpenSCManagerW
OpenThreadToken
OpenServiceW
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
LookupPrivilegeValueW
AdjustTokenPrivileges
CreateServiceW
RegCloseKey
CloseServiceHandle
TraceMessage
ChangeServiceConfig2W
RegCreateKeyExW
DeleteService
ControlService
RegSetValueExW
OpenProcessToken
StartServiceW
RegOpenKeyExW
RegGetValueW
RegCreateKeyW

fltlib

FilterConnectCommunicationPort
FilterUnload
FilterSendMessage

setupapi

SetupGetLineTextW
SetupOpenInfFileW
SetupGetTargetPathW

Sections

.text
Size: 501KB - Virtual size: 500KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$1/WPS/drivers/22.6/x64/mc-sec-kernel.dll
.dll windows:6 windows x64 arch:x64

d907c1a13487205564ddfdc0705664c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Jenkins\workspace\finch_SDK_Goldfinch_Build_master\_sdk\x64Release\mc-sec-kernel.pdb

Imports

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
NtOpenFile
NtQueryInformationProcess
NtQuerySystemInformation

kernel32

GetLastError
LocalAlloc
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
FormatMessageW
LocalFree
GetCurrentProcess
GetVolumeNameForVolumeMountPointW
WaitForSingleObject
GetVolumePathNameW
GetModuleHandleExW
ReleaseSemaphore
SetLastError
LoadLibraryW
FreeLibrary
HeapFree
CreateSemaphoreExW
GetFinalPathNameByHandleW
ReleaseMutex
CreateFileW
GetModuleFileNameA
WriteConsoleW
GetConsoleMode
SleepEx
CancelIo
GetFileInformationByHandleEx
GetModuleFileNameW
WaitForMultipleObjectsEx
OpenProcess
CreateEventW
SetEvent
ResetEvent
OpenThread
UnmapViewOfFile
MapViewOfFile
GetConsoleOutputCP
K32GetModuleFileNameExW
K32GetProcessImageFileNameW
GetFileInformationByHandle
QueryFullProcessImageNameW
K32GetMappedFileNameW
GetVolumeInformationByHandleW
WriteFile
GetCurrentThreadId
FlushFileBuffers
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
FormatMessageA
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
InitializeSRWLock
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetACP
SetFilePointerEx
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
QueryPerformanceFrequency
GetExitCodeThread
GetNativeSystemInfo
LCMapStringEx
EncodePointer
DecodePointer
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
CompareStringEx
GetCPInfo
GetStringTypeW
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
InterlockedFlushSList
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
ExitProcess
HeapReAlloc
GetStdHandle
GetFileType
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapSize
IsValidCodePage

fltlib

FilterSendMessage
FilterConnectCommunicationPort
FilterGetMessage

advapi32

RegisterTraceGuidsW
CloseServiceHandle
OpenSCManagerW
ControlService
StartServiceW
OpenServiceW
QueryServiceStatusEx
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
UnregisterTraceGuids
TraceMessage

rpcrt4

UuidFromStringW

dbghelp

ImageNtHeader

Exports

Exports

mfesec_get_cache_api
mfesec_get_control_api
mfesec_get_scanner_api
mfesec_get_secured_api
mfesec_get_stealth_io_api
mfesec_initialize
mfesec_release_cache_api
mfesec_release_control_api
mfesec_release_scanner_api
mfesec_release_secured_api
mfesec_release_stealth_io_api

Sections

.text
Size: 340KB - Virtual size: 339KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$1/WPS/drivers/22.6/x64/mc-sec-unprotector.exe
.exe windows:6 windows x64 arch:x64

46e02cb2ae8c872cb31a5f468f92796f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\B\T\cf3a508b-ac92-488b-86c3-1b2e101b9c5a\UBF_1\build\x64\Release\mc-sec-unprotector.pdb

Imports

kernel32

FreeLibrary
SetEndOfFile
GetCurrentProcessId
GetProcAddress
InstallELAMCertificateInfo
CloseHandle
LoadLibraryA
SetEvent
CreateFileA
GetLastError
GetCurrentThreadId
WaitForSingleObject
CreateEventA
OpenEventA
RtlPcToFileHeader
RaiseException
IsProcessorFeaturePresent
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
QueryPerformanceCounter
QueryPerformanceFrequency
InitOnceComplete
InitOnceBeginInitialize
WideCharToMultiByte
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
WaitForSingleObjectEx
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
ResetEvent
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwindEx
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleFileNameW
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetFileSizeEx
SetFilePointerEx
GetFileType
HeapAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
HeapFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadFile
ReadConsoleW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
CreateFileW
HeapSize
WriteConsoleW
RtlUnwind

advapi32

CreateServiceA
StartServiceCtrlDispatcherA
CloseServiceHandle
SetServiceStatus
RegisterServiceCtrlHandlerA
OpenSCManagerA
DeleteService
ControlService
StartServiceA
ChangeServiceConfig2A
OpenServiceA

Sections

.text
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$1/WPS/drivers/22.6/x64/mfeelam.cat
$1/WPS/drivers/22.6/x64/mfeelam.inf
$1/WPS/drivers/22.6/x64/mfeelam.sys
.sys windows:10 windows x64 arch:x64

2b0f9e7fc89b2ec3f03107852730df4c

Code Sign

33:00:00:04:45:1c:57:99:61:a7:a9:78:10:00:00:00:00:04:45
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:26

Not After

01/09/2022, 18:26

Subject

CN=Microsoft Windows Early Launch Anti-malware Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:00:1e:d1:ce:67:2c:54:02:3c:b9:54:21:04:14:57:30:91:58:de:dd:ad:ba:da:33:23:82:e8:24:54:f7:df
Signer

Actual PE Digest

65:00:1e:d1:ce:67:2c:54:02:3c:b9:54:21:04:14:57:30:91:58:de:dd:ad:ba:da:33:23:82:e8:24:54:f7:df

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\jenkins\workspace\finch_SDK_Goldfinch_Build_master\_sdk\x64Release\mfeelam.pdb

Imports

ntoskrnl.exe

InitSafeBootMode
IoUnregisterBootDriverCallback
RtlCopyUnicodeString
DbgPrintEx
IoRegisterBootDriverCallback

wdfldr.sys

WdfVersionUnbind
WdfVersionBind
WdfVersionUnbindClass
WdfVersionBindClass

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 562B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$1/WPS/drivers/22.6/x64/mfesec.cat
$1/WPS/drivers/22.6/x64/mfesec.inf
$1/WPS/drivers/22.6/x64/mfesec.sys
.sys windows:10 windows x64 arch:x64

6834ae0b62218f7e729bbdada1e846d4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\jenkins\workspace\finch_SDK_Goldfinch_Build_master\_sdk\x64Release\mfesec.pdb

Imports

fltmgr.sys

FltCreateCommunicationPort
FltCloseCommunicationPort
FltCloseClientPort
FltSendMessage
FltBuildDefaultSecurityDescriptor
FltFreeSecurityDescriptor
FltCancellableWaitForSingleObject
FltCreateSectionForDataScan
FltCloseSectionForDataScan
FltAllocateContext
FltSetInstanceContext
FltSetStreamContext
FltSetStreamHandleContext
FltDeleteInstanceContext
FltDeleteStreamHandleContext
FltGetInstanceContext
FltGetStreamContext
FltGetStreamHandleContext
FltGetSectionContext
FltReleaseContext
FltObjectReference
FltObjectDereference
FltRegisterFilter
FltUnregisterFilter
FltStartFiltering
FltGetFileNameInformation
FltReleaseFileNameInformation
FltParseFileNameInformation
FltAllocateCallbackData
FltFreeCallbackData
FltFindExtraCreateParameter
FltGetEcpListFromCallbackData
FltIsEcpFromUserMode
FltCreateFileEx2
FltQueryInformationFile
FltSetInformationFile
FltClose
FltGetVolumeFromName
FltGetVolumeInstanceFromName
FltGetVolumeFromFileObject
FltGetVolumeGuidName
FltRegisterForDataScan
FltIsDirectory
FltCancelFileOpen

ntoskrnl.exe

MmGetSystemRoutineAddress
ExAllocatePoolWithTag
RtlCompareMemory
KeAcquireGuardedMutex
KeReleaseGuardedMutex
ExFreePoolWithTag
FsRtlQueryKernelEaFile
FsRtlSetKernelEaFile
__C_specific_handler
KeInitializeGuardedMutex
IoGetCurrentProcess
ObfReferenceObject
KeQueryUnbiasedInterruptTime
ObfDereferenceObject
PsGetCurrentProcessId
KeInitializeEvent
PsGetProcessCreateTimeQuadPart
PsGetThreadId
PsGetThreadProcessId
KeStackAttachProcess
KeUnstackDetachProcess
IoThreadToProcess
ObOpenObjectByPointer
MmSectionObjectType
RtlInitUnicodeString
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
CmUnRegisterCallback
CmRegisterCallbackEx
IoWMIRegistrationControl
PsSetCreateProcessNotifyRoutineEx
IoQueryFullDriverPath
IoGetStackLimits
KeSetEvent
RtlInitializeGenericTable
RtlInsertElementGenericTable
RtlDeleteElementGenericTable
RtlLookupElementGenericTable
RtlEnumerateGenericTable
RtlGetElementGenericTable
RtlIsGenericTableEmpty
PsLookupProcessByProcessId
PsProcessType
RtlCompareUnicodeString
KeEnterCriticalRegion
KeLeaveCriticalRegion
ExInitializeResourceLite
ExAcquireResourceSharedLite
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
ExDeleteResourceLite
RtlEnumerateGenericTableWithoutSplaying
RtlPrefixUnicodeString
ObQueryNameString
ZwClose
KeWaitForSingleObject
ObReferenceObjectByHandle
ZwOpenFile
IoFileObjectType

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$1/WPS/master.ini
$1/WPS/wps.ini
$1/WPS/wps100.ini
$1/ja_EULA.txt
$1/master.ini
$1/mccertupd.exe
.exe windows:6 windows x86 arch:x86

f37bddbbf5627237eb89a35d82621e0c

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/03/2016, 00:00

Not After

16/03/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

30:aa:59:dd:71:8c:fb:de:16:3a:b8:21
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Not Before

26/02/2019, 19:41

Not After

26/02/2022, 19:10

Subject

CN=McAfee\, LLC,O=McAfee\, LLC,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:a3:c3:d3:ab:0c:3e:95:36:c5:06:ae
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

26/02/2019, 19:10

Not After

26/02/2022, 19:10

Subject

CN=McAfee\, LLC,O=McAfee\, LLC,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:90:20:77:61:c4:26:dd:94:50:03:0d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2018, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 003-01,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:50:45:dd:95:bb:32:cd:8d:eb:25:48:05:f3:da:54:5b:88:9c:38:d7:21:34:d5:7e:77:fe:75:9b:cb:8b:7e
Signer

Actual PE Digest

74:50:45:dd:95:bb:32:cd:8d:eb:25:48:05:f3:da:54:5b:88:9c:38:d7:21:34:d5:7e:77:fe:75:9b:cb:8b:7e

