Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc
Overview
overview
7Static
static
7b7035a91ef...18.exe
windows7-x64
7b7035a91ef...18.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3$TEMP/DIFxAPI.dll
windows7-x64
3$TEMP/DIFxAPI.dll
windows10-2004-x64
3$TEMP/casetup32.exe
windows7-x64
3$TEMP/casetup32.exe
windows10-2004-x64
3$TEMP/iprd.dll
windows7-x64
3$TEMP/iprd.dll
windows10-2004-x64
3$TEMP/runtime.msi
windows7-x64
6$TEMP/runtime.msi
windows10-2004-x64
6$TEMP/utilplg.dll
windows7-x64
7$TEMP/utilplg.dll
windows10-2004-x64
72.0.17/agent.exe
windows7-x64
72.0.17/agent.exe
windows10-2004-x64
72.0.17/creport.exe
windows7-x64
72.0.17/creport.exe
windows10-2004-x64
72.0.17/dcf.dll
windows7-x64
72.0.17/dcf.dll
windows10-2004-x64
72.0.17/dcm.dll
windows7-x64
32.0.17/dcm.dll
windows10-2004-x64
32.0.17/det.dll
windows7-x64
32.0.17/det.dll
windows10-2004-x64
32.0.17/dhr.dll
windows7-x64
72.0.17/dhr.dll
windows10-2004-x64
72.0.17/dmz.dll
windows7-x64
72.0.17/dmz.dll
windows10-2004-x64
7Behavioral task
behavioral1
Sample
b7035a91ef98e3361d3e0943b7761abc_JaffaCakes118.exe
Resource
win7-20240708-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
b7035a91ef98e3361d3e0943b7761abc_JaffaCakes118.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240704-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240708-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240708-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral8
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral9
Sample
$TEMP/DIFxAPI.dll
Resource
win7-20240705-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral10
Sample
$TEMP/DIFxAPI.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral11
Sample
$TEMP/casetup32.exe
Resource
win7-20240704-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral12
Sample
$TEMP/casetup32.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral13
Sample
$TEMP/iprd.dll
Resource
win7-20240708-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral14
Sample
$TEMP/iprd.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral15
Sample
$TEMP/runtime.msi
Resource
win7-20240708-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral16
Sample
$TEMP/runtime.msi
Resource
win10v2004-20240802-en
windows10-2004-x64
5 signatures
150 seconds
Behavioral task
behavioral17
Sample
$TEMP/utilplg.dll
Resource
win7-20240704-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral18
Sample
$TEMP/utilplg.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
4 signatures
150 seconds
Behavioral task
behavioral19
Sample
2.0.17/agent.exe
Resource
win7-20240705-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral20
Sample
2.0.17/agent.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral21
Sample
2.0.17/creport.exe
Resource
win7-20240708-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral22
Sample
2.0.17/creport.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral23
Sample
2.0.17/dcf.dll
Resource
win7-20240704-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral24
Sample
2.0.17/dcf.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
4 signatures
150 seconds
Behavioral task
behavioral25
Sample
2.0.17/dcm.dll
Resource
win7-20240708-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral26
Sample
2.0.17/dcm.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral27
Sample
2.0.17/det.dll
Resource
win7-20240705-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral28
Sample
2.0.17/det.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral29
Sample
2.0.17/dhr.dll
Resource
win7-20240704-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral30
Sample
2.0.17/dhr.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
4 signatures
150 seconds
Behavioral task
behavioral31
Sample
2.0.17/dmz.dll
Resource
win7-20240704-en
windows7-x64
3 signatures
150 seconds
General
-
Target
b7035a91ef98e3361d3e0943b7761abc_JaffaCakes118
-
Size
5.3MB
-
MD5
b7035a91ef98e3361d3e0943b7761abc
-
SHA1
9289c724a749bb02c4f0a4384861ab55f724114c
-
SHA256
d5496d4ae2c62d627aba1c04d3ace6c78d93ace1a30864aab773b6fbb7f1435f
-
SHA512
b4270c8f44884f1f7a43f4c1af87cd91275d87ac3198ca493d0d52b3187f38c0c3f0e867a39d1561bddc8bad0c41636f7874ba9f52311073cfbf88dccbb02f1a
-
SSDEEP
98304:5AkpIEj7yZlv+lfVbd0oP/+bcTvJh65NnE6hPfjA8SXBnEgPvwIfXIdRP/FUehw:5AkPI+ldbdtP/+yBh4hj9SX5bPvw6KPC
Score
7/10
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 10 IoCs
Detects file using ACProtect software.
