bc0bfb87dff4a19a65cc511006c3740a7b972d9cfa724a2933f5f9c511370374

Sharing

Copy URL Twitter E-mail

General

Target

bc0bfb87dff4a19a65cc511006c3740a7b972d9cfa724a2933f5f9c511370374
Size

7.5MB
MD5

8fd354d8c0261fc9bddb58582a28dce4
SHA1

fcaf2a9d042b296a2062f8d62325899763eadbf6
SHA256

bc0bfb87dff4a19a65cc511006c3740a7b972d9cfa724a2933f5f9c511370374
SHA512

6943beaf00f0201a54149b093f2b791cbf28c2014af28b89efff6923337e6bec0453ac633ea7f2df69625f7ef69e1f25e1ee930bb46a547ae1ea820a8b4b5fa5
SSDEEP

196608:slrLIDUcFkGbr5NxeQux5yCzS4/BmKR0Xwuc:shI4cFVbcQO5yC+MRwO

Score

3^/10

Malware Config

Signatures

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
bc0bfb87dff4a19a65cc511006c3740a7b972d9cfa724a2933f5f9c511370374
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/nsDialogs.dll
unpack002/$PLUGINSDIR/nsExec.dll
unpack003/$PLUGINSDIR/System.dll
unpack003/$PLUGINSDIR/nsDialogs.dll
unpack003/$PLUGINSDIR/nsExec.dll
unpack001/$PLUGINSDIR/LockedList.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack004/$PLUGINSDIR/LockedList.dll
unpack004/$PLUGINSDIR/System.dll
unpack004/$PLUGINSDIR/nsDialogs.dll
unpack004/$PLUGINSDIR/nsExec.dll

Files

bc0bfb87dff4a19a65cc511006c3740a7b972d9cfa724a2933f5f9c511370374
.exe windows:4 windows x86 arch:x86

14b0fecbed4a918c9c5c5d940cc1045e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetFileInfoW
SHBrowseForFolderW
SHFileOperationW
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

DispatchMessageW
wsprintfA
IsWindowVisible
PeekMessageW
wvsprintfW
MessageBoxIndirectW
CharNextA
CharPrevW
GetSystemMetrics
GetDlgItemTextW
SetDlgItemTextW
TrackPopupMenu
CreatePopupMenu
FillRect
CloseClipboard
OpenClipboard
EndPaint
IsDlgButtonChecked
CallWindowProcW
GetMessagePos
LoadCursorW
GetAsyncKeyState
CheckDlgButton
SetWindowPos
SetCursor
GetSysColor
SetClassLongW
GetWindowLongW
IsWindowEnabled
GetWindowRect
GetSystemMenu
EnableMenuItem
RegisterClassW
ScreenToClient
EndDialog
GetClassInfoW
SystemParametersInfoW
CreateWindowExW
ExitWindowsEx
DialogBoxParamW
CharNextW
SetTimer
DestroyWindow
CreateDialogParamW
SetForegroundWindow
SetWindowTextW
PostQuitMessage
SendMessageTimeoutW
ShowWindow
wsprintfW
GetDlgItem
FindWindowExW
IsWindow
GetDC
SetWindowLongW
LoadImageW
InvalidateRect
ReleaseDC
EnableWindow
BeginPaint
SendMessageW
DefWindowProcW
GetClientRect
DrawTextW
SetClipboardData
EmptyClipboard
AppendMenuW

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
MoveFileExW
GetTempFileNameW
lstrcmpiA
WriteFile
CreateProcessW
CreateDirectoryW
RemoveDirectoryW
GlobalLock
GlobalUnlock
CreateThread
WideCharToMultiByte
lstrcpynW
GetDiskFreeSpaceW
SetErrorMode
GetVersionExW
lstrlenW
GetTempPathW
GetWindowsDirectoryW
GetCommandLineW
CopyFileW
ExitProcess
SetEnvironmentVariableW
GetModuleFileNameW
GetFileSize
GetCurrentProcess
GetTickCount
Sleep
CreateFileW
GetFileAttributesW
SetCurrentDirectoryW
SetFileAttributesW
MoveFileW
GetFullPathNameW
GetLastError
SearchPathW
CompareFileTime
GetShortPathNameW
CloseHandle
lstrcmpiW
SetFileTime
ExpandEnvironmentStringsW
GlobalFree
lstrcmpW
GetModuleHandleW
LoadLibraryExW
GlobalAlloc
WritePrivateProfileStringW
GetPrivateProfileStringW
FreeLibrary
lstrcpyA
lstrcatW
ReadFile
MultiByteToWideChar
lstrlenA
FindClose
FindNextFileW
SetFilePointer
DeleteFileW
MulDiv
FindFirstFileW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 140KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$LOCALAPPDATA/SkbKontur/Plugin/4.6.0.855/Kontur.Plugin.IE.dll
.dll regsvr32 windows:5 windows x86 arch:x86

0ee376d666cfaa07607517e709a265fe

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:ba:c3:9e:a5:05:96:2a:a1:4a:2c:bc:e4:43:76:70:8e:42:18:ad:fb:d7:1a:7b:4c:48:e6:c9:71:b2:c0:2c
Signer

Actual PE Digest

25:ba:c3:9e:a5:05:96:2a:a1:4a:2c:bc:e4:43:76:70:8e:42:18:ad:fb:d7:1a:7b:4c:48:e6:c9:71:b2:c0:2c

Digest Algorithm

sha256

PE Digest Matches

true

90:22:45:3f:d0:47:e7:d0:ad:0f:d0:48:c0:e7:92:60:50:66:6f:02
Signer

Actual PE Digest

90:22:45:3f:d0:47:e7:d0:ad:0f:d0:48:c0:e7:92:60:50:66:6f:02

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\gitlab-runner\builds\wU4BcDzV\0\cpp.studio\plugin\build\bin\Release\Kontur.Plugin.IE.pdb

Imports

ws2_32

freeaddrinfo
getaddrinfo
__WSAFDIsSet
ioctlsocket
listen
htonl
select
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
send
recv
closesocket
WSAGetLastError
accept

winhttp

WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpOpen

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wintrust

WinVerifyTrust

kernel32

SetEvent
WaitForSingleObject
WaitForMultipleObjects
WriteFile
ReadFile
CloseHandle
ConnectNamedPipe
CreateEventA
CreateProcessW
CreateNamedPipeA
GetCurrentProcess
GetCurrentThreadId
GetFileSizeEx
SetFilePointerEx
GetSystemTime
LoadLibraryA
CreateFileW
FreeResource
LockResource
MulDiv
FindResourceExA
GetACP
IsValidCodePage
GetCPInfo
IsDBCSLeadByteEx
WideCharToMultiByte
GlobalFree
FlushFileBuffers
SetEndOfFile
GetModuleHandleA
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetTimeZoneInformation
GetShortPathNameW
GetFileAttributesExW
DeleteFileW
ReplaceFileW
GetProcessTimes
GetCommandLineW
GetVersionExW
GetOverlappedResult
InitializeCriticalSection
SleepEx
GetSystemDirectoryA
QueryPerformanceFrequency
GetTickCount
QueryPerformanceCounter
Sleep
MoveFileExA
GetEnvironmentVariableA
VerSetConditionMask
VerifyVersionInfoA
CreateFileA
LoadResource
ReadConsoleW
GetConsoleMode
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
GetFileType
SetStdHandle
VirtualQuery
VirtualProtect
VirtualAlloc
GetSystemInfo
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TerminateProcess
GetCurrentProcessId
InterlockedDecrement
InterlockedIncrement
FormatMessageA
LocalFree
SetThreadLocale
GetThreadLocale
MultiByteToWideChar
FindResourceW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
lstrcmpiW
SetLastError
SizeofResource
TlsAlloc
CreateEventW
GetNativeSystemInfo
GetExitCodeThread
VerifyVersionInfoW
LoadLibraryW
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
ReleaseSemaphore
SetProcessAffinityMask
GetCurrentThread
SwitchToThread
WaitForSingleObjectEx
DuplicateHandle
CreateHardLinkW
MoveFileExW
CopyFileW
CreateDirectoryExW
DeviceIoControl
AreFileApisANSI
GetTempPathW
SetFileTime
SetFileAttributesW
RemoveDirectoryW
GetFullPathNameW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
GetProcAddress
FreeLibrary
DecodePointer
EncodePointer
HeapFree
HeapAlloc
HeapSize
HeapReAlloc
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFullPathNameA
FindFirstFileExA
FindNextFileA
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
SetConsoleCtrlHandler
WriteConsoleW
OutputDebugStringA
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
GetConsoleCP
RtlCaptureStackBackTrace
IsDebuggerPresent
OutputDebugStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
TryEnterCriticalSection
FormatMessageW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileInformationByHandle
VirtualFree

user32

GetUserObjectInformationA
GetProcessWindowStation
GetWindowTextA
ReleaseDC
GetWindowDC
GetDC
DialogBoxIndirectParamA
GetWindowRect
GetClientRect
SetWindowTextA
GetSystemMetrics
EndPaint
BeginPaint
GetForegroundWindow
GetDlgItem
EndDialog
SetWindowPos
MoveWindow
SendMessageA
wsprintfW
LoadStringW
PostMessageW
DestroyWindow
InvalidateRect
RegisterClassExW
DefWindowProcW
CharNextW
UnregisterClassW
CreateWindowExW

gdi32

GetObjectA
GetTextExtentPoint32A
GetDeviceCaps
CreateFontA
CreateDIBitmap
SetTextColor
SelectObject
Rectangle
GetStockObject
DeleteObject
DeleteDC
CreateSolidBrush
CreatePen
CreateCompatibleDC
BitBlt

shell32

SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW

ole32

CoInitializeEx
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
ProgIDFromCLSID

oleaut32

SetErrorInfo
LoadRegTypeLi
SysAllocStringLen
VariantClear
VariantInit
CreateErrorInfo
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysFreeString
SysAllocString
UnRegisterTypeLi

advapi32

ConvertSidToStringSidW
RegOverridePredefKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
DuplicateToken
AccessCheck
OpenProcessToken
MapGenericMask
GetFileSecurityW
RegEnumKeyW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegCloseKey
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
IsValidSid
GetTokenInformation
RegQueryValueExW
RegEnumValueW