Digest Algorithm

sha256

PE Digest Matches

true

fa:59:e4:34:b3:e6:31:5c:ed:27:45:66:e5:04:8c:99:f9:e0:35:bf
Signer

Actual PE Digest

fa:59:e4:34:b3:e6:31:5c:ed:27:45:66:e5:04:8c:99:f9:e0:35:bf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\B\T\a0de46fc-e5d5-41c1-8b01-72792ad5c9dd\UBF_1\build\Win32\Release\McCertUpd.pdb

Imports

wintrust

WinVerifyTrust

kernel32

TlsAlloc
GetCurrentDirectoryW
OutputDebugStringW
GetLastError
FreeLibrary
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
LoadLibraryExW
LocalAlloc
FormatMessageA
LocalFree
DecodePointer
RaiseException
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
GetModuleHandleW
SetLastError
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
VirtualQuery
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
WideCharToMultiByte
GetCurrentThreadId
GetCurrentProcessId
CloseHandle
FindClose
FindFirstFileW
RemoveDirectoryW
WaitForSingleObject
ReleaseMutex
WriteFile
CreateFileW
SetFilePointer
GetFileAttributesW
CreateMutexW
GetLocalTime
GetModuleHandleExW
GetSystemInfo
VirtualProtect
LoadLibraryExA
IsDebuggerPresent
EncodePointer
FormatMessageW
CreateEventW
Sleep
SetEndOfFile
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
MultiByteToWideChar
GetStringTypeW
LCMapStringW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
RtlUnwind
ExitProcess
GetStdHandle
GetACP
GetFileType
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
ReadFile
ReadConsoleW
CreateDirectoryW
WritePrivateProfileStructW
WritePrivateProfileStringW
lstrlenW
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc

Sections

.text
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$1/mccleanup.exe
.exe windows:6 windows x86 arch:x86

c0c8d102ee9d77fc47d7102011433374

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\B\T\cf3a508b-ac92-488b-86c3-1b2e101b9c5a\build\Win32\Release\mccleanup.pdb

Imports

wintrust

WinVerifyTrust

crypt32

CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertGetSubjectCertificateFromStore
CryptMsgUpdate
CryptMsgOpenToDecode
CertFreeCertificateContext
CertGetCertificateContextProperty
CertGetNameStringW
CryptQueryObject
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CryptDecodeObject

advapi32

EventWriteTransfer
EventRegister
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
TraceEvent
EventUnregister
RegCloseKey
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegEnumKeyExA
RegSetValueExA
ChangeServiceConfig2A
CloseServiceHandle
CreateServiceA
OpenSCManagerA
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegDeleteValueA
RegDeleteValueW
RegQueryInfoKeyA
ControlService
DeleteService
OpenServiceA
QueryServiceConfigA
QueryServiceStatusEx
AddAccessAllowedAce
GetLengthSid
GetTokenInformation
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
RegDeleteKeyA
RegGetKeySecurity
RegSetKeySecurity
QueryServiceStatus
StartServiceA
CreateProcessAsUserA
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegGetValueA
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegFlushKey
RegNotifyChangeKeyValue
RegSetValueExW

kernel32

InitializeCriticalSectionEx
DeleteCriticalSection
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
VerSetConditionMask
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GetDriveTypeA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
GetLogicalDriveStringsA
VerifyVersionInfoA
GetOEMCP
GetACP
IsValidCodePage
FlushFileBuffers
GetPrivateProfileSectionA
GetFileSizeEx
GetCurrentProcess
GetModuleHandleA
SetStdHandle
CreateFileA
SetFilePointer
WriteFile
CloseHandle
GetCurrentProcessId
GetCurrentThreadId
EnumSystemLocalesW
GetUserDefaultLCID
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
WaitForSingleObject
CreateEventA
OpenEventA
Sleep
ProcessIdToSessionId
OpenProcess
GetVersionExA
InstallELAMCertificateInfo
IsWow64Process
GetModuleFileNameA
LocalAlloc
LocalFree
IsValidLocale
MultiByteToWideChar
FreeConsole
GetProcessHeap
LCMapStringW
CreateToolhelp32Snapshot
Process32First
Process32Next
K32GetModuleFileNameExW
SetCurrentDirectoryA
GetCurrentDirectoryA
GetCurrentDirectoryW
OutputDebugStringW
GetModuleFileNameW
LoadLibraryExW
CreateDirectoryW
DeleteFileA
DeleteFileW
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetShortPathNameW
GetTempFileNameW
ReadFile
RemoveDirectoryA
RemoveDirectoryW
SetFileAttributesA
SetFileAttributesW
GetExitCodeProcess
HeapSize
GetTickCount
GetVersionExW
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
CopyFileW
MoveFileA
MoveFileExA
MoveFileExW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
GetCommandLineW
GetCommandLineA
GetStdHandle
ExitProcess
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetFileType
SetNamedPipeHandleState
WritePrivateProfileStructW
VirtualAlloc
TlsFree
SetLastError
TlsSetValue
GetModuleHandleW
lstrlenW
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
VerifyVersionInfoW
RtlUnwind
InitializeSListHead
GetModuleHandleExW
HeapFree
LoadLibraryW
CreateFileW
DeviceIoControl
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
GetStartupInfoW
IsDebuggerPresent
QueryFullProcessImageNameW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
CreateThread
GetWindowsDirectoryW
GlobalFindAtomW
SystemTimeToFileTime
SetEnvironmentVariableW
WriteConsoleW
ResetEvent
GetCPInfo
Process32FirstW
Process32NextW
GetFullPathNameW
FormatMessageA
LockFileEx
UnlockFileEx
GlobalAddAtomW
MoveFileW
ReplaceFileW
LCMapStringEx
GetTempFileNameA
EncodePointer
WaitForSingleObjectEx
ReleaseMutex
CreateMutexW
GetLocalTime
FormatMessageW
CreateProcessA
WritePrivateProfileStringW
GetLocaleInfoW
WaitNamedPipeA
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
QueryPerformanceCounter
QueryPerformanceFrequency
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceComplete
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
IsProcessorFeaturePresent
FindFirstFileExW
GetFileAttributesExW
SetEndOfFile
SetFileInformationByHandle
SetFilePointerEx
AreFileApisANSI
GetFileInformationByHandleEx
GetStringTypeW
GetSystemTimeAsFileTime

user32

wsprintfW
WaitForInputIdle
MessageBoxA
CharNextA

shlwapi

SHDeleteKeyA
SHDeleteKeyW
PathCombineA
SHSetValueA
SHGetValueA
PathRemoveExtensionA
PathAddExtensionA
PathFileExistsA
PathRemoveFileSpecW
PathRemoveFileSpecA
PathAppendA
PathAddBackslashA
wnsprintfW
PathFileExistsW
PathFindFileNameA
PathAppendW
PathFindExtensionW
PathStripToRootW
PathRemoveBackslashA
PathStripToRootA
StrTrimA

ole32

CoSetProxyBlanket
CoCreateInstance
CoTaskMemFree
CoInitialize
CoInitializeSecurity
StringFromGUID2
CoInitializeEx
CLSIDFromString
CoUninitialize

shell32

SHCreateDirectoryExW
SHGetFolderPathW
SHGetSpecialFolderPathA
ShellExecuteExA
SHGetKnownFolderPath

oleaut32

SysFreeString
SysStringLen
VariantClear
VariantTimeToSystemTime
VariantInit
SysAllocString
SystemTimeToVariantTime
VariantChangeType
VarUdateFromDate

rpcrt4

UuidCreate

Sections

.text
Size: 495KB - Virtual size: 495KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/McSplash.bmp
$PLUGINSDIR/McSplash.dll
.dll windows:4 windows x86 arch:x86

53fa9f98975931096a1fdca782458483

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

72:f0:ed:bf:f2:0c:b8:9b:db:3d:db:f1:9d:74:d2:1a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

07/09/2006, 00:00

Not After

09/10/2007, 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IIS,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\temp\McSplash\Release\McSplash.pdb

Imports

kernel32

CreateEventA
LCMapStringW
LCMapStringA
GetStringTypeW
CreateThread
GetStringTypeA
GetLocaleInfoA
InitializeCriticalSection
LoadLibraryA
GetCurrentThreadId
GetModuleFileNameW
WaitForSingleObject
CloseHandle
MultiByteToWideChar
SetEvent
RtlUnwind
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
HeapSize
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
WriteFile

user32

MsgWaitForMultipleObjects
PeekMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
CreateDialogParamA
UpdateWindow
ShowWindow
GetUpdateRect
BeginPaint
EndPaint
GetDesktopWindow
GetWindowRect
SetWindowPos
DestroyWindow
PostThreadMessageA
LoadImageW

gdi32

SelectObject
BitBlt
DeleteObject
GetObjectA
CreateCompatibleDC

Exports

Exports

hide
show

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tools/Microsoft_Security_Essentials/MicrosoftFixit50692.msi
.msi .vbs polyglot
Tools/Norton/NRnR.exe
.exe windows:5 windows x86 arch:x86

f6e67c2c281ab3ac4a7e5002404317d7

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:be:91:35:61:37:61:3e:57:68:3e:60:3e:c5:38:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

17/05/2021, 00:00

Not After

21/05/2024, 23:59

Subject

CN=NortonLifeLock Inc.,OU=Norton Product Engineering - CM,O=NortonLifeLock Inc.,L=Tempe,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f9:1b:d2:28:83:e1:52:8c:1f:c3:84:ed:b6:b9:53:8c:34:ee:38:58:3e:67:4f:a4:cf:fc:8d:26:6e:27:5e:be
Signer

Actual PE Digest

f9:1b:d2:28:83:e1:52:8c:1f:c3:84:ed:b6:b9:53:8c:34:ee:38:58:3e:67:4f:a4:cf:fc:8d:26:6e:27:5e:be

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\bld_area\Norton_RnR_r4.5\bin\bin.iru\SuperMUI\NRnR4.5.pdb