resource yara_rule static1/unpack001/$TEMP/utilplg.dll acprotect static1/unpack001/2.0.17/dcf.dll acprotect static1/unpack001/2.0.17/dmz.dll acprotect static1/unpack001/2.0.17/dqr.dll acprotect static1/unpack001/2.0.17/drs.dll acprotect static1/unpack001/2.0.17/dsl.dll acprotect static1/unpack001/2.0.17/dsp.dll acprotect static1/unpack001/2.0.17/dti.dll acprotect static1/unpack001/2.0.17/dut.dll acprotect static1/unpack001/2.0.17/dxm.dll acprotect -
resource yara_rule static1/unpack001/$TEMP/utilplg.dll upx static1/unpack001/2.0.17/creport.exe upx static1/unpack001/2.0.17/dcf.dll upx static1/unpack001/2.0.17/dmz.dll upx static1/unpack001/2.0.17/dqr.dll upx static1/unpack001/2.0.17/drs.dll upx static1/unpack001/2.0.17/dsl.dll upx static1/unpack001/2.0.17/dsp.dll upx static1/unpack001/2.0.17/dti.dll upx static1/unpack001/2.0.17/dut.dll upx static1/unpack001/2.0.17/dxm.dll upx static1/unpack001/2.0.17/updater.exe upx -
Unsigned PE 20 IoCs
Checks for missing Authenticode signature.
resource b7035a91ef98e3361d3e0943b7761abc_JaffaCakes118 unpack001/$PLUGINSDIR/System.dll unpack001/$PLUGINSDIR/nsDialogs.dll unpack001/$PLUGINSDIR/nsExec.dll unpack002/out.upx unpack003/out.upx unpack004/out.upx unpack005/out.upx unpack006/out.upx unpack001/2.0.17/dre.dll unpack007/out.upx unpack008/out.upx unpack009/out.upx unpack001/tetra/avxdisk.dll unpack001/tetra/driverctrl.exe unpack001/tetra/profos.dll unpack001/tetra/profos.sys unpack001/tetra/setloadorder.exe unpack001/tetra/trufos.dll unpack001/tetra/trufos.sys
Files
-
b7035a91ef98e3361d3e0943b7761abc_JaffaCakes118.exe windows:5 windows x86 arch:x86
b729b61eb1515fcf7b3e511e4e66258b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA
user32
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow
gdi32
SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject
shell32
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation
advapi32
RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW
comctl32
ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create
ole32
CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance
version
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
Sections
.text Size: 25KB - Virtual size: 24KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 409KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 1.7MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/System.dll.dll windows:5 windows x86 arch:x86
039bcbc605477e8e87ec550c2e60e748
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary
user32
wsprintfW
ole32
CLSIDFromString
StringFromGUID2
Exports
Exports
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 963B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 64B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 588B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/leftblue.bmp
-
$PLUGINSDIR/leftgrey.bmp
-
$PLUGINSDIR/modern-header.bmp
-
$PLUGINSDIR/nsDialogs.dll.dll windows:5 windows x86 arch:x86
9ea5bdc8c90dfcffe309465c26c89758
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree
user32
LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW
gdi32
SetTextColor
shell32
SHGetPathFromIDListW
SHBrowseForFolderW
comdlg32
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW
ole32
CoTaskMemFree
Exports
Exports
Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 48B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 152B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 590B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/nsExec.dll.dll windows:5 windows x86 arch:x86
8700d0ebbb41c81ea52718af1ab70a93
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
lstrcpyW
MultiByteToWideChar
lstrlenA
lstrcmpiW
lstrlenW
ExitProcess
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
lstrcpynW
GetCommandLineW
Sleep
TerminateProcess
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
GetModuleHandleW
GetTickCount
GetStartupInfoW
CreatePipe
GetVersionExW
GlobalLock
DeleteFileW
lstrcatW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
CopyFileW
GetTempFileNameW
GlobalFree
GlobalAlloc
GetModuleFileNameW
GetProcAddress
PeekNamedPipe
GetCurrentProcess
user32
CharPrevW
CharNextW
SendMessageW
FindWindowExW
wsprintfW
advapi32
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
Exports
Exports
Exec
ExecToLog
ExecToStack
Sections