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 326KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$LOCALAPPDATA/SkbKontur/Plugin/4.6.0.855/addons/kontur.plugin.service.control.exe
.exe windows:5 windows x86 arch:x86

ee9161c8d7ca9e2ce304800c97258dde

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

b7:75:21:c3:99:fa:a0:b0:d0:8f:13:fa:1c:25:e9:d1:ef:df:58:16:eb:8a:8b:e0:66:7e:b1:6f:dc:5e:e6:ae
Signer

Actual PE Digest

b7:75:21:c3:99:fa:a0:b0:d0:8f:13:fa:1c:25:e9:d1:ef:df:58:16:eb:8a:8b:e0:66:7e:b1:6f:dc:5e:e6:ae

Digest Algorithm

sha256

PE Digest Matches

true

8d:39:50:a3:90:d7:09:c0:cb:2a:f6:c2:8b:00:f4:ac:df:1d:03:cd
Signer

Actual PE Digest

8d:39:50:a3:90:d7:09:c0:cb:2a:f6:c2:8b:00:f4:ac:df:1d:03:cd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\gitlab-runner\builds\wU4BcDzV\0\cpp.studio\plugin\build\bin\Release\kontur.plugin.service.control.pdb

Imports

kernel32

GetFileAttributesExW
GetCurrentProcessId
GetModuleFileNameW
GetCommandLineW
GetVersionExW
FlushFileBuffers
SetEndOfFile
SetFilePointerEx
CreateFileW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
FindNextFileA
FindFirstFileExA
HeapReAlloc
ReadConsoleW
GetConsoleMode
GetModuleHandleA
GetCurrentProcess
WideCharToMultiByte
MultiByteToWideChar
IsDBCSLeadByteEx
GetCPInfo
GetACP
IsValidCodePage
LoadLibraryA
GetProcAddress
CreateFileA
CloseHandle
ReadFile
WriteFile
SetStdHandle
FormatMessageA
GetTickCount
Sleep
GetLastError
LocalFree
SetEnvironmentVariableA
GetProcessHeap
WriteConsoleW
HeapSize
GetFileInformationByHandle
FormatMessageW
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
CreateDirectoryW
FindClose
FindFirstFileExW
GetFileAttributesW
GetTempPathW
AreFileApisANSI
SetLastError
GetModuleHandleW
QueryPerformanceCounter
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
CreateTimerQueue
SetEvent
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
LoadLibraryExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RaiseException
RtlUnwind
GetFileType
ExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
GetStdHandle
GetCommandLineA
HeapAlloc
HeapFree
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP

shell32

SHGetFolderPathW

ole32

CoTaskMemFree

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
GetFileSecurityW
MapGenericMask
OpenProcessToken
AccessCheck
DuplicateToken
StartServiceA
QueryServiceStatusEx
OpenServiceW
OpenSCManagerA
ControlService
CloseServiceHandle

Sections

.text
Size: 390KB - Virtual size: 390KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$LOCALAPPDATA/SkbKontur/Plugin/4.6.0.855/kontur.plugin.assistant.exe
.exe windows:5 windows x86 arch:x86

fd1a5cda163c8e548472fd3dfa8c6290

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:70:e6:6c:73:35:1d:4c:c9:f2:fe:b7:71:f2:19:e6:29:3b:1e:d0:ec:5d:fb:a2:87:1c:cd:64:4d:11:79:37
Signer

Actual PE Digest

7e:70:e6:6c:73:35:1d:4c:c9:f2:fe:b7:71:f2:19:e6:29:3b:1e:d0:ec:5d:fb:a2:87:1c:cd:64:4d:11:79:37

Digest Algorithm

sha256

PE Digest Matches

true

6e:a5:db:2b:05:49:50:a2:a8:1d:fc:13:9e:2e:dd:97:0d:99:0b:0b
Signer

Actual PE Digest

6e:a5:db:2b:05:49:50:a2:a8:1d:fc:13:9e:2e:dd:97:0d:99:0b:0b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\gitlab-runner\builds\wU4BcDzV\0\cpp.studio\plugin\build\bin\Release\kontur.plugin.assistant.pdb

Imports

ws2_32

getaddrinfo
WSAGetLastError
closesocket
freeaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
send
recv

crypt32

CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertCloseStore
CertOpenStore
CertEnumCertificatesInStore

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetDefaultProxyConfiguration
WinHttpOpen
WinHttpGetProxyForUrl

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

GetModuleHandleExW
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetDriveTypeW
SetUnhandledExceptionFilter
CloseHandle
LocalFree
GetLastError
FormatMessageA
CreateEventW
SetErrorMode
FreeLibrary
GetProcAddress
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileSizeEx
ReadFile
SetFilePointerEx
GetSystemTime
LoadLibraryA
CreateFileW
GlobalFree
SetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
GetModuleFileNameA
GetSystemDirectoryA
QueryPerformanceFrequency
GetTickCount
QueryPerformanceCounter
Sleep
MultiByteToWideChar
WideCharToMultiByte
MoveFileExA
WaitForSingleObject
GetEnvironmentVariableA
VerSetConditionMask
VerifyVersionInfoA
CreateFileA
GetTimeZoneInformation
GetProcessTimes
GetModuleFileNameW
GetCommandLineW
GetVersionExW
GetFileAttributesExW
DeleteFileW
ReplaceFileW
GetSystemInfo
VerifyVersionInfoW
WriteFile
FlushFileBuffers
SetEndOfFile
IsValidCodePage
GetACP
GetCPInfo
IsDBCSLeadByteEx
RtlUnwind
LoadLibraryW
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualFree
SetStdHandle
GetModuleHandleA
GetStdHandle
GetConsoleMode
ReadConsoleW
GetConsoleCP
HeapAlloc
HeapFree
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
FindFirstFileExA
FindNextFileA
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
WriteConsoleW
HeapSize
SleepEx
FormatMessageW
GetCurrentDirectoryW
CreateDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileInformationByHandle
GetFullPathNameW
RemoveDirectoryW
GetTempPathW
AreFileApisANSI
GetModuleHandleW
CopyFileW
MoveFileExW
TryEnterCriticalSection
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
GetExitCodeThread
EncodePointer
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
CreateTimerQueue
SetEvent
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
VirtualAlloc
VirtualProtect

user32

wsprintfW
GetSystemMetrics

shell32

SHGetFolderPathW
CommandLineToArgvW

ole32

CoTaskMemFree

advapi32

CryptHashData
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
CryptDestroyHash
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
GetFileSecurityW
MapGenericMask
OpenProcessToken
AccessCheck
DuplicateToken

Sections

.text
Size: 973KB - Virtual size: 973KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 217KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$LOCALAPPDATA/SkbKontur/Plugin/4.6.0.855/kontur.plugin.host.exe
.exe windows:5 windows x86 arch:x86

3d2cdff2ec72434a90bade88bea653f2

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d3:09:b4:60:13:32:74:de:96:a9:b1:56:5c:20:1f:fd:08:5a:66:53:1f:86:1c:6f:9f:49:ec:55:67:d1:da:5a
Signer

Actual PE Digest

d3:09:b4:60:13:32:74:de:96:a9:b1:56:5c:20:1f:fd:08:5a:66:53:1f:86:1c:6f:9f:49:ec:55:67:d1:da:5a

Digest Algorithm

sha256

PE Digest Matches

true

56:8d:6b:f5:69:4f:1e:e8:93:cb:5b:1f:f5:1d:00:46:d8:eb:c2:4f
Signer

Actual PE Digest

56:8d:6b:f5:69:4f:1e:e8:93:cb:5b:1f:f5:1d:00:46:d8:eb:c2:4f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\gitlab-runner\builds\wU4BcDzV\0\cpp.studio\plugin\build\bin\Release\kontur.plugin.host.pdb

Imports

cryptui

CryptUIDlgViewCertificateA
CryptUIDlgSelectCertificateFromStore

ws2_32

htons
connect
setsockopt
getsockopt
getsockname
bind
send
freeaddrinfo
recv
getpeername
closesocket
WSAGetLastError
select
ntohs
socket
WSAIoctl
getaddrinfo
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAStartup
WSASetLastError

crypt32

CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertOpenStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertVerifyCertificateChainPolicy
CryptVerifyMessageSignature
CryptQueryObject
CryptImportPublicKeyInfo
CryptMsgGetParam
CryptMsgClose
CertAlgIdToOID
CryptExportPublicKeyInfo
CryptDecodeObject
CryptEncodeObject
CertDeleteCertificateFromStore
CertGetCertificateContextProperty
CertSetCertificateContextProperty
CertCreateCertificateContext
CertFreeCertificateChain
CertFreeCertificateContext
CertDuplicateCertificateContext
CertCloseStore
CertGetCertificateChain
CertAddCertificateContextToStore
CertFindCertificateInStore
CertEnumCertificatesInStore
CertFindExtension
CryptSignAndEncodeCertificate

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpOpen
WinHttpGetDefaultProxyConfiguration