Imports

wintrust

CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseCatalogContext
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext
CryptCATAdminReleaseContext
WinVerifyTrust
WintrustGetRegPolicyFlags

winhttp

WinHttpQueryDataAvailable
WinHttpWriteData
WinHttpSetOption
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpSetCredentials
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpCrackUrl
WinHttpSetStatusCallback
WinHttpQueryOption

kernel32

GetFileAttributesW
RemoveDirectoryW
DeviceIoControl
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
OpenProcess
FreeLibrary
LoadLibraryExW
CopyFileW
MoveFileExW
MultiByteToWideChar
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GlobalFree
GetPrivateProfileIntW
GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
ExpandEnvironmentStringsW
ProcessIdToSessionId
FormatMessageW
WTSGetActiveConsoleSessionId
CreateFileW
GetProcAddress
SetEvent
CreateEventW
GetModuleHandleW
LoadLibraryW
MulDiv
GetCurrentProcessId
GetCurrentThreadId
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
GetEnvironmentVariableW
SetCurrentDirectoryW
CompareFileTime
CreateDirectoryW
GetTempFileNameW
ResetEvent
WaitForMultipleObjects
GetCurrentThread
OpenThread
GetModuleFileNameW
GetUserDefaultLangID
GetLocalTime
lstrcmpiW
SetDllDirectoryW
GetTempPathW
GetSystemDirectoryW
GetSystemDefaultLangID
GetCommandLineW
GetDiskFreeSpaceExW
LocalFileTimeToFileTime
QueryDosDeviceW
GlobalMemoryStatusEx
GetSystemTimeAsFileTime
FileTimeToSystemTime
SystemTimeToFileTime
CompareStringW
GetLocaleInfoW
GetLocaleInfoA
GetUserDefaultLCID
VerSetConditionMask
VerifyVersionInfoW
GetSystemTime
FormatMessageA
GetFileSize
ReadFile
SetFilePointer
ReadProcessMemory
VirtualQuery
GetLongPathNameW
lstrlenW
lstrcmpA
lstrcmpW
CreateEventA
WaitForSingleObjectEx
InterlockedIncrement
InterlockedDecrement
CreateWaitableTimerW
SetWaitableTimer
FindNextFileW
CreateMutexW
ReleaseMutex
SetFilePointerEx
GetFileSizeEx
SetEndOfFile
WriteFile
FlushFileBuffers
GetFileInformationByHandle
LoadResource
CreateSemaphoreW
ReleaseSemaphore
GetTimeFormatW
GetDateFormatW
GetSystemInfo
GetFileAttributesExW
GetCurrentDirectoryW
GetFileType
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
ChangeTimerQueueTimer
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
AreFileApisANSI
CreateWaitableTimerA
GetLogicalProcessorInformation
OpenEventA
FindResourceExW
DeleteCriticalSection
SetErrorMode
FlushInstructionCache
FindFirstFileW
WritePrivateProfileStringW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
GetVersionExA
CreateFileA
ExitProcess
FlushViewOfFile
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetThreadLocale
GetTimeZoneInformation
FileTimeToLocalFileTime
CompareStringA
GetModuleHandleExW
GetModuleFileNameA
DeleteTimerQueueTimer
CreateTimerQueueTimer
AllocConsole
GetComputerNameW
GetCurrencyFormatW
GetNumberFormatW
GetVolumeInformationW
OutputDebugStringA
GetTempFileNameA
FindClose
DeleteFileW
GetTickCount
Sleep
GetCurrentProcess
SetLastError
CloseHandle
LocalFree
GetTempPathA
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
LocalAlloc
FindResourceW
SizeofResource
CancelWaitableTimer
LockResource
GetProcessHeap
HeapSize
UnhandledExceptionFilter
GetLogicalDriveStringsW
GetModuleHandleA
GetVersionExW
SetFileTime
GetThreadContext
SetUnhandledExceptionFilter
TerminateProcess
GlobalAlloc
GlobalUnlock
GlobalSize
GlobalLock
lstrlenA
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetFileAttributesW
WaitForMultipleObjectsEx
ExitThread
GetConsoleMode
ReadConsoleW
GetConsoleCP
SetEnvironmentVariableA
SetEnvironmentVariableW
GetStdHandle
GetACP
GetPrivateProfileSectionW
IsValidLocale
EnumSystemLocalesW
SetStdHandle
WriteConsoleW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetThreadPriority
SetThreadPriority
TerminateThread
ResumeThread
CreateThread
GetProcessTimes
OpenEventW
GetWindowsDirectoryW
GetShortPathNameW
lstrcpyW
VirtualFree
VirtualAlloc
OutputDebugStringW
IsDebuggerPresent
QueryPerformanceFrequency
QueryPerformanceCounter
GetCPInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
DuplicateHandle
TryEnterCriticalSection
EncodePointer
GetStringTypeW
LoadLibraryExA
VirtualProtect

user32

GetWindowTextW
OffsetRect
EqualRect
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
GetLayeredWindowAttributes
GetFocus
IsWindowVisible
GetAncestor
CreateWindowExW
GetScrollInfo
DeferWindowPos
SetScrollInfo
GetSysColor
CreateIconIndirect
GetIconInfo
DrawIconEx
LoadImageW
MessageBeep
AllowSetForegroundWindow
SetParent
EndPaint
BeginPaint
RegisterClassW
RedrawWindow
SetActiveWindow
LoadStringW
GetKeyState
GetKeyboardLayout
CreateCaret
SetCaretPos
UpdateLayeredWindow
RegisterClipboardFormatW
CountClipboardFormats
EnumClipboardFormats
IsClipboardFormatAvailable
GetClipboardData
GetClipboardSequenceNumber
DestroyWindow
FlashWindowEx
IsZoomed
IsIconic
KillTimer
GetMenuState
GetMenuItemID
GetMenuItemCount
TrackPopupMenuEx
UpdateWindow
EnableWindow
AnimateWindow
FlashWindow
SetWindowTextW
SetTimer
NotifyWinEvent
GetMonitorInfoW
GetWindowRect
GetParent
GetClientRect
MapWindowPoints
AdjustWindowRectEx
WaitMessage
DeleteMenu
MonitorFromPoint
GetActiveWindow
GetWindowDC
EnumDisplayDevicesW
GetWindowPlacement
PostThreadMessageW
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
EnumDisplayMonitors
GetDCEx
InvalidateRect
ReleaseCapture
GetClassLongW
EnumThreadWindows
WindowFromPoint
EndDeferWindowPos
SetCapture
IsRectEmpty
GetMessageTime
MoveWindow
GetDoubleClickTime
ValidateRect
IsChild
GetCapture
GetAsyncKeyState
BeginDeferWindowPos
DestroyCaret
SystemParametersInfoW
CharPrevW
wsprintfW
EnableMenuItem
GetSystemMenu
CharNextW
FindWindowW
ExitWindowsEx
LoadStringA
UnregisterClassW
GetWindowThreadProcessId
GetForegroundWindow
SetFocus
AttachThreadInput
MonitorFromWindow
DestroyIcon
LoadIconW
GetDesktopWindow
ReleaseDC
GetDC
SetForegroundWindow
GetSystemMetrics
SetWindowPos
ShowWindow
IsWindow
PostMessageW
SendMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
PostQuitMessage
RegisterClassExW
GetClassInfoExW
GetWindow
LoadCursorFromFileA
DestroyCursor
SendMessageTimeoutW
CopyRect
SetCursor
SetClassLongW
LoadCursorW
ClientToScreen
PtInRect
ScreenToClient
GetCursorPos
RegisterWindowMessageW
CallWindowProcW
SetWindowLongW
GetWindowLongW
DefWindowProcW
CharUpperW
DispatchMessageA
GetMessageW
GetMessageA
IsWindowUnicode
MsgWaitForMultipleObjectsEx
IsMenu

gdi32

GetStockObject
SetLayout
GetObjectA
CreateFontW
EnumFontFamiliesExW
GetFontUnicodeRanges
StartDocW
CreateBitmap
StartPage
EndPage
EndDoc
GetClipBox
SaveDC
SetViewportOrgEx
RestoreDC
GetGlyphIndicesW
AddFontMemResourceEx
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteDC
GetLayout
DeleteObject
GetDIBits
SetMapMode
CreateDCW
GetDeviceCaps
GetObjectW

ole32

DoDragDrop
ReleaseStgMedium
OleInitialize
RevokeDragDrop
StringFromGUID2
CoCreateGuid
RegisterDragDrop
OleUninitialize
PropVariantClear
CoInitializeEx
CoUninitialize
CLSIDFromString
StringFromIID
IIDFromString
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoInitialize

oleaut32

VariantCopy
SysFreeString
VarUI4FromStr
SysAllocString
SysAllocStringLen
SysStringLen
VariantInit
SafeArrayDestroy
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreateVector
SysStringByteLen
VariantCopyInd
VarBstrCat
VariantClear
SafeArrayLock
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayUnlock
SafeArrayCreate
SysAllocStringByteLen

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSQueryUserToken

imagehlp

MapFileAndCheckSumW

psapi

GetModuleFileNameExW

oleacc

LresultFromObject
AccessibleObjectFromWindow

imm32

ImmReleaseContext
ImmNotifyIME
ImmAssociateContextEx
ImmSetCandidateWindow
ImmGetContext
ImmIsIME
ImmGetCompositionStringW

winmm

PlaySoundW

urlmon

FindMimeFromData

iphlpapi

IpReleaseAddress
IpRenewAddress
GetInterfaceInfo
GetAdaptersInfo
FlushIpNetTable

dnsapi

DnsQuery_W

uxtheme

GetThemePartSize
DrawThemeBackground
CloseThemeData
OpenThemeData
SetWindowTheme
IsThemeBackgroundPartiallyTransparent

usp10

ScriptPlace
ScriptShape
ScriptBreak
ScriptItemize
ScriptApplyDigitSubstitution
ScriptFreeCache

gdiplus

GdipSetPenDashArray
GdipSetPenDashStyle
GdipSetPenMiterLimit
GdipSetPenLineJoin
GdipSetPenStartCap
GdipSetPenEndCap
GdipCreatePen2
GdipGetFontStyle
GdipAddPathString
GdipDrawString
GdipGetCellDescent
GdipMeasureString
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCreateFromHDC
GdipCreateFromHWND
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipSetCompositingQuality
GdipSetPageUnit
GdipAddPathBezier
ord1
GdipSetPathFillMode
GdipClosePathFigure
GdipAddPathLine
GdipStartPathFigure
GdipIsVisiblePathPoint
GdipResetPath
GdipDrawRectangle
GdipFillRectangle
GdipDrawPie
GdipFillPie
GdipDrawEllipse
GdipFillEllipse
GdipCreateTexture
GdipShearMatrix
GdipScaleMatrix
GdipRotateMatrix
GdipTranslateMatrix
GdipDeleteMatrix
GdipCreateMatrix
GdipMultiplyWorldTransform
GdipTransformPoints
GdipDrawImageRectRect
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipEndContainer
GdipCreateBitmapFromGraphics
GdipDeleteGraphics
GdipGetImageWidth
GdipGetImageHeight
GdipAddPathRectangleI
GdipSetClipRect
GdipClonePath
GdipGetPathWorldBounds
GdipGraphicsClear
GdipGetImageGraphicsContext
GdipBeginContainer2
GdipRestoreGraphics
GdipSaveGraphics
GdipGetSmoothingMode
GdipTranslateWorldTransform
GdipSetClipRectI
GdipDrawLine
GdipFillRectanglesI
GdipDrawPath
GdipDeletePen
GdipCreatePen1
GdipSetPathGradientTransform
GdipSetPathGradientCenterPoint
GdipSetPathGradientWrapMode
GdipSetPathGradientPresetBlend
GdipCreatePathGradientFromPath
GdipAddPathEllipse
GdipSetLineWrapMode
GdipSetLinePresetBlend
GdipCreateMatrix2
GdipMultiplyLineTransform
GdipCreateLineBrush
GdipGetClipBoundsI
GdipFillPath
GdipAddPathLineI
GdipAddPathArcI
GdipDeletePath
GdipCreatePath
GdipFillRectangleI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipBitmapLockBits
GdiplusStartup
GdiplusShutdown
GdipDeleteFontFamily
GdipGetFamily
GdipCreateFontFromLogfontA
GdipGetEmHeight
GdipGetLineSpacing
GdipDrawImageI
GdipCreateHBITMAPFromBitmap
GdipDrawDriverString
GdipSetSmoothingMode
GdipGetFontSize
GdipDeleteFont
GdipGetCellAscent
GdipFree
GdipCreateFontFromDC
GdipAlloc
GdipGetFontHeightGivenDPI

winspool.drv

EnumPrintersW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError
PrintDlgW

comctl32

ImageList_GetIconSize
ImageList_DrawEx
ImageList_Destroy

Sections

.text
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 315KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 133B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 357KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tools/Panda/uninstaller.exe
.exe windows:5 windows x86 arch:x86