.text Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 454B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/rightblue.bmp
-
$PLUGINSDIR/rightgrey.bmp
-
$PLUGINSDIR/select.bmp
-
$PLUGINSDIR/trialfreefeatures.bmp
-
$PLUGINSDIR/trialplusfeatures.bmp
-
$TEMP/DIFxAPI.dll.dll windows:6 windows x86 arch:x86
c8bb176aa316a8a34b7e7e1439c67e13
Code Sign
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before04/12/2003, 00:00Not After03/12/2008, 23:59SubjectCN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before10/01/1997, 07:00Not After31/12/2020, 07:00SubjectCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before11/10/2005, 21:55Not After26/04/2010, 07:00SubjectCN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign
61:10:c3:52:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before11/10/2005, 23:24Not After11/01/2007, 23:34SubjectCN=Microsoft Windows Component Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
26:98:6b:1f:23:b8:07:df:c1:05:57:1b:9c:b8:b1:59:1a:1f:7c:a1Signer
Actual PE Digest26:98:6b:1f:23:b8:07:df:c1:05:57:1b:9c:b8:b1:59:1a:1f:7c:a1Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
DIFXAPI.pdb
Imports
ntdll
RtlUnwind
RtlNtStatusToDosError
VerSetConditionMask
kernel32
VerifyVersionInfoW
GetVersionExW
lstrlenW
FreeLibrary
GetProcAddress
LoadLibraryW
DeleteFileW
SetFileAttributesW
GetEnvironmentVariableW
CompareStringW
GetFileAttributesW
MoveFileExW
GetTempFileNameW
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
CreateFileW
GetSystemWindowsDirectoryW
MultiByteToWideChar
WideCharToMultiByte
GetFullPathNameW
CopyFileW
LocalFree
RemoveDirectoryW
FindClose
FindNextFileW
lstrcmpW
FindFirstFileW
CreateDirectoryW
LocalReAlloc
LocalAlloc
GetProcessHeap
ReleaseMutex
GetSystemDirectoryW
DeviceIoControl
WaitForSingleObject
CreateMutexW
GetSystemTimeAsFileTime
Sleep
RaiseException
GetVersionExA
HeapSize
GetCommandLineA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetModuleHandleA
ExitProcess
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WriteFile
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
LoadLibraryA
SetFilePointer
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CreateFileA
GetThreadLocale
WaitForMultipleObjects
InterlockedCompareExchange
SetEvent
CreateEventW
SetEndOfFile
SetLastError
InterlockedExchange
lstrcmpiW
InterlockedDecrement
GetLastError
InterlockedIncrement
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
HeapFree
HeapReAlloc
EnterCriticalSection
HeapAlloc
LeaveCriticalSection
HeapDestroy
GetModuleHandleW
DeleteCriticalSection
GetModuleFileNameA
OutputDebugStringA
HeapCreate
InitializeCriticalSection
TlsGetValue
user32
UnregisterClassA
CharLowerW
CharPrevW
setupapi
CM_Query_And_Remove_SubTreeW
SetupDiSetDeviceRegistryPropertyW
SetupQueueCopyIndirectW
SetupDiCallClassInstaller
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiSetSelectedDevice
SetupDiOpenDeviceInfoW
SetupDiOpenDevRegKey
SetupDiGetDeviceInstanceIdW
SetupDiCreateDeviceInfoList
SetupDiGetDriverInfoDetailW
SetupDiGetSelectedDriverW
SetupDiSetClassInstallParamsW
SetupDiClassNameFromGuidW
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_SizeW
CM_Locate_DevNodeW
CM_Get_DevNode_Status
CM_Setup_DevNode
SetupDiGetDeviceRegistryPropertyW
SetupGetTargetPathW
SetupInstallFilesFromInfSectionW
SetupPromptReboot
SetupInstallFromInfSectionW
SetupInstallServicesFromInfSectionW
SetupDiGetActualSectionToInstallW
SetupFindNextLine
SetupFindNextMatchLineW
SetupOpenInfFileW
SetupOpenFileQueue
SetupCommitFileQueueW
SetupQueueCopyW
SetupCloseFileQueue
SetupGetLineCountW
SetupCloseInfFile
SetupFindFirstLineW
SetupGetFieldCount
SetupGetIntField
CM_Enumerate_Classes
SetupDiEnumDeviceInfo
SetupInitDefaultQueueCallbackEx
SetupDefaultQueueCallbackW
SetupDiGetClassDevsW
SetupDiOpenClassRegKey
CM_Get_Device_IDW
SetupDiDestroyDeviceInfoList
SetupGetStringFieldW
pSetupGetGlobalFlags
pSetupSetGlobalFlags
SetupOpenAppendInfFileW
SetupCopyOEMInfW
SetupTermDefaultQueueCallback
advapi32
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
SetEntriesInAclW
QueryServiceStatus
DeleteService
ControlService
CloseServiceHandle
OpenServiceW
OpenSCManagerW
StartServiceW
RegCloseKey
ole32
StringFromCLSID
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance
wintrust
CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust
crypt32
CertFreeCertificateContext
CertGetCTLContextProperty