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wintrust

WinVerifyTrust

winscard

g_rgSCardT1Pci
SCardEstablishContext
SCardReleaseContext
SCardConnectA
SCardDisconnect
SCardTransmit
g_rgSCardT0Pci

mpr

WNetGetUniversalNameW
WNetAddConnection3W

kernel32

GetProcAddress
GetCurrentProcess
GetCurrentThreadId
GetFileSizeEx
SetFilePointerEx
GetSystemTime
LoadLibraryA
CreateFileW
MultiByteToWideChar
Sleep
GetTickCount
GetACP
GetLogicalDriveStringsW
GetDriveTypeW
GetVolumeInformationW
FreeResource
LockResource
LoadResource
MulDiv
FindResourceExA
LocalAlloc
LoadLibraryW
GlobalFree
SetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SleepEx
GetSystemDirectoryA
QueryPerformanceFrequency
QueryPerformanceCounter
WideCharToMultiByte
MoveFileExA
GetEnvironmentVariableA
VerSetConditionMask
VerifyVersionInfoA
CreateFileA
GetTimeZoneInformation
GetSystemInfo
VerifyVersionInfoW
FormatMessageA
GetSystemDirectoryW
GetProcessTimes
GetModuleFileNameW
GetCommandLineW
GetVersionExW
FreeLibrary
GetFileAttributesExW
DeleteFileW
ReplaceFileW
FlushFileBuffers
SetEndOfFile
IsValidCodePage
GetCPInfo
IsDBCSLeadByteEx
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
UnhandledExceptionFilter
OutputDebugStringW
IsDebuggerPresent
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
IsProcessorFeaturePresent
GetModuleHandleExW
QueueUserWorkItem
EncodePointer
CopyFileW
GetModuleHandleW
SetErrorMode
CreateNamedPipeA
CreateProcessW
CreateEventA
ConnectNamedPipe
CloseHandle
ReadFile
WriteFile
WaitForMultipleObjects
WaitForSingleObject
SetEvent
GetOverlappedResult
TerminateProcess
GetCurrentProcessId
SetUnhandledExceptionFilter
GetShortPathNameW
AreFileApisANSI
GetTempPathW
RemoveDirectoryW
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesW
GetDiskFreeSpaceExW
FindNextFileW
FindFirstFileExW
FindClose
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
TryEnterCriticalSection
SetStdHandle
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
LocalFree
DecodePointer
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwind
GetConsoleMode
ReadConsoleW
GetConsoleCP
VirtualQuery
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitThread
ExitProcess
GetModuleFileNameA
GetStdHandle
GetCommandLineA
HeapAlloc
HeapFree
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
WriteConsoleW
HeapReAlloc
HeapSize
FindFirstFileExA
FindNextFileA
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
GetModuleHandleA
GetEnvironmentVariableW
FormatMessageW
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
GetExitCodeThread

user32

GetMessageW
TranslateMessage
DispatchMessageW
GetSystemMetrics
SendMessageW
GetWindowTextA
ReleaseDC
GetWindowDC
GetDC
DialogBoxIndirectParamA
SetWindowTextA
ScreenToClient
GetWindowRect
GetClientRect
InvalidateRect
EndPaint
BeginPaint
IsWindowEnabled
EnableWindow
GetKeyState
SetFocus
GetDlgItem
EndDialog
SetWindowPos
MoveWindow
ShowWindow
SendMessageA
wsprintfW
SetForegroundWindow
GetForegroundWindow
CreateWindowExW
UnregisterClassW
RegisterClassW
PostQuitMessage
DefWindowProcW
PostMessageW

gdi32

GetObjectA
GetTextExtentPoint32A
GetDeviceCaps
CreateFontA
CreateDIBitmap
SetTextColor
SelectObject
Rectangle
GetStockObject
DeleteObject
DeleteDC
CreateSolidBrush
CreatePen
CreateCompatibleDC
BitBlt

shell32

SHGetPathFromIDListW
ShellExecuteExW
SHBrowseForFolderW
SHCreateItemFromParsingName
SHGetFolderPathW

ole32

CoInitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree
CLSIDFromProgID
CoUninitialize

oleaut32

SysAllocString
VariantClear

comdlg32

CommDlgExtendedError
GetSaveFileNameW
GetOpenFileNameW

advapi32

CryptCreateHash
CryptSetHashParam
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
ConvertSidToStringSidW
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
IsValidSid
GetTokenInformation
CryptDecrypt
CryptEncrypt
CryptGenRandom
CryptDuplicateKey
CryptExportKey
CryptSetKeyParam
CryptVerifySignatureA
CryptSignHashA
CryptAcquireContextA
CryptHashData
CryptGetHashParam
CryptContextAddRef
CloseServiceHandle
ControlService
OpenSCManagerA
OpenServiceW
QueryServiceStatusEx
StartServiceA
DuplicateToken
AccessCheck
OpenProcessToken
MapGenericMask
GetFileSecurityW
CryptAcquireContextW
CryptSetProvParam
CryptGetProvParam
CryptDestroyHash
CryptEnumProvidersW
CryptGenKey
CryptGetKeyParam
CryptGetUserKey
CryptImportKey
CryptReleaseContext
CryptDestroyKey

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 685KB - Virtual size: 685KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 129KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 321KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$LOCALAPPDATA/SkbKontur/Plugin/4.6.0.855/kontur.updater.exe
.exe windows:4 windows x86 arch:x86

14b0fecbed4a918c9c5c5d940cc1045e

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:bb:c7:f3:a2:06:d2:05:20:6f:5b:e9:1b:12:78:15:be:03:d1:7b:2c:ce:dd:ca:44:0e:1c:81:23:4b:2f:bb
Signer

Actual PE Digest

06:bb:c7:f3:a2:06:d2:05:20:6f:5b:e9:1b:12:78:15:be:03:d1:7b:2c:ce:dd:ca:44:0e:1c:81:23:4b:2f:bb

Digest Algorithm

sha256

PE Digest Matches

true

45:b9:2a:45:36:26:c2:61:19:aa:e7:9e:1a:ad:83:cd:40:1b:68:31
Signer

Actual PE Digest

45:b9:2a:45:36:26:c2:61:19:aa:e7:9e:1a:ad:83:cd:40:1b:68:31

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetFileInfoW
SHBrowseForFolderW
SHFileOperationW
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

DispatchMessageW
wsprintfA
IsWindowVisible
PeekMessageW
wvsprintfW
MessageBoxIndirectW
CharNextA
CharPrevW
GetSystemMetrics
GetDlgItemTextW
SetDlgItemTextW
TrackPopupMenu
CreatePopupMenu
FillRect
CloseClipboard
OpenClipboard
EndPaint
IsDlgButtonChecked
CallWindowProcW
GetMessagePos
LoadCursorW
GetAsyncKeyState
CheckDlgButton
SetWindowPos
SetCursor
GetSysColor
SetClassLongW
GetWindowLongW
IsWindowEnabled
GetWindowRect
GetSystemMenu
EnableMenuItem
RegisterClassW
ScreenToClient
EndDialog
GetClassInfoW
SystemParametersInfoW
CreateWindowExW
ExitWindowsEx
DialogBoxParamW
CharNextW
SetTimer
DestroyWindow
CreateDialogParamW
SetForegroundWindow
SetWindowTextW
PostQuitMessage
SendMessageTimeoutW
ShowWindow
wsprintfW
GetDlgItem
FindWindowExW
IsWindow
GetDC
SetWindowLongW
LoadImageW
InvalidateRect
ReleaseDC
EnableWindow
BeginPaint
SendMessageW
DefWindowProcW
GetClientRect
DrawTextW
SetClipboardData
EmptyClipboard
AppendMenuW

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
MoveFileExW
GetTempFileNameW
lstrcmpiA
WriteFile
CreateProcessW
CreateDirectoryW
RemoveDirectoryW
GlobalLock
GlobalUnlock
CreateThread
WideCharToMultiByte
lstrcpynW
GetDiskFreeSpaceW
SetErrorMode
GetVersionExW
lstrlenW
GetTempPathW
GetWindowsDirectoryW
GetCommandLineW
CopyFileW
ExitProcess
SetEnvironmentVariableW
GetModuleFileNameW
GetFileSize
GetCurrentProcess
GetTickCount
Sleep
CreateFileW
GetFileAttributesW
SetCurrentDirectoryW
SetFileAttributesW
MoveFileW
GetFullPathNameW
GetLastError
SearchPathW
CompareFileTime
GetShortPathNameW
CloseHandle
lstrcmpiW
SetFileTime
ExpandEnvironmentStringsW
GlobalFree
lstrcmpW
GetModuleHandleW
LoadLibraryExW
GlobalAlloc
WritePrivateProfileStringW
GetPrivateProfileStringW
FreeLibrary
lstrcpyA
lstrcatW
ReadFile
MultiByteToWideChar
lstrlenA
FindClose
FindNextFileW
SetFilePointer
DeleteFileW
MulDiv
FindFirstFileW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 144KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

6b5c4f7d679059f68f1269aad3a5cecd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
lstrcpyW
MulDiv
lstrlenW
HeapFree
GetCurrentDirectoryW
lstrcmpiW
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
SetCurrentDirectoryW
HeapAlloc

user32

DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
GetPropW
CharPrevW
DrawFocusRect
GetWindowLongW
DrawTextW
GetClientRect
SetWindowLongW
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamW
MapDialogRect
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
CharNextW
SendMessageW
MapWindowPoints
RemovePropW
GetWindowTextW