33cad3c4dcfa32e50442d1412d415563

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:3c:47:92:9d:ca:2c:59:e6:78:3f:31:a1:78:98:63
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/06/2022, 00:00

Not After

07/06/2023, 23:59

Subject

CN=Panda Security S.L.,O=Panda Security S.L.,L=Bilbao,C=ES

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:3c:47:92:9d:ca:2c:59:e6:78:3f:31:a1:78:98:63
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/06/2022, 00:00

Not After

07/06/2023, 23:59

Subject

CN=Panda Security S.L.,O=Panda Security S.L.,L=Bilbao,C=ES

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:e4:85:25:4b:45:a9:75:70:10:42:66:e7:d2:6c:6a:1a:99:7b:83:1d:5f:89:7a:94:cd:2b:59:04:d9:52:4f
Signer

Actual PE Digest

1d:e4:85:25:4b:45:a9:75:70:10:42:66:e7:d2:6c:6a:1a:99:7b:83:1d:5f:89:7a:94:cd:2b:59:04:d9:52:4f

Digest Algorithm

sha256

PE Digest Matches

true

ad:cb:9f:df:7c:61:29:a9:f5:3b:c2:e6:19:29:ed:e3:78:65:36:8e
Signer

Actual PE Digest

ad:cb:9f:df:7c:61:29:a9:f5:3b:c2:e6:19:29:ed:e3:78:65:36:8e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
WaitForMultipleObjects
Sleep
VirtualAlloc
VirtualFree
GetVersionExA
WaitForSingleObject
CreateEventA
SetEvent
ResetEvent
InitializeCriticalSection
GetExitCodeProcess
CreateProcessA
GetCommandLineW
GetVersionExW
lstrcmpiW
HeapAlloc
GetCurrentProcess
HeapFree
TerminateProcess
GetFileInformationByHandle
CreateFileA
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetLocaleInfoW
LoadLibraryA
InterlockedExchange
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LCMapStringA
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
InterlockedCompareExchange
FreeEnvironmentStringsA
HeapSize
ExitProcess
HeapCreate
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetFileSize
GetFileAttributesA
GetFileAttributesW
GetModuleHandleA
FindNextFileA
FindNextFileW
FindFirstFileA
FindFirstFileW
FindClose
GetCurrentThreadId
GetTickCount
GetCurrentProcessId
GetTempPathA
GetTempPathW
GetCurrentDirectoryA
GetCurrentDirectoryW
SetCurrentDirectoryA
SetCurrentDirectoryW
DeleteFileA
DeleteFileW
CreateDirectoryA
CreateDirectoryW
GetModuleHandleW
GetProcAddress
RemoveDirectoryA
RemoveDirectoryW
SetFileAttributesA
SetFileAttributesW
SetLastError
CreateFileW
SetFileTime
CloseHandle
GetSystemDirectoryW
FormatMessageA
FormatMessageW
LocalFree
GetModuleFileNameA
GetModuleFileNameW
LoadLibraryExW
FreeLibrary
AreFileApisANSI
GetLastError
WideCharToMultiByte
MultiByteToWideChar
TlsGetValue
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoA
GetCommandLineA
CreateThread
ExitThread
HeapReAlloc
RaiseException
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
WriteConsoleW
DeleteCriticalSection

user32

CharUpperW
LoadStringA
LoadStringW
SendMessageA
CharUpperA
GetSystemMetrics
LoadIconA
EndDialog
KillTimer
SetTimer
PostMessageA
DestroyWindow
MessageBoxW
DialogBoxParamW
DialogBoxParamA
GetDlgItem
GetWindowLongA
SetWindowLongA
ShowWindow
SetWindowTextW
SetWindowTextA

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

ShellExecuteExA

oleaut32

VariantClear
SysStringLen
SysAllocStringLen

Sections

.text
Size: 251KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Tools/Symantec_Endpoint_Protection/CleanWipe.db
.msi
Tools/Symantec_Endpoint_Protection/CleanWipe.exe
.exe windows:6 windows x86 arch:x86

6e79af22a9cf5c63216c630769f6f64c

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:59:30:9b:83:6b:fb:49:db:a2:23:e2:38:02:88:9b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

03/10/2023, 00:00

Not After

23/10/2026, 23:59

Subject

CN=Symantec Corporation,O=Symantec Corporation,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7f:b4:20:2e:45:5c:73:4b:0e:7c:09:e7:41:5e:92:00:a8:1c:fc:8e:c2:52:5b:9b:4d:7c:0f:55:a8:de:ea:9f
Signer

Actual PE Digest

7f:b4:20:2e:45:5c:73:4b:0e:7c:09:e7:41:5e:92:00:a8:1c:fc:8e:c2:52:5b:9b:4d:7c:0f:55:a8:de:ea:9f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Bld_area\SEP_14.3-RU9_CM-Build\Output\Install\Bin.iru\CleanWipe.pdb

Imports

loadperf

UnloadPerfCounterTextStringsW

rpcrt4

UuidFromStringW
UuidToStringW
RpcBindingFree
RpcMgmtIsServerListening
RpcBindingFromStringBindingW
UuidCreate
RpcStringBindingComposeW
NdrClientCall2
RpcStringFreeW

kernel32

ReleaseMutex
GetCommandLineW
GetLocaleInfoA
CopyFileW
GetDriveTypeW
CreateMutexW
GetFileSize
ReadFile
WriteFile
GetFileSizeEx
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
MoveFileW
GetFileTime
ExpandEnvironmentStringsW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetSystemTime
OpenEventW
OpenSemaphoreW
ReleaseSemaphore
CreateEventW
DeviceIoControl
GetOverlappedResult
CancelIo
GetLogicalDriveStringsW
ExpandEnvironmentStringsA
CreateDirectoryA
SetVolumeMountPointA
FindFirstFileA
DeleteFileA
FindNextFileA
DeleteVolumeMountPointA
RemoveDirectoryA
VirtualQuery
QueryDosDeviceW
lstrcmpA
lstrcmpW
OutputDebugStringW
DuplicateHandle
ResetEvent
TryEnterCriticalSection
GetCurrentThread
GetSystemInfo
GetProcessTimes
SetFilePointer
FlushFileBuffers
SetEndOfFile
VirtualAlloc
VirtualFree
InitializeCriticalSectionAndSpinCount
WaitForMultipleObjectsEx
ReadProcessMemory
lstrlenA
FindFirstFileW
ProcessIdToSessionId
GetTempPathW
TerminateProcess
GetCPInfo
LCMapStringW
IsDebuggerPresent
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
CopyFileExW
SetFilePointerEx
GetFileInformationByHandle
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
MoveFileExW
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
GetVersionExW
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
GetStdHandle
GetFileType
GetModuleHandleExW
WriteConsoleW
GetCommandLineA
ExitThread
ResumeThread
ExitProcess
GetFileAttributesExW
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetACP
GetExitCodeThread
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
ReadConsoleW
DeleteFileW
SetFileAttributesW
FindClose
CreateDirectoryW
GetShortPathNameW
GetLongPathNameW
GetLocaleInfoW
GetCurrentProcessId
OpenProcess
GetTickCount
LocalAlloc
GetExitCodeProcess
CreateProcessW
GetSystemTimeAsFileTime
GetWindowsDirectoryW
GetCurrentProcess
EncodePointer
GetThreadLocale
GetNativeSystemInfo
lstrlenW
CompareStringW
VerSetConditionMask
VerifyVersionInfoW
MulDiv
GetLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
SetLastError
DecodePointer
GetCurrentThreadId
InitializeCriticalSectionEx
GetModuleFileNameW
MultiByteToWideChar
RaiseException
lstrcmpiW
LoadLibraryW
GetSystemDirectoryW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleHandleW
Sleep
InitializeCriticalSection
TlsFree
SetEvent
QueueUserAPC
TerminateThread
WaitForMultipleObjects
DeleteCriticalSection
CloseHandle
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
GetLastError
TlsAlloc
LocalFree
WideCharToMultiByte
FormatMessageW
FormatMessageA
CreateFileW
GetFileAttributesW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GetProcAddress
FreeLibrary
LoadLibraryExW
RemoveDirectoryW
SetThreadAffinityMask
TlsSetValue
TlsGetValue
FindNextFileW
QueryPerformanceCounter
VirtualProtect
LoadLibraryExA
GetStringTypeW
WaitForSingleObjectEx
SwitchToThread
CreateSemaphoreW

user32

BeginPaint
EndPaint
FillRect
IsWindowEnabled
GetSysColor
GetFocus
DrawFocusRect
SetCursor
TrackMouseEvent
SetCapture
GetCapture
ReleaseCapture
GetDlgCtrlID
GetCursorPos
ScreenToClient
PtInRect
MsgWaitForMultipleObjectsEx
InvalidateRect
GetClassNameW
LoadCursorW
SystemParametersInfoW
CreateWindowExW
SetFocus
SetRectEmpty
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
DrawTextW
OffsetRect
DialogBoxParamW
EnableWindow
GetDlgItem
PostMessageW
ReleaseDC
GetDC
SetWindowLongW
GetWindow
GetWindowLongW
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
GetParent
GetClientRect
MapWindowPoints
SetWindowPos
CallWindowProcW
RegisterWindowMessageW
SetWindowPlacement
GetWindowPlacement
KillTimer
SetTimer
MessageBoxA
SendMessageW
UnregisterClassW
GetActiveWindow
DestroyWindow
DefWindowProcW
GetSystemMenu
EnableMenuItem
SetDlgItemTextW
MessageBeep
GetSystemMetrics
wsprintfW
GetWindowTextA
MessageBoxW
CharNextW
PeekMessageW
IsWindow
IsWindowUnicode
GetMessageA
GetMessageW
TranslateMessage
DispatchMessageA
DispatchMessageW
UpdateWindow
EndDialog

gdi32

RemoveFontResourceW
SetBkMode
SetTextColor
GetStockObject
SelectObject
CreateFontIndirectW
GetDeviceCaps
GetObjectW
DeleteDC
DeleteObject

advapi32

AllocateAndInitializeSid
GetSecurityDescriptorLength
GetSecurityDescriptorControl
MakeAbsoluteSD
GetSecurityDescriptorSacl
GetAclInformation
AddAce
OpenThreadToken
RegNotifyChangeKeyValue
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
TraceMessage
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
InitiateSystemShutdownExW
RegSetKeySecurity
SetEntriesInAclW
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
AdjustTokenPrivileges
GetTokenInformation
LookupPrivilegeValueW
OpenProcessToken
SetNamedSecurityInfoW
GetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetNamedSecurityInfoW
ChangeServiceConfigW
QueryServiceConfigW
EnumDependentServicesW
ControlService
QueryServiceStatusEx
StartServiceW
RegConnectRegistryW
RegEnumValueW
RegisterServiceCtrlHandlerW
SetServiceStatus
StartServiceCtrlDispatcherW
FreeSid
CheckTokenMembership
InitializeAcl
CreateServiceW
DeleteService
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
CryptReleaseContext
CryptAcquireContextW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
IsValidSid
GetLengthSid
CopySid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
MakeSelfRelativeSD

ole32

StringFromGUID2
StringFromIID
OleRun
CoSetProxyBlanket
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateGuid
CLSIDFromString

oleaut32

SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreateVector
SafeArrayLock
SafeArrayPtrOfIndex
SafeArrayUnlock
VarUI4FromStr
SysFreeString
SafeArrayGetUBound
SafeArrayGetElement
SysAllocString
VariantChangeType
VariantClear
VariantInit
VariantCopy
SysStringByteLen
SysAllocStringByteLen
VariantCopyInd
SafeArrayCreate

msi

ord159
ord8
ord92
ord113
ord70
ord248
ord205
ord160
ord20
ord158
ord120
ord125
ord118
ord116
ord17
ord165
ord32
ord157

shlwapi

SHDeleteKeyW
PathAppendW
PathIsUNCServerW
PathRemoveFileSpecW
PathAddBackslashW

comctl32

DestroyPropertySheetPage
InitCommonControlsEx
PropertySheetW
CreatePropertySheetPageW

wininet

InternetSetOptionW

ntdll

RtlUnwind

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 445KB - Virtual size: 445KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 226KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tools/Total_Defense/ISS_Cleanup.exe
.exe windows:4 windows x86 arch:x86

1d1577d864d2da06952f7affd8635371

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

03/02/2015, 00:00

Not After

03/03/2026, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:b5:42:cb:e9:f3:3c:3d:64:69:b2:fa:9a:d5:15:48:7f
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

27/08/2014, 14:15

Not After

27/08/2017, 14:15

Subject

CN=Total Defense\, Inc.,O=Total Defense\, Inc.,L=Hauppauge,ST=New York,C=US,1.2.840.113549.1.9.1=#0c18737570706f727440746f74616c646566656e73652e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

17:48:6a:8b:e4:2f:93:d3:1f:4c:34:d3:a5:41:46:8f:87:ab:60:46
Signer

Actual PE Digest

17:48:6a:8b:e4:2f:93:d3:1f:4c:34:d3:a5:41:46:8f:87:ab:60:46

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteExW

gdi32

CreateCompatibleDC
CreateFontIndirectW
DeleteObject
DeleteDC
GetCurrentObject
StretchBlt
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
SetStretchBltMode
GetObjectW

advapi32

FreeSid
AllocateAndInitializeSid
CheckTokenMembership

user32

GetMenu
SetWindowPos
GetWindowDC
ReleaseDC
CopyImage
GetKeyState
GetWindowRect
ScreenToClient
GetWindowLongW
SetTimer
GetMessageW
DispatchMessageW
KillTimer
DestroyWindow
EndDialog
SendMessageW
wsprintfW
GetClassNameA
GetWindowTextW
GetWindowTextLengthW
GetSysColor
wsprintfA
SetWindowTextW
CreateWindowExW
GetDlgItem
GetClientRect
SetWindowLongW
UnhookWindowsHookEx
SetFocus
GetSystemMetrics
SystemParametersInfoW
ShowWindow
DrawTextW
GetDC
ClientToScreen
GetWindow
DialogBoxIndirectParamW
DrawIconEx
CallWindowProcW
DefWindowProcW
CallNextHookEx
PtInRect
SetWindowsHookExW
LoadImageW
LoadIconW
MessageBeep
EnableWindow
IsWindow
EnableMenuItem
GetSystemMenu
wvsprintfW
CharUpperW
MessageBoxA
GetParent

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoInitialize

oleaut32

SysAllocString
VariantClear
OleLoadPicture

kernel32

SetFileTime
SetEndOfFile
EnterCriticalSection
DeleteCriticalSection
GetModuleHandleA
LeaveCriticalSection
WaitForMultipleObjects
ReadFile
SetFilePointer
GetFileSize
FormatMessageW
lstrcpyW
LocalFree
IsBadReadPtr
GetSystemDirectoryW
GetCurrentThreadId
SuspendThread
TerminateThread
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventW
GetVersionExW
GetModuleFileNameW
GetCurrentProcess
SetProcessWorkingSetSize
SetCurrentDirectoryW
GetDriveTypeW
CreateFileW
GetCommandLineW
GetStartupInfoW
CreateProcessW
CreateJobObjectW
ResumeThread
AssignProcessToJobObject
CreateIoCompletionPort
SetInformationJobObject
GetQueuedCompletionStatus
GetExitCodeProcess
CloseHandle
SetEnvironmentVariableW
GetTempPathW
GetSystemTimeAsFileTime
lstrlenW
CompareFileTime
SetThreadLocale
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
RemoveDirectoryW
ExpandEnvironmentStringsW
WideCharToMultiByte
VirtualAlloc
GlobalMemoryStatusEx
lstrcmpW
GetEnvironmentVariableW
lstrcmpiW
lstrlenA
GetLocaleInfoW
MultiByteToWideChar
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetSystemDefaultLCID
lstrcmpiA
GlobalAlloc
GlobalFree
MulDiv
FindResourceExA
SizeofResource
LoadResource
LockResource
LoadLibraryA
ExitProcess
lstrcatW
GetDiskFreeSpaceExW
SetFileAttributesW
SetLastError
Sleep
GetExitCodeThread
WaitForSingleObject
CreateThread
GetLastError
SystemTimeToFileTime
GetLocalTime
GetFileAttributesW
CreateDirectoryW
WriteFile
GetStdHandle
VirtualFree
GetModuleHandleW
GetProcAddress
GetStartupInfoA

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
memcmp
free
memcpy
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
_CxxThrowException
_beginthreadex
_EH_prolog
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
memset
_wcsnicmp
strncmp
wcsncmp
malloc
memmove
_wtol
_purecall

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Tools/Trend_Micro/Ti_1770_win_en_Tool_UninstallTool_hfb0003.exe
.exe windows:4 windows x86 arch:x86

d84d991d25f1d024e6888428c049c5f2

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:8a:a2:ad:87:a1:7b:3d:48:a1:19:b4:71:b7:0a:32
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/07/2021, 00:00

Not After

25/10/2022, 23:59

Subject

SERIALNUMBER=23310837,CN=Trend Micro\, Inc.,O=Trend Micro\, Inc.,L=Da’an District,ST=Taipei City,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:4f:1f:a5:4f:b1:7b:1b:53:b3:ca:ea:d6:ed:51:46:e8:0c:5e:ee:e6:b0:d5:bd:f6:86:f7:19:b9:52:80:a7
Signer

Actual PE Digest

48:4f:1f:a5:4f:b1:7b:1b:53:b3:ca:ea:d6:ed:51:46:e8:0c:5e:ee:e6:b0:d5:bd:f6:86:f7:19:b9:52:80:a7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
FormatMessageA
DeleteFileA
MulDiv
IsDBCSLeadByte
GetExitCodeProcess
CreateProcessA
GetTempFileNameA
GetSystemDefaultLCID
WaitForSingleObject
CompareStringA
Sleep
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
FreeLibrary
RemoveDirectoryA
FindNextFileA
WritePrivateProfileSectionA
GetStartupInfoA
WriteFile
ReadFile
SetFileAttributesA
LocalFree
LocalAlloc
LockResource
LoadResource
FindResourceA
SizeofResource
GetModuleHandleA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
MultiByteToWideChar
lstrcmpiA
GetDiskFreeSpaceA
HeapAlloc
GetProcessHeap
HeapFree
lstrcpynA
ExitProcess
CreateFileA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CreateDirectoryA
SetFilePointer
GetFileSize
FindClose
GetLastError
FindFirstFileA
lstrlenA
GetFileAttributesA
GetPrivateProfileStringA
GetSystemDirectoryA
GetWindowsDirectoryA
lstrcatA
GetModuleFileNameA
GetTempPathA
lstrcpyA
GetPrivateProfileSectionA
LoadLibraryA
MoveFileExA
WritePrivateProfileStringA
GetShortPathNameA
FlushFileBuffers
IsBadCodePtr
CloseHandle
SetStdHandle
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetVersion
GetCommandLineA
RtlUnwind
IsBadReadPtr

user32

SetFocus
PostMessageA
GetDlgItem
SendDlgItemMessageA
GetParent
GetDC
LoadImageA
MessageBoxA
wsprintfA
CheckRadioButton
EnableWindow
IsDlgButtonChecked
GetDlgItemTextA
CheckDlgButton
SetDlgItemTextA
ReleaseDC
GetWindowLongA
SetWindowTextA
CharNextA
GetDesktopWindow
GetWindowTextA
GetWindow
DestroyWindow
CreateDialogParamA
GetSysColor
GetSysColorBrush
FillRect
BeginPaint
DrawTextA
EndPaint
GetClientRect
ScreenToClient
MoveWindow
SetParent
MapDialogRect
GetNextDlgTabItem
GetWindowRect
CreateDialogIndirectParamA
IsWindow
InvalidateRect
IsWindowEnabled
ShowWindow
UpdateWindow
IsDialogMessageA
SetWindowPos
GetActiveWindow
SetActiveWindow
SetWindowLongA
LoadStringA
LoadIconA
DispatchMessageA
SendMessageA
TranslateMessage
PeekMessageA

gdi32

CreateFontIndirectA
RealizePalette
SelectPalette
CreatePalette
GetObjectA
GetStockObject
CreateDIBitmap
GetTextExtentPointA
SelectObject
EnumFontFamiliesExA
DeleteDC
BitBlt
TextOutA
SetBkMode
SetBkColor
CreateCompatibleDC
CreateSolidBrush
SetTextColor
DeleteObject
GetDeviceCaps

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc

lz32

LZOpenFileA
LZCopy
LZClose

comctl32

ord17

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Tools/TrustPort/tpremove.exe
.exe windows:4 windows x86 arch:x86

ad6f51a6f221f35ce0be333f796fa71d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5e:aa:40:8a:98:62:28:41:ca:04:f2:97:b4:32:05:ff
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/03/2011, 00:00