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

c1c7505e1e6e929ebb6b9100e55b050a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
IsTextUnicode

user32

wsprintfW
CharNextExA
SendMessageW
FindWindowExW
CharNextW
CharPrevW

kernel32

CreatePipe
DeleteFileW
lstrcmpiW
GetCommandLineW
ExitProcess
Sleep
TerminateProcess
GlobalReAlloc
MultiByteToWideChar
IsDBCSLeadByteEx
ReadFile
PeekNamedPipe
GetExitCodeProcess
WaitForSingleObject
GetTickCount
lstrcpyW
CreateProcessW
GetStartupInfoW
CreateFileMappingW
GetVersion
GetCurrentProcess
lstrcpynW
lstrlenW
lstrcatW
CloseHandle
UnmapViewOfFile
MapViewOfFile
GlobalFree
CreateFileW
CopyFileW
GetTempFileNameW
GlobalAlloc
GetModuleFileNameW
GetProcAddress
GetModuleHandleA

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
icon.ico
kontur.updater.exe
.exe windows:5 windows x86 arch:x86

bbd5a226895f6325ae0bfda4631c9ac0

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

41:df:a2:0b:32:70:98:8d:31:85:0c:2a:11:93:4f:b2:cd:c0:6d:36:02:6a:d8:1a:a4:ba:10:36:c7:bb:a7:ee
Signer

Actual PE Digest

41:df:a2:0b:32:70:98:8d:31:85:0c:2a:11:93:4f:b2:cd:c0:6d:36:02:6a:d8:1a:a4:ba:10:36:c7:bb:a7:ee

Digest Algorithm

sha256

PE Digest Matches

true

38:ae:07:d3:1f:43:d2:6b:da:1e:f1:3d:15:fd:76:4c:11:aa:dc:63
Signer

Actual PE Digest

38:ae:07:d3:1f:43:d2:6b:da:1e:f1:3d:15:fd:76:4c:11:aa:dc:63

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\buildAgent\work\ce30c20c5b90cdcd\build\build\Release\kontur.updater.pdb

Imports

ws2_32

WSAGetLastError
freeaddrinfo
getaddrinfo
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
send
recv
closesocket
select

winhttp

WinHttpGetDefaultProxyConfiguration
WinHttpOpen
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

GetLastError
FormatMessageA
GetACP
GetProcAddress
LoadLibraryA
IsValidCodePage
GetCPInfo
IsDBCSLeadByteEx
MultiByteToWideChar
WideCharToMultiByte
GetFileSizeEx
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointerEx
CreateFileW
GetCurrentProcessId
VerSetConditionMask
GetSystemInfo
GetModuleHandleA
VerifyVersionInfoW
GetProcessTimes
GetCurrentProcess
GetModuleFileNameW
GetCommandLineW
GetVersionExW
GetShortPathNameW
GetFileAttributesExW
DeleteFileW
ReplaceFileW
CreateMutexW
lstrlenW
GetEnvironmentVariableW
GetSystemDirectoryW
LocalFree
SetUnhandledExceptionFilter
GetCurrentThreadId
GetSystemTime
GetTimeZoneInformation
TerminateProcess
GetExitCodeProcess
WaitForSingleObject
GetStdHandle
DuplicateHandle
CreateProcessW
GetConsoleWindow
SetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SleepEx
GetSystemDirectoryA
QueryPerformanceFrequency
GetTickCount
QueryPerformanceCounter
Sleep
MoveFileExA
GetEnvironmentVariableA
VerifyVersionInfoA
CreateFileA
LoadLibraryW
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
GlobalFree
CloseHandle
SetErrorMode
RtlUnwind
SetStdHandle
GetFileType
GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
GetConsoleMode
ReadConsoleW
GetConsoleCP
HeapFree
HeapAlloc
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
FindFirstFileExA
FindNextFileA
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
WriteConsoleW
HeapSize
FreeLibrary
FormatMessageW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesW
GetFileInformationByHandle
GetFullPathNameW
RemoveDirectoryW
GetTempPathW
AreFileApisANSI
GetModuleHandleW
CopyFileW
MoveFileExW
TryEnterCriticalSection
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
GetExitCodeThread
EncodePointer
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
CreateTimerQueue
SetEvent
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
VirtualAlloc
VirtualProtect
VirtualFree

user32

wsprintfW
GetSystemMetrics

shell32

CommandLineToArgvW
SHGetFolderPathW

advapi32

CryptGenRandom
GetTokenInformation
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
OpenProcessToken

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CertOpenStore
CertAddCertificateContextToStore
CertFindExtension
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CryptDecodeObjectEx

Sections

.text
Size: 1010KB - Virtual size: 1009KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 211KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninstaller.exe
.exe windows:4 windows x86 arch:x86

14b0fecbed4a918c9c5c5d940cc1045e

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:16:71:9b:12:2a:3e:8f:14:8b:de:74:72:af:a5:12:07:01:87:3a:d4:39:68:e8:9a:48:05:f6:5f:78:23:53
Signer

Actual PE Digest

42:16:71:9b:12:2a:3e:8f:14:8b:de:74:72:af:a5:12:07:01:87:3a:d4:39:68:e8:9a:48:05:f6:5f:78:23:53

Digest Algorithm

sha256

PE Digest Matches

true

2d:0b:8d:d9:c2:a6:72:c6:3b:b5:a1:ae:fa:1f:e8:d3:88:07:5d:1e
Signer

Actual PE Digest

2d:0b:8d:d9:c2:a6:72:c6:3b:b5:a1:ae:fa:1f:e8:d3:88:07:5d:1e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetFileInfoW
SHBrowseForFolderW
SHFileOperationW
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

DispatchMessageW
wsprintfA
IsWindowVisible
PeekMessageW
wvsprintfW
MessageBoxIndirectW
CharNextA
CharPrevW
GetSystemMetrics
GetDlgItemTextW
SetDlgItemTextW
TrackPopupMenu
CreatePopupMenu
FillRect
CloseClipboard
OpenClipboard
EndPaint
IsDlgButtonChecked
CallWindowProcW
GetMessagePos
LoadCursorW
GetAsyncKeyState
CheckDlgButton
SetWindowPos
SetCursor
GetSysColor
SetClassLongW
GetWindowLongW
IsWindowEnabled
GetWindowRect
GetSystemMenu
EnableMenuItem
RegisterClassW
ScreenToClient
EndDialog
GetClassInfoW
SystemParametersInfoW
CreateWindowExW
ExitWindowsEx
DialogBoxParamW
CharNextW
SetTimer
DestroyWindow
CreateDialogParamW
SetForegroundWindow
SetWindowTextW
PostQuitMessage
SendMessageTimeoutW
ShowWindow
wsprintfW
GetDlgItem
FindWindowExW
IsWindow
GetDC
SetWindowLongW
LoadImageW
InvalidateRect
ReleaseDC
EnableWindow
BeginPaint
SendMessageW
DefWindowProcW
GetClientRect
DrawTextW
SetClipboardData
EmptyClipboard
AppendMenuW

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
MoveFileExW
GetTempFileNameW
lstrcmpiA
WriteFile
CreateProcessW
CreateDirectoryW
RemoveDirectoryW
GlobalLock
GlobalUnlock
CreateThread
WideCharToMultiByte
lstrcpynW
GetDiskFreeSpaceW
SetErrorMode
GetVersionExW
lstrlenW
GetTempPathW
GetWindowsDirectoryW
GetCommandLineW
CopyFileW
ExitProcess
SetEnvironmentVariableW
GetModuleFileNameW
GetFileSize
GetCurrentProcess
GetTickCount
Sleep
CreateFileW
GetFileAttributesW
SetCurrentDirectoryW
SetFileAttributesW
MoveFileW
GetFullPathNameW
GetLastError
SearchPathW
CompareFileTime
GetShortPathNameW
CloseHandle
lstrcmpiW
SetFileTime
ExpandEnvironmentStringsW
GlobalFree
lstrcmpW
GetModuleHandleW
LoadLibraryExW
GlobalAlloc
WritePrivateProfileStringW
GetPrivateProfileStringW
FreeLibrary
lstrcpyA
lstrcatW
ReadFile
MultiByteToWideChar
lstrlenA
FindClose
FindNextFileW
SetFilePointer
DeleteFileW
MulDiv
FindFirstFileW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 116KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

6b5c4f7d679059f68f1269aad3a5cecd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
lstrcpyW
MulDiv
lstrlenW
HeapFree
GetCurrentDirectoryW
lstrcmpiW
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
SetCurrentDirectoryW
HeapAlloc

user32

DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
GetPropW
CharPrevW
DrawFocusRect
GetWindowLongW
DrawTextW
GetClientRect
SetWindowLongW
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamW
MapDialogRect
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
CharNextW
SendMessageW
MapWindowPoints
RemovePropW
GetWindowTextW

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

c1c7505e1e6e929ebb6b9100e55b050a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
IsTextUnicode

user32

wsprintfW
CharNextExA
SendMessageW
FindWindowExW
CharNextW
CharPrevW

kernel32

CreatePipe
DeleteFileW
lstrcmpiW
GetCommandLineW
ExitProcess
Sleep
TerminateProcess
GlobalReAlloc
MultiByteToWideChar
IsDBCSLeadByteEx
ReadFile
PeekNamedPipe
GetExitCodeProcess
WaitForSingleObject
GetTickCount
lstrcpyW
CreateProcessW
GetStartupInfoW
CreateFileMappingW
GetVersion
GetCurrentProcess
lstrcpynW
lstrlenW
lstrcatW
CloseHandle
UnmapViewOfFile
MapViewOfFile
GlobalFree
CreateFileW
CopyFileW
GetTempFileNameW
GlobalAlloc
GetModuleFileNameW
GetProcAddress
GetModuleHandleA

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$LOCALAPPDATA/SkbKontur/Plugin/4.6.0.855/pkcs11/jcPKCS11-2.dll
.dll windows:6 windows x86 arch:x86

d1c3aa7fd31b908fa9586ee1dfd38c76

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

67:08:79:91:75:51:4b:af:d4:93:6d:e2
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

08/11/2023, 13:34

Not After

21/12/2026, 13:22

Subject

SERIALNUMBER=1027739490415,CN=ALADDIN R.D. AO,O=ALADDIN R.D. AO,STREET=ul Dokukina\, 16 / str 1 et/pom/kom 7/1/22,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:92:17:57:ac:2b:af:e4:26:d4:2f:f8:be:9f:3b:e6:e6:3b:b6:9e:a1:23:59:37:62:42:bd:b8:f6:7d:fb:87
Signer

Actual PE Digest

0c:92:17:57:ac:2b:af:e4:26:d4:2f:f8:be:9f:3b:e6:e6:3b:b6:9e:a1:23:59:37:62:42:bd:b8:f6:7d:fb:87

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\home\jenkins\agent\workspace\common_common_jcPKCS11_2.9.0\_bin\x86\RelWithDebInfo\jcPKCS11-2.pdb

Imports

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

ws2_32

htonl
htons
ntohs
recv
send
WSASetLastError
WSAGetLastError
inet_addr
inet_ntoa
gethostbyaddr
gethostbyname
getservbyport
getservbyname
ioctlsocket
getsockopt
select
ntohl
WSAStartup
WSACleanup
shutdown
socket
setsockopt
connect
closesocket

winscard

SCardControl
SCardReconnect
SCardBeginTransaction
SCardStatusA
SCardTransmit
SCardGetAttrib
g_rgSCardT0Pci
g_rgSCardT1Pci
SCardEstablishContext
SCardReleaseContext
SCardIsValidContext
SCardGetStatusChangeA
SCardCancel
SCardConnectA
SCardDisconnect
SCardListReadersA
SCardAccessStartedEvent
SCardReleaseStartedEvent
SCardEndTransaction

kernel32

GetFullPathNameW
GetCurrentDirectoryW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
HeapSize
HeapReAlloc
HeapAlloc
HeapFree
GetModuleFileNameW
GetCommandLineW
GetCommandLineA
QueryPerformanceFrequency
FreeLibraryAndExitThread
ExitThread
CreateThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
InterlockedFlushSList
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
GetLastError
GetCurrentProcessId
FreeLibrary
GetProcAddress
LoadLibraryA
FreeResource
GetModuleFileNameA
GetModuleHandleExA
LoadResource
LockResource
SizeofResource
FindResourceA
CreateFileA
DeleteFileA
FlushFileBuffers
LockFileEx
ReadFile
GetConsoleCP
UnlockFile
WriteFile
CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexA
OpenMutexA
SetEvent
ResetEvent
CreateEventA
WaitForMultipleObjects
GetCurrentThreadId
TerminateThread
FormatMessageA
GetWindowsDirectoryA
GetFullPathNameA
GetTempPathA
OutputDebugStringA
GetLocalTime
SetLastError
GetSystemTime
SystemTimeToFileTime
GetStdHandle
GetFileType
GetModuleHandleW
MultiByteToWideChar
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SwitchToFiber
DeleteFiber
CreateFiberEx
FindClose
FindFirstFileW
FindNextFileW
WideCharToMultiByte
GetSystemDirectoryA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentVariableW
GetACP
ConvertFiberToThread
ConvertThreadToFiberEx
LoadLibraryW
InterlockedPushEntrySList
RtlUnwind
RaiseException
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
WaitForSingleObjectEx
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetFileAttributesExW
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetEndOfFile
SetStdHandle
SetFilePointer
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
GetLocaleInfoW
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
CreateEventW
CompareStringW
LCMapStringW
WriteConsoleW

user32

IsWindowVisible
GetUserObjectInformationW
GetParent
EnumWindows
MessageBoxW
GetProcessWindowStation
GetWindowThreadProcessId

shell32

SHGetFolderPathA

advapi32

CryptDecrypt
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
DeregisterEventSource
CryptExportKey
CryptGetUserKey
CryptGetProvParam

version

VerQueryValueA

bcrypt

BCryptGenRandom

Exports

Exports

C_CancelFunction
C_CloseAllSessions
C_CloseSession
C_CopyObject
C_CreateObject
C_Decrypt
C_DecryptDigestUpdate
C_DecryptFinal
C_DecryptInit
C_DecryptUpdate
C_DecryptVerifyUpdate
C_DeriveKey
C_DestroyObject
C_Digest
C_DigestEncryptUpdate
C_DigestFinal
C_DigestInit
C_DigestKey
C_DigestUpdate
C_Encrypt
C_EncryptFinal
C_EncryptInit
C_EncryptUpdate
C_Finalize
C_FindObjects
C_FindObjectsFinal
C_FindObjectsInit
C_GenerateKey
C_GenerateKeyPair
C_GenerateRandom
C_GetAttributeValue
C_GetFunctionList
C_GetFunctionStatus
C_GetInfo
C_GetMechanismInfo
C_GetMechanismList
C_GetObjectSize
C_GetOperationState
C_GetSessionInfo
C_GetSlotInfo
C_GetSlotList
C_GetTokenInfo
C_InitPIN
C_InitToken
C_Initialize
C_Login
C_Logout
C_OpenSession
C_SeedRandom
C_SetAttributeValue
C_SetOperationState
C_SetPIN
C_Sign
C_SignEncryptUpdate
C_SignFinal
C_SignInit
C_SignRecover
C_SignRecoverInit
C_SignUpdate
C_UnwrapKey
C_Verify
C_VerifyFinal
C_VerifyInit
C_VerifyRecover
C_VerifyRecoverInit
C_VerifyUpdate
C_WaitForSlotEvent
C_WrapKey
C_jcCtrl
JC_AFT_EnterAndReadPin
JC_AFT_EnterLocalPin
JC_AFT_GetProperties
JC_AFT_GetPublicKey
JC_AFT_GetReaderVersion
JC_AFT_GetSerialNumber
JC_AFT_InitCard
JC_AFT_InitUserPin
JC_AFT_IsCardlessSupported
JC_AFT_ModifyPin
JC_AFT_Personalize
JC_AFT_VerifyPin
JC_AFT_WriteLocalPin
JC_ALO_GetFunctionList
JC_Antifraud
JC_BIO_MANAGER_ChangeResetPIN
JC_BIO_MANAGER_EnrollCancel
JC_BIO_MANAGER_EnrollFinger
JC_BIO_MANAGER_FingersConfigure
JC_BIO_MANAGER_GetAuthCounter
JC_BIO_MANAGER_GetConfig
JC_BIO_MANAGER_ResetBIO
JC_BIO_MANAGER_ResetToFactorySettings
JC_BIO_MANAGER_SetConfig
JC_BIO_MANAGER_SetLimitAuthCounter
JC_BIO_MANAGER_Unlock
JC_CSPContainerExists
JC_CT1_DoTests
JC_CT1_InitPrng
JC_CT1_ReadPinCounters
JC_CT1_SetAttributeValue
JC_CT1_UpgradeVascoFW
JC_CT2_CalcCheckSum
JC_CT2_ChangeSignaturePIN
JC_CT2_GetServiceInformation
JC_CT2_IsPersonalized
JC_CT2_ReadExtInfo
JC_CT2_SetPINPolicy
JC_CT2_SetPUK
JC_CT2_SetSignaturePIN
JC_CheckContainer
JC_Compose_CMS
JC_CreateCertificateRenewal
JC_CreateCertificateRenewal2
JC_CreateCertificateRequest
JC_DSS_Sign
JC_DS_ChangeUserPINByPUK
JC_DS_ReadPinCounters
JC_Decompose_CMS
JC_F2_ChangeSoKey
JC_F2_ClearLog
JC_F2_CreateInitResponse
JC_F2_CreateInitResponse_V2
JC_F2_CreateMountResponse
JC_F2_CreateMountResponseSW
JC_F2_CreateMountResponse_V2
JC_F2_CreateOfflineMountResponse
JC_F2_Deinit
JC_F2_EnableISORewrite
JC_F2_Format
JC_F2_GetDescription
JC_F2_GetExtendedInfo
JC_F2_GetInitChallenge
JC_F2_GetInitChallenge_V2
JC_F2_GetLogSizes
JC_F2_GetLoggingInfo
JC_F2_GetMountChallenge
JC_F2_GetMountChallenge_V2
JC_F2_GetOfflineMountChallenge
JC_F2_GetOwnerInfo
JC_F2_GetSerialNumber
JC_F2_InitAdminToken
JC_F2_InitPartitionKey
JC_F2_InitUserToken
JC_F2_InitUserToken_V2
JC_F2_MountPrivateDisks
JC_F2_ParseBinarySecureLog
JC_F2_ParseSecureLog
JC_F2_ReadCCIDLog
JC_F2_ReadNSDLog
JC_F2_ReadSecureLog
JC_F2_RestoreState
JC_F2_SetAuthorizationKey
JC_F2_SetDescription
JC_F2_SetISOSizes
JC_F2_SetLifeCycle
JC_F2_SetOwnerInfo
JC_F2_SetPINPolicy
JC_F2_SetPUK
JC_F2_StartLogging
JC_F2_StopLogging
JC_F2_UmountPrivateDisks
JC_F2_UnlockHiddenPartition
JC_F2_UpdateFirmwareFinal
JC_F2_UpdateFirmwareInit
JC_F2_UpdateFirmwareWrite
JC_F2_WriteISOAdmin
JC_F2_WriteISOUser
JC_F2_WriteISOUser_V2
JC_F2_WriteLogMessage
JC_F2_WriteSecureLog
JC_Finalize
JC_GetFunctionList
JC_GetISD
JC_GetReaderProperties
JC_GetReaderPropertiesEx
JC_GetTokenInfo
JC_GetVersionInfo
JC_JC3_AppManagerGetSystemInfo
JC_JC3_GetConfigAppletData
JC_JC3_GetConfigAppletParam
JC_JC3_GetConfigAppletSettings
JC_JC3_SetConfigAppletSettings
JC_JCR_GetReaderProperties
JC_JCR_GetReaderPropertiesEx
JC_JCR_WaitForFingerPut
JC_KT2_CalcCheckSum
JC_KT2_ChangeSignaturePIN
JC_KT2_CreateUnlockChallenge
JC_KT2_CreateUnlockResponse
JC_KT2_GetTimeoutUnlockInfo
JC_KT2_InitToken
JC_KT2_IsPersonalized
JC_KT2_ReadExtInfo
JC_KT2_SetSignaturePIN
JC_KT2_SetTimeoutUnlockInfo
JC_KT2_UnlockWithResponse
JC_KT2_UnlockWithTimeout
JC_KeyParametersFromCert
JC_PJ_ChangeAppletKey
JC_PJ_GetCapabilities
JC_PJ_GetInitParams
JC_PJ_GetPinCounters
JC_PJ_GetUserPinPolicy
JC_PJ_InitPIN
JC_PJ_InitToken
JC_PJ_IsPinObsolete
JC_PJ_SetUserPinPolicy
JC_PJ_SetUserPinToBeChanged
JC_PJ_Unlock
JC_PJ_UnlockInit
JC_PKI_BIO_DeleteFinger
JC_PKI_BIO_EnrollPinWithResponse
JC_PKI_BIO_GetBioTicket
JC_PKI_BIO_GetFingerIndexes
JC_PKI_BIO_GetFingerPublicData
JC_PKI_BIO_GetSupported
JC_PKI_BIO_GetSupportedEx
JC_PKI_BIO_SetFingerData
JC_PKI_BIO_SetLibrary
JC_PKI_GetChallenge
JC_PKI_GetComplexity
JC_PKI_GetPINInfo
JC_PKI_GetPinPolicy
JC_PKI_ReadPinCounters
JC_PKI_SetComplexity
JC_PKI_SetPinPolicy
JC_PKI_SetUserPinToBeChanged
JC_PKI_SetUserPinWithResponse
JC_PKI_UnlockUserPIN
JC_PKI_UnlockUserPinWithResponse
JC_PKI_WipeCard
JC_SD_GetMountPoint
JC_SD_SetMountPoint
JC_SE_GetFunctionList
JC_SL_ReadPassword
JC_SL_WritePassword
JC_SWYX_Display
JC_SWYX_Start
JC_SWYX_StartEx
JC_SWYX_Stop
JC_SW_Digest
JC_SW_DigestFinal
JC_SW_DigestInit
JC_SW_DigestUpdate
JC_SW_EncryptDecrypt
JC_SW_EncryptDecryptFinal
JC_SW_EncryptDecryptInit
JC_SW_EncryptDecryptUpdate
JC_SetLabel
JC_SetLog
JC_SetNotificationCallback
JC_VT_IsVirtual
JC_VT_LoadContainer
JC_VT_UnloadContainer
JC_WP_ReadExtInfo
JC_WP_ReadProductionInfo
JC_WP_ReadValue
JC_WaitForSlotEvent
JC_deprecated_0
JC_deprecated_1
JC_deprecated_6
JC_iOS_GetDevFirmwareHardware
JC_iOS_GetLibVersion
TLSCloseConnection
TLSDecodeData
TLSEncodeData
TLSEstablishConnectionBegin
TLSEstablishConnectionContinue
TLSGetPeerCertificate
TLSGetPeerPublicKeyValue
cadesBesCoSign
cadesBesParse
cadesBesSign
cadesBesSignEx
certVerify
checkCertSignature
createCSR
createCSREx
freeBuffer
genCert
genCertEx
getCertificateAttribute
getCertificateInfo
getCertificateInfoEx
lmChangeKey
lmCheckLicensingAppletPresence
lmCreateLicense
lmDeleteLicense
lmFreeBuffer
lmGetProductList
lmGetVendorList
lmLock
lmReadLicense
lmWriteKey
pkcs7Parse
pkcs7ParseEx
pkcs7Sign
pkcs7SignEx
pkcs7TrustedVerifyHW
pkcs7Verify
pkcs7VerifyHW
useHardwareHash
verifyReq
verifyReqEx