Not After

08/04/2012, 23:59

Subject

CN=TrustPort,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TrustPort,L=Brno,ST=Morava,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2f:7d:03:50:98:3e:81:c4:2a:09:be:23:73:3f:44:c2:a2:9f:d3:72
Signer

Actual PE Digest

2f:7d:03:50:98:3e:81:c4:2a:09:be:23:73:3f:44:c2:a2:9f:d3:72

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\project\rebels6\export\release\tpremove.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GlobalFlags
SetErrorMode
GetTickCount
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
RtlUnwind
SetStdHandle
GetFileType
RaiseException
ExitThread
CreateThread
ExitProcess
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
InitializeCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetEnvironmentVariableA
SetEnvironmentVariableW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
lstrlenA
InterlockedIncrement
GetFileTime
FileTimeToLocalFileTime
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
GetModuleHandleA
GetCurrentProcessId
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
CreateEventW
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
InterlockedDecrement
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
WideCharToMultiByte
GetVersion
GetLongPathNameW
CreateMutexW
WaitForSingleObject
ReleaseMutex
GetSystemTimeAsFileTime
MultiByteToWideChar
WritePrivateProfileStringW
GetSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
MulDiv
lstrlenW
DeviceIoControl
CreateFileW
GetPrivateProfileStringW
SetFileAttributesW
SetLastError
GetTempPathW
LoadLibraryW
GetSystemDirectoryW
FreeLibrary
VirtualQuery
GetDriveTypeW
GetVersionExW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
Process32NextW
TerminateProcess
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
RemoveDirectoryW
FindClose
FindNextFileW
MoveFileExW
DeleteFileW
FindFirstFileW
GetWindowsDirectoryW
GetFileAttributesW
FindResourceW
LoadResource
LockResource
SizeofResource
LocalFree
LocalAlloc
GetCurrentProcess
CloseHandle
Sleep
GetLastError
GetEnvironmentStrings

user32

DrawTextW
TabbedTextOutW
GetWindowThreadProcessId
SetCursor
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
GetDesktopWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetMessageW
TranslateMessage
GetActiveWindow
ValidateRect
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
UnregisterClassA
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DrawTextExW
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
SetForegroundWindow
PostThreadMessageW
UpdateWindow
GetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClipboardFormatW
MessageBeep
GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
RegisterClassW
AdjustWindowRectEx
ScreenToClient
EqualRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetWindowLongW
SetWindowPos
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GrayStringW
ClientToScreen
GetWindowDC
CharUpperW
GetSysColorBrush
GetSubMenu
EndPaint
LoadCursorW
DestroyMenu
UnregisterClassW
GetDlgItem
IsRectEmpty
CopyAcceleratorTableW
BeginPaint
GetAsyncKeyState
OffsetRect
GetCursorPos
SystemParametersInfoW
FillRect
DispatchMessageW
PeekMessageW
LoadImageW
DrawIconEx
DestroyIcon
RedrawWindow
CopyRect
GetParent
ReleaseDC
GetDC
InflateRect
GetSysColor
SetWindowLongW
IsWindow
IsWindowVisible
GetClientRect
LoadBitmapW
SetRect
CharLowerW
MessageBoxW
EnableWindow
InvalidateRect
LoadIconW
GetWindowRect
SendMessageW
FindWindowW
PostMessageW
CharNextW
CallNextHookEx

gdi32

DeleteDC
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetTextExtentPoint32W
GetDeviceCaps
CreateFontIndirectW
GetObjectW
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateRectRgnIndirect
CreateBitmap
GetStockObject
DeleteObject
CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

EqualSid
OpenServiceW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegFlushKey
RegCreateKeyExW
RegDeleteValueW
FreeSid
OpenSCManagerW
GetTokenInformation
OpenProcessToken
AllocateAndInitializeSid
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
DeleteService
CloseServiceHandle
StartServiceW
QueryServiceStatus
ControlService

shell32

SHFileOperationW
SHGetSpecialFolderPathW

comctl32

ord17
InitCommonControlsEx

shlwapi

PathFindFileNameW
PathStripToRootW
SHDeleteKeyW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIBusyW

ole32

OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
OleFlushClipboard
CoFreeUnusedLibraries
CoTaskMemAlloc
CoTaskMemFree
CoRegisterMessageFilter
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard

oleaut32

VariantChangeType
SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysAllocStringLen
SysStringLen
SysFreeString
VariantClear
VariantInit

setupapi

SetupDiOpenDeviceInfoW
SetupDiOpenClassRegKey
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInfoList
CM_Get_Parent
CM_Get_Device_IDW
SetupDiGetDeviceRegistryPropertyW

Sections

.text
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 392KB - Virtual size: 390KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tools/TrustPort/tpremove.zip
.zip
tpremove.exe
.exe windows:4 windows x86 arch:x86

ad6f51a6f221f35ce0be333f796fa71d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5e:aa:40:8a:98:62:28:41:ca:04:f2:97:b4:32:05:ff
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/03/2011, 00:00

Not After

08/04/2012, 23:59

Subject

CN=TrustPort,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TrustPort,L=Brno,ST=Morava,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2f:7d:03:50:98:3e:81:c4:2a:09:be:23:73:3f:44:c2:a2:9f:d3:72
Signer

Actual PE Digest

2f:7d:03:50:98:3e:81:c4:2a:09:be:23:73:3f:44:c2:a2:9f:d3:72

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\project\rebels6\export\release\tpremove.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GlobalFlags
SetErrorMode
GetTickCount
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
RtlUnwind
SetStdHandle
GetFileType
RaiseException
ExitThread
CreateThread
ExitProcess
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
InitializeCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetEnvironmentVariableA
SetEnvironmentVariableW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
lstrlenA
InterlockedIncrement
GetFileTime
FileTimeToLocalFileTime
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
GetModuleHandleA
GetCurrentProcessId
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
CreateEventW
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
InterlockedDecrement
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
WideCharToMultiByte
GetVersion
GetLongPathNameW
CreateMutexW
WaitForSingleObject
ReleaseMutex
GetSystemTimeAsFileTime
MultiByteToWideChar
WritePrivateProfileStringW
GetSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
MulDiv
lstrlenW
DeviceIoControl
CreateFileW
GetPrivateProfileStringW
SetFileAttributesW
SetLastError
GetTempPathW
LoadLibraryW
GetSystemDirectoryW
FreeLibrary
VirtualQuery
GetDriveTypeW
GetVersionExW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
Process32NextW
TerminateProcess
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
RemoveDirectoryW
FindClose
FindNextFileW
MoveFileExW
DeleteFileW
FindFirstFileW
GetWindowsDirectoryW
GetFileAttributesW
FindResourceW
LoadResource
LockResource
SizeofResource
LocalFree
LocalAlloc
GetCurrentProcess
CloseHandle
Sleep
GetLastError
GetEnvironmentStrings

user32

DrawTextW
TabbedTextOutW
GetWindowThreadProcessId
SetCursor
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
GetDesktopWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetMessageW
TranslateMessage
GetActiveWindow
ValidateRect
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
UnregisterClassA
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DrawTextExW
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
SetForegroundWindow
PostThreadMessageW
UpdateWindow
GetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClipboardFormatW
MessageBeep
GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
RegisterClassW
AdjustWindowRectEx
ScreenToClient
EqualRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetWindowLongW
SetWindowPos
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GrayStringW
ClientToScreen
GetWindowDC
CharUpperW
GetSysColorBrush
GetSubMenu
EndPaint
LoadCursorW
DestroyMenu
UnregisterClassW
GetDlgItem
IsRectEmpty
CopyAcceleratorTableW
BeginPaint
GetAsyncKeyState
OffsetRect
GetCursorPos
SystemParametersInfoW
FillRect
DispatchMessageW
PeekMessageW
LoadImageW
DrawIconEx
DestroyIcon
RedrawWindow
CopyRect
GetParent
ReleaseDC
GetDC
InflateRect
GetSysColor
SetWindowLongW
IsWindow
IsWindowVisible
GetClientRect
LoadBitmapW
SetRect
CharLowerW
MessageBoxW
EnableWindow
InvalidateRect
LoadIconW
GetWindowRect
SendMessageW
FindWindowW
PostMessageW
CharNextW
CallNextHookEx

gdi32

DeleteDC
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetTextExtentPoint32W
GetDeviceCaps
CreateFontIndirectW
GetObjectW
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateRectRgnIndirect
CreateBitmap
GetStockObject
DeleteObject
CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

EqualSid
OpenServiceW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegFlushKey
RegCreateKeyExW
RegDeleteValueW
FreeSid
OpenSCManagerW
GetTokenInformation
OpenProcessToken
AllocateAndInitializeSid
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
DeleteService
CloseServiceHandle
StartServiceW
QueryServiceStatus
ControlService

shell32

SHFileOperationW
SHGetSpecialFolderPathW

comctl32

ord17
InitCommonControlsEx

shlwapi

PathFindFileNameW
PathStripToRootW
SHDeleteKeyW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIBusyW

ole32

OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
OleFlushClipboard
CoFreeUnusedLibraries
CoTaskMemAlloc
CoTaskMemFree
CoRegisterMessageFilter
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard

oleaut32

VariantChangeType
SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysAllocStringLen
SysStringLen
SysFreeString
VariantClear
VariantInit

setupapi

SetupDiOpenDeviceInfoW
SetupDiOpenClassRegKey
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInfoList
CM_Get_Parent
CM_Get_Device_IDW
SetupDiGetDeviceRegistryPropertyW

Sections

.text
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 392KB - Virtual size: 390KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tools/Vipre/VipreRemovalTool.exe
.exe windows:5 windows x86 arch:x86

50610e34092d6ce13e51e7c9d5197081

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:61:cc:41:8d:5c:76:d1:5f:55:d1:f8:8d:2b:c6:d6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/02/2023, 00:00

Not After

20/02/2025, 23:59

Subject

SERIALNUMBER=P94000001869,CN=ThreatTrack Security\, Inc.,O=ThreatTrack Security\, Inc.,L=Clearwater,ST=Florida,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#1307466c6f72696461,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:88:69:69:bb:9f:03:88:35:d5:4e:a4:5e:a2:4d:66:86:c9:9e:ab:17:bb:05:89:92:3f:79:db:86:85:50:b7
Signer

Actual PE Digest

2e:88:69:69:bb:9f:03:88:35:d5:4e:a4:5e:a2:4d:66:86:c9:9e:ab:17:bb:05:89:92:3f:79:db:86:85:50:b7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb