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 81KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 221KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$LOCALAPPDATA/SkbKontur/Plugin/4.6.0.855/pkcs11/jckt2.dll
.dll windows:6 windows x86 arch:x86

36d4c377ffd85b3a797f4c451bd057ed

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

67:08:79:91:75:51:4b:af:d4:93:6d:e2
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

08/11/2023, 13:34

Not After

21/12/2026, 13:22

Subject

SERIALNUMBER=1027739490415,CN=ALADDIN R.D. AO,O=ALADDIN R.D. AO,STREET=ul Dokukina\, 16 / str 1 et/pom/kom 7/1/22,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e3:45:88:b9:e9:71:b7:67:1a:b0:a2:62:9a:41:1b:ad:7f:95:f1:08:d8:9b:49:bd:a9:25:32:b3:a1:a3:a7:e1
Signer

Actual PE Digest

e3:45:88:b9:e9:71:b7:67:1a:b0:a2:62:9a:41:1b:ad:7f:95:f1:08:d8:9b:49:bd:a9:25:32:b3:a1:a3:a7:e1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualQuery
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter

advapi32

CryptReleaseContext
CryptAcquireContextA
CryptGenRandom

vcruntime140

memcpy
memmove
__std_type_info_destroy_list
_except_handler4_common
memset

api-ms-win-crt-heap-l1-1-0

malloc
free

api-ms-win-crt-runtime-l1-1-0

_initterm
_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_initterm_e
_seh_filter_dll
_configure_narrow_argv

Exports

Exports

KT2Process

Sections

.text
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$LOCALAPPDATA/SkbKontur/Plugin/4.6.0.855/pkcs11/jckt2.txt
$LOCALAPPDATA/SkbKontur/Plugin/4.6.0.855/pkcs11/jcverify.exe
.exe windows:6 windows x86 arch:x86

13008af082d0dbedaa962fd42bacca00

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:55:34:7e:d5:63:79:5e:23:de:db:ab
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

20/11/2020, 13:22

Not After

21/11/2023, 13:22

Subject

SERIALNUMBER=1027739490415,CN=ALADDIN R.D. AO,O=ALADDIN R.D. AO,STREET=Dokukina street\, 16 / building 1 floor/room/room 7/1/22,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

39:34:9f:f3:63:2d:cb:48:8c:d9:b9:29:41:e4:06:93:5b:f4:10:69:75:91:8b:5f:17:38:44:17:37:db:f8:23
Signer

Actual PE Digest

39:34:9f:f3:63:2d:cb:48:8c:d9:b9:29:41:e4:06:93:5b:f4:10:69:75:91:8b:5f:17:38:44:17:37:db:f8:23

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptReleaseContext
CryptGenRandom
CryptAcquireContextA

winscard

g_rgSCardT1Pci
g_rgSCardT0Pci
SCardTransmit
SCardEndTransaction
SCardBeginTransaction
SCardDisconnect
SCardConnectA
SCardListReadersA
SCardReleaseContext
SCardEstablishContext

kernel32

DecodePointer
WriteConsoleW
SetEndOfFile
HeapReAlloc
HeapSize
CreateFileW
FlushFileBuffers
GetProcessHeap
GetStringTypeW
SetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RaiseException
RtlUnwind
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
CloseHandle
ReadFile
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
GetFileSizeEx
GetTimeZoneInformation
MultiByteToWideChar
WideCharToMultiByte
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW

Sections

.text
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$LOCALAPPDATA/SkbKontur/Plugin/4.6.0.855/pkcs11/jcverify.txt
$LOCALAPPDATA/SkbKontur/Plugin/4.6.0.855/pkcs11/plugin.rtpkcs11ecp.dll
.dll windows:6 windows x86 arch:x86

04b3624ca43a3ceb05fafcc38c4d4474

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:e2:c3:50:6b:60:19:36:fc:8f:d3:fa
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2022, 07:33

Not After

17/11/2024, 09:34

Subject

SERIALNUMBER=1037700094541,CN=Aktiv-Soft Joint-Stock Company,O=Aktiv-Soft Joint-Stock Company,STREET=Sharikopodshipnikovskaya st.\, 1 floor 4 room IX room 11,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:e2:c3:50:6b:60:19:36:fc:8f:d3:fa
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2022, 07:33

Not After

17/11/2024, 09:34

Subject

SERIALNUMBER=1037700094541,CN=Aktiv-Soft Joint-Stock Company,O=Aktiv-Soft Joint-Stock Company,STREET=Sharikopodshipnikovskaya st.\, 1 floor 4 room IX room 11,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

59:25:16:cb:66:a2:e1:d0:35:df:29:92:98:41:ab:91:8e:a8:e2:cd:9c:97:f7:77:29:23:ae:a9:f6:5a:63:20
Signer

Actual PE Digest

59:25:16:cb:66:a2:e1:d0:35:df:29:92:98:41:ab:91:8e:a8:e2:cd:9c:97:f7:77:29:23:ae:a9:f6:5a:63:20