Imports

comctl32

ord17

kernel32

DeleteFileA
DeleteFileW
CreateDirectoryA
CreateDirectoryW
FindClose
FindNextFileA
FindFirstFileA
FindNextFileW
FindFirstFileW
GetTickCount
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GlobalAlloc
lstrlenA
GetModuleFileNameA
FindResourceA
GetModuleHandleA
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
CompareStringA
ExitProcess
GetLocaleInfoA
GetNumberFormatA
GetProcAddress
DosDateTimeToFileTime
GetDateFormatA
GetTimeFormatA
FileTimeToSystemTime
FileTimeToLocalFileTime
ExpandEnvironmentStringsA
WaitForSingleObject
SetCurrentDirectoryA
Sleep
GetTempPathA
MoveFileExA
GetModuleFileNameW
SetEnvironmentVariableA
GetCommandLineA
LocalFileTimeToFileTime
SystemTimeToFileTime
GetSystemTime
IsDBCSLeadByte
GetCPInfo
FreeLibrary
LoadLibraryA
GetCurrentDirectoryA
GetFullPathNameA
SetFileAttributesW
SetFileAttributesA
GetFileAttributesW
GetFileAttributesA
WriteFile
GetStdHandle
ReadFile
SetLastError
CreateFileW
CreateFileA
GetFileType
SetEndOfFile
SetFilePointer
MoveFileA
SetFileTime
GetCurrentProcess
CloseHandle
GetLastError
lstrcmpiA

user32

ReleaseDC
GetDC
SendMessageA
wsprintfA
SetDlgItemTextA
EndDialog
DestroyIcon
SendDlgItemMessageA
GetDlgItemTextA
DialogBoxParamA
IsWindowVisible
WaitForInputIdle
GetSysColor
PostMessageA
SetMenu
SetFocus
LoadBitmapA
LoadIconA
CharToOemA
OemToCharA
GetClassNameA
CharUpperA
GetWindowRect
GetParent
MapWindowPoints
CreateWindowExA
UpdateWindow
SetWindowTextA
LoadCursorA
RegisterClassExA
SetWindowLongA
GetWindowLongA
DefWindowProcA
PeekMessageA
GetMessageA
DispatchMessageA
DestroyWindow
GetClientRect
CopyRect
IsWindow
MessageBoxA
ShowWindow
GetDlgItem
EnableWindow
FindWindowExA
wvsprintfA
CharToOemBuffA
LoadStringA
SetWindowPos
GetWindowTextA
GetWindow
GetSystemMetrics
OemToCharBuffA
TranslateMessage

gdi32

GetDeviceCaps
GetObjectA
CreateCompatibleBitmap
SelectObject
StretchBlt
CreateCompatibleDC
DeleteObject
DeleteDC

comdlg32

GetSaveFileNameA
CommDlgExtendedError
GetOpenFileNameA

advapi32

LookupPrivilegeValueA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
SetFileSecurityW
SetFileSecurityA
OpenProcessToken
AdjustTokenPrivileges

shell32

ShellExecuteExA
SHFileOperationA
SHGetFileInfoA
SHGetSpecialFolderLocation
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
SHChangeNotify

ole32

CreateStreamOnHGlobal
OleInitialize
CoCreateInstance
OleUninitialize
CLSIDFromString

oleaut32

VariantInit

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Tools/Webroot/WRCleanupTool.exe
.exe windows:4 windows x86 arch:x86

e64235228e9bd78a7edeb9d1cdff1c57

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:93:28:f4:a1:ae:00:a2:1e:71:a0:40:99:61:5f:01
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

08/12/2009, 00:00

Not After

20/01/2012, 23:59

Subject

CN=Webroot Software\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Webroot Software\, Inc.,L=Boulder,ST=Colorado,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

49:b8:4b:7d:98:d1:15:be:82:4d:13:14:71:08:a1:3e:09:1a:df:8d
Signer

Actual PE Digest

49:b8:4b:7d:98:d1:15:be:82:4d:13:14:71:08:a1:3e:09:1a:df:8d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
CreateErrorInfo
GetErrorInfo
SetErrorInfo
GetActiveObject
SysFreeString
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
SetSecurityDescriptorDacl
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegFlushKey
RegEnumKeyA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueA
InitializeSecurityDescriptor
GetUserNameA
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid
AdjustTokenPrivileges
QueryServiceStatus
OpenServiceA
OpenSCManagerA
DeleteService
ControlService
CloseServiceHandle

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetClassLongA
SetCapture
SetActiveWindow
SendMessageTimeoutA
SendMessageW
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostThreadMessageA
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OpenClipboard
OffsetRect
OemToCharA
MsgWaitForMultipleObjects
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadImageA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetUpdateRect
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessagePos
GetMessageW
GetMessageA
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameA
GetClassLongA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
ExitWindowsEx
EqualRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BringWindowToTop
BeginPaint
AttachThreadInput
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
SetCurrentDirectoryA
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCurrentDirectoryA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringA
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrcpyA
lstrcmpiA
lstrcatA
WritePrivateProfileStringA
WriteFile
WaitForSingleObject
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
UnmapViewOfFile
TerminateThread
TerminateProcess
SystemTimeToFileTime
SuspendThread
Sleep
SizeofResource
SetUnhandledExceptionFilter
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetFileAttributesA
SetEvent
SetErrorMode
SetEndOfFile
SetCurrentDirectoryA
ResumeThread
ResetEvent
RemoveDirectoryA
ReleaseMutex
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
OpenProcess
OpenFileMappingA
OpenEventW
OpenEventA
MultiByteToWideChar
MulDiv
MoveFileExA
MapViewOfFile
LockResource
LocalSize
LocalFree
LocalAlloc
LoadResource
LoadLibraryExA
LoadLibraryA
LeaveCriticalSection
IsBadReadPtr
InitializeCriticalSection
GlobalUnlock
GlobalReAlloc
GlobalMemoryStatus
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetWindowsDirectoryA
GetVersionExW
GetVersionExA
GetVersion
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetThreadContext
GetTempPathA
GetSystemTime
GetSystemDirectoryA
GetStdHandle
GetShortPathNameA
GetProfileStringA
GetProcAddress
GetPrivateProfileStringA
GetPriorityClass
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileTime
GetFileSize
GetFileAttributesA
GetExitCodeThread
GetExitCodeProcess
GetEnvironmentVariableA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameA
GetCommandLineA
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsA
ExitThread
ExitProcess
EnumCalendarInfoA
EnterCriticalSection
DuplicateHandle
DeleteFileA
DeleteCriticalSection
CreateThread
CreateRemoteThread
CreateProcessA
CreatePipe
CreateMutexA
CreateFileMappingA
CreateFileA
CreateEventA
CreateDirectoryA
CopyFileA
CompareStringA
CloseHandle
Beep
RtlUnwind
Sleep
GetVersionExA

gdi32

UnrealizeObject
TextOutA
StretchBlt
StartPage
StartDocA
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RestoreDC
Rectangle
RectVisible
RealizePalette
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextFaceA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
ExcludeClipRect
EndPage
EndDoc
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
CreatePen
CreatePalette
CreateICA
CreateHalftonePalette
CreateFontIndirectA
CreateFontA
CreateDIBitmap
CreateDIBSection
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
CombineRgn
BitBlt

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ole32

CoTaskMemFree
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoUninitialize
CoInitialize
IsEqualGUID
CoTaskMemFree
StringFromCLSID

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

shell32

ShellExecuteExA
ShellExecuteA
SHFileOperationA

comdlg32

PrintDlgA
GetSaveFileNameA

wsock32

WSACleanup
WSAStartup
gethostbyname
socket
sendto
send
select
recvfrom
recv
inet_addr
htons
connect
closesocket
bind

winspool.drv

OpenPrinterA
EnumPrintersA
DocumentPropertiesA
ClosePrinter

shfolder

SHGetFolderPathA

winmm

timeGetTime

Exports

Exports

madTraceProcess

Sections

.text
Size: 917KB - Virtual size: 917KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 18KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 272B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Tools/WinPatrol/winpatrolremove.exe
.exe windows:5 windows x86 arch:x86

202143909a226dd5ed487851ba43bc07

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:98:85:5d:8f:38:19:c2:e1:8d:e5:a6:5f:7a:d3:fb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

09/05/2011, 00:00

Not After

09/06/2012, 23:59

Subject

CN=BillP Studios,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BillP Studios,L=Scotia,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BillP Studios\WinPatrol Professional\WinPatrol Admin\Release\WinPatrol Admin.pdb

Imports

psapi

GetModuleFileNameExA
EnumProcessModules
EnumProcesses

comctl32

PropertySheetA
ImageList_ReplaceIcon
ImageList_Create
ImageList_Destroy
ord17
ord6

winmm

PlaySoundA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wininet

InternetOpenUrlA
InternetCloseHandle
InternetOpenA
InternetReadFile

kernel32

LoadLibraryA
GetVersionExA
GetFileSize
OpenFile
MoveFileExA
GlobalLock
_lclose
GetTickCount
GlobalAlloc
GetFileAttributesA
FileTimeToSystemTime
ReadFile
GetSystemDirectoryA
GetEnvironmentVariableA
GlobalUnlock
GetShortPathNameA
CreateDirectoryA
GetLastError
RemoveDirectoryA
SetFileAttributesA
GlobalFree
WritePrivateProfileStringA
GetProfileStringA
GetModuleFileNameA
GetFileTime
FileTimeToLocalFileTime
DeleteFileA
GetExitCodeProcess
TerminateProcess
GetTempPathA
MoveFileA
SetFilePointer
GlobalMemoryStatus
lstrcatA
GetPrivateProfileStringA
SetErrorMode
Sleep
ExpandEnvironmentStringsA
WriteProfileStringA
WideCharToMultiByte
lstrcmpiA
SearchPathA
MultiByteToWideChar
CopyFileA
GetCurrentProcess
GetModuleHandleA
GetConsoleCP
WriteFile
GetProcAddress
LeaveCriticalSection
GetStringTypeW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
HeapCreate
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
GetStdHandle
ExitProcess
LCMapStringW
GetCurrentThreadId
SetLastError
GetModuleHandleW
TlsFree
DecodePointer
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
IsValidCodePage
GetOEMCP
GetACP
lstrlenA
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetConsoleMode
LoadLibraryW
RtlUnwind
IsProcessorFeaturePresent
HeapReAlloc
SetStdHandle
WriteConsoleW
HeapSize
CreateFileW
CreateFileA
FindNextFileA
FindClose
FindFirstFileA
OpenProcess
GetProcessHeap
HeapFree
HeapAlloc
FreeLibrary
CloseHandle
lstrcpyA
EnterCriticalSection
GetLocalTime
GetWindowsDirectoryA
WinExec
CreateProcessA
FlushFileBuffers

user32

IsWindowEnabled
GetClientRect
ChildWindowFromPoint
GetWindowTextA
GetPropA
GetWindowLongA
DestroyWindow
PostQuitMessage
LoadBitmapA
DrawTextA
GetClassNameA
GetWindowThreadProcessId
SetWindowLongA
LoadCursorA
wsprintfA
SetCursor
SetDlgItemTextA
MessageBoxExA
DialogBoxParamA
CreateWindowExA
DefWindowProcA
RegisterClassA
GetDlgItemInt
GetWindowRect
MapDialogRect
SendDlgItemMessageA
LoadIconA
RemovePropA
FindWindowExA
SetFocus
GetDC
SetPropA
TrackPopupMenuEx
BringWindowToTop
ReleaseDC
SetWindowPos
GetCursorPos
ShowWindow
CreatePopupMenu
AppendMenuA
IsWindow
DeferWindowPos
BeginDeferWindowPos
UpdateWindow
EnableWindow
CallWindowProcA
GetDlgItemTextA
EndDeferWindowPos
GetSystemMetrics
SendMessageA
GetDlgItem
InvalidateRect
PostMessageA
LoadStringA
SetForegroundWindow
EndDialog
SetWindowTextA
FindWindowA
GetParent

gdi32

SetBkMode
SelectObject
CreateFontA
GetStockObject
GetDeviceCaps
SetTextColor

comdlg32

GetOpenFileNameA

advapi32

RegEnumKeyA
RegOpenKeyA
RegQueryValueA
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
RegCreateKeyA
RegDeleteValueA
GetUserNameA
OpenServiceA
CloseServiceHandle
StartServiceA
QueryServiceStatus
OpenSCManagerA
ControlService
QueryServiceStatusEx
GetServiceDisplayNameA
GetServiceKeyNameA
RegEnumValueA
RegQueryInfoKeyA

shell32

ShellExecuteExA
ShellExecuteA
SHGetSpecialFolderPathA
ExtractIconA

ole32

CoCreateInstance
CoTaskMemFree
CoInitialize
CoInitializeSecurity
CoUninitialize

Sections

.text
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tools/ZoneAlarm/CLEAN.exe
.exe windows:6 windows x86 arch:x86