Digest Algorithm

sha256

PE Digest Matches

true

0e:52:86:75:dc:00:68:51:3f:f6:e3:5a:ec:03:66:5e:78:0d:14:79
Signer

Actual PE Digest

0e:52:86:75:dc:00:68:51:3f:f6:e3:5a:ec:03:66:5e:78:0d:14:79

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winscard

SCardCancel
SCardDisconnect
SCardIsValidContext
SCardTransmit
SCardStatusW
SCardEndTransaction
SCardReconnect
SCardBeginTransaction
SCardGetStatusChangeW
SCardConnectW
SCardReleaseContext
SCardEstablishContext
g_rgSCardT1Pci
g_rgSCardRawPci
g_rgSCardT0Pci
SCardReleaseStartedEvent
SCardAccessStartedEvent
SCardFreeMemory
SCardListReadersW

crypt32

CryptProtectData
CryptUnprotectData
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

kernel32

CreateEventW
CloseHandle
WaitForMultipleObjects
SetEvent
GetCurrentProcess
GetCurrentThread
DuplicateHandle
OpenMutexW
OpenFileMappingW
WaitForSingleObject
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
InitializeCriticalSectionEx
GetLastError
DecodePointer
DeleteCriticalSection
LocalFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
Sleep
SetLastError
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
GetFileType
WriteFile
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentVariableW
GetACP
FindClose
FindFirstFileW
FindNextFileW
GetConsoleMode
GetConsoleOutputCP
ReadConsoleA
ReadConsoleW
CreateMutexW
LoadLibraryA
FreeLibrary
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
QueryPerformanceFrequency
GetExitCodeThread
GetStringTypeW
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SetEndOfFile
EncodePointer
LCMapStringEx
GetCPInfo
OutputDebugStringW
RaiseException
FlushFileBuffers
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
SetFilePointerEx
GetFileSizeEx
SetStdHandle
GetCurrentDirectoryW
GetFullPathNameW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetConsoleMode
SleepConditionVariableSRW
LCMapStringW
CompareStringW
RtlUnwind
InterlockedFlushSList
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
SetConsoleCtrlHandler
ReadFile
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetModuleFileNameW
HeapFree
HeapAlloc

user32

GetProcessWindowStation
MessageBoxW
GetUserObjectInformationW

advapi32

CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
IsTextUnicode
GetTokenInformation
OpenProcessToken
OpenThreadToken

bcrypt

BCryptGenRandom

Exports

Exports

C_CancelFunction
C_CloseAllSessions
C_CloseSession
C_CopyObject
C_CreateObject
C_Decrypt
C_DecryptDigestUpdate
C_DecryptFinal
C_DecryptInit
C_DecryptUpdate
C_DecryptVerifyUpdate
C_DeriveKey
C_DestroyObject
C_Digest
C_DigestEncryptUpdate
C_DigestFinal
C_DigestInit
C_DigestKey
C_DigestUpdate
C_EX_ChangeVolumeAttributes
C_EX_CreateCSR
C_EX_FormatDrive
C_EX_FreeBuffer
C_EX_GenerateActivationPassword
C_EX_GetCertificateInfoText
C_EX_GetDriveSize
C_EX_GetFunctionListExtended
C_EX_GetJournal
C_EX_GetLicense
C_EX_GetTokenInfoExtended
C_EX_GetTokenName
C_EX_GetVolumesInfo
C_EX_InitToken
C_EX_LoadActivationKey
C_EX_PKCS7Sign
C_EX_PKCS7Verify
C_EX_PKCS7VerifyFinal
C_EX_PKCS7VerifyInit
C_EX_PKCS7VerifyUpdate
C_EX_SetActivationPassword
C_EX_SetLicense
C_EX_SetLocalPIN
C_EX_SetTokenName
C_EX_SignInvisible
C_EX_SignInvisibleInit
C_EX_SlotManage
C_EX_Stub
C_EX_TokenManage
C_EX_UnblockUserPIN
C_EX_UnwrapKey
C_EX_WrapKey
C_Encrypt
C_EncryptFinal
C_EncryptInit
C_EncryptUpdate
C_Finalize
C_FindObjects
C_FindObjectsFinal
C_FindObjectsInit
C_GenerateKey
C_GenerateKeyPair
C_GenerateRandom
C_GetAttributeValue
C_GetFunctionList
C_GetFunctionStatus
C_GetInfo
C_GetMechanismInfo
C_GetMechanismList
C_GetObjectSize
C_GetOperationState
C_GetSessionInfo
C_GetSlotInfo
C_GetSlotList
C_GetTokenInfo
C_InitPIN
C_InitToken
C_Initialize
C_Login
C_Logout
C_OpenSession
C_SeedRandom
C_SetAttributeValue
C_SetOperationState
C_SetPIN
C_Sign
C_SignEncryptUpdate
C_SignFinal
C_SignInit
C_SignRecover
C_SignRecoverInit
C_SignUpdate
C_UnwrapKey
C_Verify
C_VerifyFinal
C_VerifyInit
C_VerifyRecover
C_VerifyRecoverInit
C_VerifyUpdate
C_WaitForSlotEvent
C_WrapKey

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 878KB - Virtual size: 878KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$LOCALAPPDATA/SkbKontur/Plugin/ff_manifest.json
$LOCALAPPDATA/SkbKontur/Plugin/manifest.json
$PLUGINSDIR/LockedList.dll
.dll windows:5 windows x86 arch:x86

e68e7ec0ca04b3c03f32af2b2809bbc9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Projects\tools\locked-list\Plugins\x86-unicode\LockedList.pdb

Imports

comctl32

ImageList_Create
ImageList_ReplaceIcon

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shlwapi

PathAppendW
PathRemoveFileSpecW
PathFileExistsW

kernel32

SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetCurrentProcess
lstrlenW
TerminateProcess
GetModuleFileNameW
WaitForMultipleObjects
WaitForSingleObject
LocalAlloc
CreateFileW
OpenProcess
GetExitCodeThread
Sleep
GetLastError
lstrcatW
GlobalAlloc
GlobalFree
CloseHandle
CreateThread
LocalFree
GetCurrentProcessId
GetModuleHandleW
lstrcpyW
lstrcmpiW
lstrcmpW
lstrcpynW
MultiByteToWideChar
WideCharToMultiByte
QueryDosDeviceW
DuplicateHandle
GetVersion
CreateEventW
SetEvent
TerminateThread
LoadLibraryW
ResetEvent
GetProcAddress
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
LCMapStringW
HeapFree
HeapAlloc
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
DecodePointer
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
SetLastError
WriteConsoleW
GetStringTypeW
InterlockedFlushSList
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind

user32

GetMessageW
CreateDialogParamW
CharLowerW
PostMessageW
GetWindowRect
SendMessageTimeoutW
DestroyWindow
SetWindowPos
MessageBoxW
SetActiveWindow
CreateWindowExW
ScreenToClient
SendMessageW
GetSystemMetrics
SetWindowTextW
CreatePopupMenu
MsgWaitForMultipleObjects
TrackPopupMenu
ShowWindow
IsWindow
GetWindow
DispatchMessageW
IsDialogMessageW
DestroyIcon
CloseClipboard
EmptyClipboard
PeekMessageW
MapWindowPoints
MoveWindow
DestroyMenu
TranslateMessage
GetClassNameW
SetClipboardData
SetCursor
wsprintfW
SetWindowLongW
GetClientRect
GetDlgItem
AppendMenuW
LoadImageW
SetCursorPos
GetCursorPos
EnableWindow
GetWindowTextW
GetWindowThreadProcessId
EnumWindows
GetWindowLongW
OpenClipboard
CallWindowProcW

advapi32

OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

ShellExecuteExW
ExtractIconExW

Exports

Exports

AddApplications
AddCaption
AddClass
AddCustom
AddFile
AddFolder
AddModule
CloseProcess
Dialog
EnumProcesses
FindProcess
InitDialog
IsFileLocked
Show
SilentPercentComplete
SilentSearch
SilentWait

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

6b5c4f7d679059f68f1269aad3a5cecd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
lstrcpyW
MulDiv
lstrlenW
HeapFree
GetCurrentDirectoryW
lstrcmpiW
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
SetCurrentDirectoryW
HeapAlloc

user32

DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
GetPropW
CharPrevW
DrawFocusRect
GetWindowLongW
DrawTextW
GetClientRect
SetWindowLongW
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamW
MapDialogRect
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
CharNextW
SendMessageW
MapWindowPoints
RemovePropW
GetWindowTextW

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

c1c7505e1e6e929ebb6b9100e55b050a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
IsTextUnicode

user32

wsprintfW
CharNextExA
SendMessageW
FindWindowExW
CharNextW
CharPrevW

kernel32

CreatePipe
DeleteFileW
lstrcmpiW
GetCommandLineW
ExitProcess
Sleep
TerminateProcess
GlobalReAlloc
MultiByteToWideChar
IsDBCSLeadByteEx
ReadFile
PeekNamedPipe
GetExitCodeProcess
WaitForSingleObject
GetTickCount
lstrcpyW
CreateProcessW
GetStartupInfoW
CreateFileMappingW
GetVersion
GetCurrentProcess
lstrcpynW
lstrlenW
lstrcatW
CloseHandle
UnmapViewOfFile
MapViewOfFile
GlobalFree
CreateFileW
CopyFileW
GetTempFileNameW
GlobalAlloc
GetModuleFileNameW
GetProcAddress
GetModuleHandleA

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
icon.ico
uninstaller.exe
.exe windows:4 windows x86 arch:x86

14b0fecbed4a918c9c5c5d940cc1045e

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:f0:e5:80:cd:2f:26:44:f0:1a:2a:79:2d:11:c8:56:5e:bf:59:46:b9:b6:d8:04:e9:c5:8d:59:ea:ad:ca:9a
Signer

Actual PE Digest

01:f0:e5:80:cd:2f:26:44:f0:1a:2a:79:2d:11:c8:56:5e:bf:59:46:b9:b6:d8:04:e9:c5:8d:59:ea:ad:ca:9a

Digest Algorithm

sha256

PE Digest Matches

true

1d:96:a5:5b:d3:5b:36:d3:b2:ce:c9:83:b8:c3:86:c0:2b:1c:46:a3
Signer

Actual PE Digest

1d:96:a5:5b:d3:5b:36:d3:b2:ce:c9:83:b8:c3:86:c0:2b:1c:46:a3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetFileInfoW
SHBrowseForFolderW
SHFileOperationW
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

DispatchMessageW
wsprintfA
IsWindowVisible
PeekMessageW
wvsprintfW
MessageBoxIndirectW
CharNextA
CharPrevW
GetSystemMetrics
GetDlgItemTextW
SetDlgItemTextW
TrackPopupMenu
CreatePopupMenu
FillRect
CloseClipboard
OpenClipboard
EndPaint
IsDlgButtonChecked
CallWindowProcW
GetMessagePos
LoadCursorW
GetAsyncKeyState
CheckDlgButton
SetWindowPos
SetCursor
GetSysColor
SetClassLongW
GetWindowLongW
IsWindowEnabled
GetWindowRect
GetSystemMenu
EnableMenuItem
RegisterClassW
ScreenToClient
EndDialog
GetClassInfoW
SystemParametersInfoW
CreateWindowExW
ExitWindowsEx
DialogBoxParamW
CharNextW
SetTimer
DestroyWindow
CreateDialogParamW
SetForegroundWindow
SetWindowTextW
PostQuitMessage
SendMessageTimeoutW
ShowWindow
wsprintfW
GetDlgItem
FindWindowExW
IsWindow
GetDC
SetWindowLongW
LoadImageW
InvalidateRect
ReleaseDC
EnableWindow
BeginPaint
SendMessageW
DefWindowProcW
GetClientRect
DrawTextW
SetClipboardData
EmptyClipboard
AppendMenuW

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
MoveFileExW
GetTempFileNameW
lstrcmpiA
WriteFile
CreateProcessW
CreateDirectoryW
RemoveDirectoryW
GlobalLock
GlobalUnlock
CreateThread
WideCharToMultiByte
lstrcpynW
GetDiskFreeSpaceW
SetErrorMode
GetVersionExW
lstrlenW
GetTempPathW
GetWindowsDirectoryW
GetCommandLineW
CopyFileW
ExitProcess
SetEnvironmentVariableW
GetModuleFileNameW
GetFileSize
GetCurrentProcess
GetTickCount
Sleep
CreateFileW
GetFileAttributesW
SetCurrentDirectoryW
SetFileAttributesW
MoveFileW
GetFullPathNameW
GetLastError
SearchPathW
CompareFileTime
GetShortPathNameW
CloseHandle
lstrcmpiW
SetFileTime
ExpandEnvironmentStringsW
GlobalFree
lstrcmpW
GetModuleHandleW
LoadLibraryExW
GlobalAlloc
WritePrivateProfileStringW
GetPrivateProfileStringW
FreeLibrary
lstrcpyA
lstrcatW
ReadFile
MultiByteToWideChar
lstrlenA
FindClose
FindNextFileW
SetFilePointer
DeleteFileW
MulDiv
FindFirstFileW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 116KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LockedList.dll
.dll windows:5 windows x86 arch:x86

e68e7ec0ca04b3c03f32af2b2809bbc9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Projects\tools\locked-list\Plugins\x86-unicode\LockedList.pdb

Imports

comctl32

ImageList_Create
ImageList_ReplaceIcon

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shlwapi

PathAppendW
PathRemoveFileSpecW
PathFileExistsW

kernel32

SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetCurrentProcess
lstrlenW
TerminateProcess
GetModuleFileNameW
WaitForMultipleObjects
WaitForSingleObject
LocalAlloc
CreateFileW
OpenProcess
GetExitCodeThread
Sleep
GetLastError
lstrcatW
GlobalAlloc
GlobalFree
CloseHandle
CreateThread
LocalFree
GetCurrentProcessId
GetModuleHandleW
lstrcpyW
lstrcmpiW
lstrcmpW
lstrcpynW
MultiByteToWideChar
WideCharToMultiByte
QueryDosDeviceW
DuplicateHandle
GetVersion
CreateEventW
SetEvent
TerminateThread
LoadLibraryW
ResetEvent
GetProcAddress
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
LCMapStringW
HeapFree
HeapAlloc
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
DecodePointer
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
SetLastError
WriteConsoleW
GetStringTypeW
InterlockedFlushSList
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind

user32

GetMessageW
CreateDialogParamW
CharLowerW
PostMessageW
GetWindowRect
SendMessageTimeoutW
DestroyWindow
SetWindowPos
MessageBoxW
SetActiveWindow
CreateWindowExW
ScreenToClient
SendMessageW
GetSystemMetrics
SetWindowTextW
CreatePopupMenu
MsgWaitForMultipleObjects
TrackPopupMenu
ShowWindow
IsWindow
GetWindow
DispatchMessageW
IsDialogMessageW
DestroyIcon
CloseClipboard
EmptyClipboard
PeekMessageW
MapWindowPoints
MoveWindow
DestroyMenu
TranslateMessage
GetClassNameW
SetClipboardData
SetCursor
wsprintfW
SetWindowLongW
GetClientRect
GetDlgItem
AppendMenuW
LoadImageW
SetCursorPos
GetCursorPos
EnableWindow
GetWindowTextW
GetWindowThreadProcessId
EnumWindows
GetWindowLongW
OpenClipboard
CallWindowProcW

advapi32

OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

ShellExecuteExW
ExtractIconExW

Exports

Exports

AddApplications
AddCaption
AddClass
AddCustom
AddFile
AddFolder
AddModule
CloseProcess
Dialog
EnumProcesses
FindProcess
InitDialog
IsFileLocked
Show
SilentPercentComplete
SilentSearch
SilentWait

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

6b5c4f7d679059f68f1269aad3a5cecd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
lstrcpyW
MulDiv
lstrlenW
HeapFree
GetCurrentDirectoryW
lstrcmpiW
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
SetCurrentDirectoryW
HeapAlloc

user32

DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
GetPropW
CharPrevW
DrawFocusRect
GetWindowLongW
DrawTextW
GetClientRect
SetWindowLongW
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamW
MapDialogRect
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
CharNextW
SendMessageW
MapWindowPoints
RemovePropW
GetWindowTextW

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

c1c7505e1e6e929ebb6b9100e55b050a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
IsTextUnicode

user32

wsprintfW
CharNextExA
SendMessageW
FindWindowExW
CharNextW
CharPrevW

kernel32

CreatePipe
DeleteFileW
lstrcmpiW
GetCommandLineW
ExitProcess
Sleep
TerminateProcess
GlobalReAlloc
MultiByteToWideChar
IsDBCSLeadByteEx
ReadFile
PeekNamedPipe
GetExitCodeProcess
WaitForSingleObject
GetTickCount
lstrcpyW
CreateProcessW
GetStartupInfoW
CreateFileMappingW
GetVersion
GetCurrentProcess
lstrcpynW
lstrlenW
lstrcatW
CloseHandle
UnmapViewOfFile
MapViewOfFile
GlobalFree
CreateFileW
CopyFileW
GetTempFileNameW
GlobalAlloc
GetModuleFileNameW
GetProcAddress
GetModuleHandleA

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

14b0fecbed4a918c9c5c5d940cc1045e

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 6KB - Virtual size: 139KB

.ndata Size: - Virtual size: 140KB

.rsrc Size: 23KB - Virtual size: 23KB

0ee376d666cfaa07607517e709a265fe

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ceCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ceCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

25:ba:c3:9e:a5:05:96:2a:a1:4a:2c:bc:e4:43:76:70:8e:42:18:ad:fb:d7:1a:7b:4c:48:e6:c9:71:b2:c0:2cSigner

90:22:45:3f:d0:47:e7:d0:ad:0f:d0:48:c0:e7:92:60:50:66:6f:02Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

winhttp

version

wintrust

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

crypt32

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 326KB - Virtual size: 325KB

.data Size: 38KB - Virtual size: 60KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 79KB - Virtual size: 79KB

ee9161c8d7ca9e2ce304800c97258dde

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 6KB - Virtual size: 139KB

.ndata
Size: - Virtual size: 140KB

.rsrc
Size: 23KB - Virtual size: 23KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

25:ba:c3:9e:a5:05:96:2a:a1:4a:2c:bc:e4:43:76:70:8e:42:18:ad:fb:d7:1a:7b:4c:48:e6:c9:71:b2:c0:2c
Signer

90:22:45:3f:d0:47:e7:d0:ad:0f:d0:48:c0:e7:92:60:50:66:6f:02
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 326KB - Virtual size: 325KB

.data
Size: 38KB - Virtual size: 60KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 79KB - Virtual size: 79KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

b7:75:21:c3:99:fa:a0:b0:d0:8f:13:fa:1c:25:e9:d1:ef:df:58:16:eb:8a:8b:e0:66:7e:b1:6f:dc:5e:e6:ae
Signer

8d:39:50:a3:90:d7:09:c0:cb:2a:f6:c2:8b:00:f4:ac:df:1d:03:cd
Signer

.text
Size: 390KB - Virtual size: 390KB

.rdata
Size: 117KB - Virtual size: 116KB

.data
Size: 17KB - Virtual size: 35KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 24KB - Virtual size: 23KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

7e:70:e6:6c:73:35:1d:4c:c9:f2:fe:b7:71:f2:19:e6:29:3b:1e:d0:ec:5d:fb:a2:87:1c:cd:64:4d:11:79:37
Signer

6e:a5:db:2b:05:49:50:a2:a8:1d:fc:13:9e:2e:dd:97:0d:99:0b:0b
Signer