1f2f969a5761630dedd90d5b211b3ffd

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:78:92:33:00:81:b3:a0:06:3f:a6:19:b9:53:9b:76
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

25/11/2021, 00:00

Not After

26/11/2024, 23:59

Subject

CN=Check Point Software Technologies Ltd.,O=Check Point Software Technologies Ltd.,L=Tel Aviv-Yafo,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1f:ae:d4:9d:75:e1:dc:e2:64:e7:41:d7:18:ba:14:dc:1e:2d:0b:3f:ac:ee:3b:1c:ab:32:56:04:ae:df:dd:60
Signer

Actual PE Digest

1f:ae:d4:9d:75:e1:dc:e2:64:e7:41:d7:18:ba:14:dc:1e:2d:0b:3f:ac:ee:3b:1c:ab:32:56:04:ae:df:dd:60

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\ckp\src\ZA_InstallZML\ZA_May2020_Int_Deploy\CMpub\release\Win32\ReleaseU\Header.pdb

Imports

shell32

SHGetSpecialFolderPathW
SHFileOperationW
CommandLineToArgvW
SHGetKnownFolderPath
SHCreateDirectoryExW

shlwapi

PathIsDirectoryW
PathFindFileNameA
PathFileExistsA
PathFindOnPathW
PathFileExistsW
PathFindFileNameW

kernel32

GetFileAttributesW
OutputDebugStringW
GetSystemDirectoryW
InitializeCriticalSection
ExpandEnvironmentStringsW
SetLastError
GetModuleHandleW
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
LoadLibraryW
FormatMessageW
VerSetConditionMask
GetWindowsDirectoryW
GetSystemWow64DirectoryW
VerifyVersionInfoW
GetFileSize
MoveFileExW
FindNextFileW
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
WaitForSingleObject
GetLocalTime
GetCommandLineW
LocalFree
MoveFileW
GetCurrentProcess
FindFirstFileW
CreateDirectoryA
DeleteFileA
ReadFile
DeleteFileW
WriteFile
TerminateProcess
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
SetDllDirectoryW
RemoveDirectoryW
CreateProcessW
GetExitCodeProcess
SetFilePointer
WriteConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetProcAddress
FindClose
CreateFileW
CreateDirectoryW
GetCurrentDirectoryW
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
DecodePointer
CopyFileW
GetModuleFileNameW
ExitProcess
CreateMutexW
ReleaseMutex
GetLastError
CloseHandle
SetCurrentDirectoryW
FormatMessageA
RtlUnwind
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
SetEnvironmentVariableW
SetEnvironmentVariableA
ReadConsoleW
GetConsoleMode
GetConsoleCP
SetFilePointerEx
SetEndOfFile
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
FlushFileBuffers
GetFileType
GetStdHandle
SetFileAttributesA
EnumSystemLocalesW
IsValidLocale
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
GetStringTypeW
EncodePointer
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
LoadLibraryA
GetStringTypeExW
GetUserDefaultLCID
IsDebuggerPresent
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
SetEvent
GetACP

user32

CloseDesktop
MessageBoxW
LoadStringW
UnregisterClassW
CreateDialogParamW
CreateDesktopW
SetWindowTextW
SetTimer
GetDlgItem
SetWindowLongW
UpdateWindow
DestroyWindow
ShowWindow

advapi32

GetSecurityDescriptorDacl
RegCreateKeyExW
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSecurityDescriptorToSecurityDescriptorW
MakeSelfRelativeSD
GetSecurityDescriptorLength
GetFileSecurityW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorControl
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegCloseKey

ole32

CoTaskMemFree

oleaut32

VariantCopy
VariantInit
SysAllocString
SysFreeString
VariantClear

Exports

Exports

?get_lock@singleton_module@serialization@boost@@CAAA_NXZ
?is_locked@singleton_module@serialization@boost@@SA_NXZ
?lock@?1??get_lock@singleton_module@serialization@boost@@CAAA_NXZ@4_NA
?lock@singleton_module@serialization@boost@@SAXXZ
?unlock@singleton_module@serialization@boost@@SAXXZ

Sections

.text
Size: 789KB - Virtual size: 788KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tools/eScan/esremove.exe
.exe windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1d:23:21:67:48:21:27:16:6f:72:67:c7:50:36:99:f0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/01/2015, 00:00

Not After

22/04/2018, 23:59

Subject

CN=MicroWorld Technologies Inc.,O=MicroWorld Technologies Inc.,L=Detroit,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d6:b9:a1:9e:ae:ec:e1:e0:d3:bb:35:89:ed:ec:9e:0b:d4:36:9b
Signer

Actual PE Digest

21:d6:b9:a1:9e:ae:ec:e1:e0:d3:bb:35:89:ed:ec:9e:0b:d4:36:9b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 385KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 429KB - Virtual size: 428KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 304KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1004KB - Virtual size: 1003KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 891KB - Virtual size: 890KB

.rsrc Size: 28KB - Virtual size: 28KB

.reloc Size: 512B - Virtual size: 12B

6422a67cf7280810e405c78e2e395213

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

04:35:60:3f:7a:88:8a:e1:6c:05:b0:0f:15:3c:c6:fcCertificate

Extended Key Usages

Key Usages

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89Certificate

Extended Key Usages

Key Usages

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3fCertificate

Extended Key Usages

Key Usages

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68Certificate

Extended Key Usages

Key Usages

38:b1:7a:d4:6a:56:e9:16:d6:fa:b0:bb:cb:33:ff:21:b9:64:7a:fe:74:05:0c:4d:cb:30:88:dc:34:bf:7d:54Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dwmapi

ntdll

kernel32

rpcrt4

Exports

Exports

Sections

.text Size: 970KB - Virtual size: 969KB

.rdata Size: 338KB - Virtual size: 338KB

.data Size: 19KB - Virtual size: 32KB

.didat Size: 1024B - Virtual size: 556B

.rsrc Size: 130KB - Virtual size: 129KB

.reloc Size: 46KB - Virtual size: 45KB

8288bc24217ec6df0d64dee781471659

Code Sign

87:82:52:60:00:00:00:00:51:d3:73:d9Certificate

Extended Key Usages

Key Usages

10:f4:43:d7:45:35:40:b1:28:17:f6:b7:f5:ac:57:b1Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

87:82:52:60:00:00:00:00:51:d3:73:d9Certificate

Extended Key Usages

Key Usages

10:f4:43:d7:45:35:40:b1:28:17:f6:b7:f5:ac:57:b1Certificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

ab:02:05:ee:d1:b7:1b:70:77:8e:0b:0e:a5:00:5b:0a:6b:c6:39:20:d9:30:ea:75:b0:18:32:1e:5f:ab:bd:23Signer

24:9c:46:99:81:c5:3b:14:4c:22:f2:da:12:74:9b:30:c9:57:20:b3Signer

Headers

.text
Size: 891KB - Virtual size: 890KB

.rsrc
Size: 28KB - Virtual size: 28KB

.reloc
Size: 512B - Virtual size: 12B

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:35:60:3f:7a:88:8a:e1:6c:05:b0:0f:15:3c:c6:fc
Certificate

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

38:b1:7a:d4:6a:56:e9:16:d6:fa:b0:bb:cb:33:ff:21:b9:64:7a:fe:74:05:0c:4d:cb:30:88:dc:34:bf:7d:54
Signer

.text
Size: 970KB - Virtual size: 969KB

.rdata
Size: 338KB - Virtual size: 338KB

.data
Size: 19KB - Virtual size: 32KB

.didat
Size: 1024B - Virtual size: 556B

.rsrc
Size: 130KB - Virtual size: 129KB

.reloc
Size: 46KB - Virtual size: 45KB

87:82:52:60:00:00:00:00:51:d3:73:d9
Certificate

10:f4:43:d7:45:35:40:b1:28:17:f6:b7:f5:ac:57:b1
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

87:82:52:60:00:00:00:00:51:d3:73:d9
Certificate

10:f4:43:d7:45:35:40:b1:28:17:f6:b7:f5:ac:57:b1
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

ab:02:05:ee:d1:b7:1b:70:77:8e:0b:0e:a5:00:5b:0a:6b:c6:39:20:d9:30:ea:75:b0:18:32:1e:5f:ab:bd:23
Signer

24:9c:46:99:81:c5:3b:14:4c:22:f2:da:12:74:9b:30:c9:57:20:b3
Signer

.text
Size: 5.6MB - Virtual size: 5.6MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 230KB - Virtual size: 272KB

.rsrc
Size: 856KB - Virtual size: 856KB

.reloc
Size: 339KB - Virtual size: 339KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

09:02:b3:6b:32:51:c3:28:08:3f:77:7c:a0:84:28:ff
Certificate

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

2a:e0:2d:a9:9a:93:b5:7d:07:e8:3c:52:37:d1:6d:fc:58:b7:69:2d:74:51:04:d5:4d:d7:86:55:81:60:7c:62
Signer

.text
Size: 970KB - Virtual size: 969KB

.rdata
Size: 338KB - Virtual size: 338KB

.data
Size: 19KB - Virtual size: 32KB

.didat
Size: 1024B - Virtual size: 556B

.rsrc
Size: 94KB - Virtual size: 94KB

.reloc
Size: 46KB - Virtual size: 45KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

76:ba:94:23:dd:bc:e7:b1:45:a9:5f:01:ee:01:5f:17
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

9f:00:0c:51:67:6e:02:81:99:37:b3:2f:e3:93:b0:0c:3c:48:39:34
Signer