CryptQueryObject
CertFreeCTLContext
Exports
Exports
DIFXAPISetLogCallbackA
DIFXAPISetLogCallbackW
DriverPackageGetPathA
DriverPackageGetPathW
DriverPackageInstallA
DriverPackageInstallW
DriverPackagePreinstallA
DriverPackagePreinstallW
DriverPackageUninstallA
DriverPackageUninstallW
SetDifxLogCallbackA
SetDifxLogCallbackW
Sections
.text Size: 280KB - Virtual size: 279KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 17KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$TEMP/casetup32.exe.exe windows:5 windows x86 arch:x86
5bed6ed7ad45a6e31b4d3350bd86da70
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
25:47:b0:da:73:5e:fb:4b:02:0f:c8:38:ad:98:21:16Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before20/07/2010, 00:00Not After18/08/2011, 23:59SubjectCN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
c4:b6:06:c0:64:e2:ec:92:48:dc:aa:84:55:e0:d5:02:98:b1:78:ebSigner
Actual PE Digestc4:b6:06:c0:64:e2:ec:92:48:dc:aa:84:55:e0:d5:02:98:b1:78:ebDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
D:\Builder\Builds\2.0.17.48\air\2.0.17\agent\Release\casetup32.pdb
Imports
difxapi
DriverPackageUninstallW
DriverPackageInstallW
SetDifxLogCallbackW
userenv
CreateEnvironmentBlock
DestroyEnvironmentBlock
fltlib
FilterFindClose
FilterFindNext
FilterFindFirst
psapi
GetModuleFileNameExW
GetProcessImageFileNameW
kernel32
QueryDosDeviceW
LocalAlloc
ReleaseSemaphore
CreateSemaphoreW
GetVersion
GetFileType
GetStdHandle
QueryPerformanceCounter
GlobalMemoryStatus
GetVersionExA
FlushConsoleInputBuffer
FreeLibrary
LocalFree
FormatMessageW
WideCharToMultiByte
SetCurrentDirectoryW
GetCurrentThread
GetSystemTimeAsFileTime
IsDebuggerPresent
LoadLibraryA
GetProcAddress
MultiByteToWideChar
GetCurrentThreadId
MoveFileExW
SetEvent
OpenEventW
GetCurrentProcessId
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
ReleaseMutex
WaitForSingleObject
CreateMutexW
Process32NextW
CloseHandle
TerminateProcess
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
Sleep
GetTickCount
FindClose
FindNextFileW
GetLastError
FindFirstFileW
GetSystemDirectoryW
InterlockedExchange
InterlockedCompareExchange
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
SetLastError
user32
MessageBoxA
MessageBoxExW
SetDebugErrorLevel
GetUserObjectInformationW
GetDesktopWindow
GetProcessWindowStation
advapi32
AdjustTokenPrivileges
SetEntriesInAclW
GetNamedSecurityInfoW
BuildTrusteeWithSidW
SetNamedSecurityInfoW
OpenSCManagerW
CloseServiceHandle
OpenServiceW
DeleteService
QueryServiceStatusEx
StartServiceW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
ImpersonateSelf
OpenThreadToken
CreateProcessAsUserW
CreateWellKnownSid
DuplicateTokenEx
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegOpenKeyExW
ControlService
msvcr90
_wtoi
wcsncpy_s
free
??2@YAPAXI@Z
??3@YAXPAX@Z
wcscpy_s
wcscat_s
wcsncat_s
wcsrchr
_wcsicmp
toupper
wprintf
realloc
swprintf_s
_vscwprintf
malloc
fwprintf
_scprintf
_localtime64_s
fflush
_wfopen
_errno
vswprintf_s
vsprintf_s
printf
wcsftime
fprintf
strftime
_scwprintf
_vscprintf
fclose
_time64
wcschr
strchr
tolower
wcsstr
isdigit
fread
_ui64tow_s
memcpy
memset
memchr
__iob_func
strncmp
ferror
fwrite
fopen
_setmode
_fileno
ftell
feof
fseek
fgets
qsort
strtoul
getenv
_vsnprintf
vfprintf
abort
isspace
strncpy
isxdigit
strcmp
fputs
signal
_getch
isupper
sscanf
sprintf
strstr
_wfopen_s
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
__winitenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_snprintf_s
_itoa_s
_stricmp
_wcsnicmp
_wcslwr
atoi
_wstat64i32
_strdup
strncpy_s
__CxxFrameHandler3
sprintf_s
wintrust
WinVerifyTrust
Sections
.text Size: 239KB - Virtual size: 238KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 94KB - Virtual size: 93KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 40KB - Virtual size: 93KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 28KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$TEMP/facebook.bmp
-
$TEMP/iprd.dll.dll windows:5 windows x86 arch:x86
f13e8315c6037e2f60f543dc9611e0ec
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
25:47:b0:da:73:5e:fb:4b:02:0f:c8:38:ad:98:21:16Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before20/07/2010, 00:00Not After18/08/2011, 23:59SubjectCN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
7e:ba:2d:d1:14:bc:0a:92:23:5b:6e:62:35:89:d4:3b:b4:10:09:3dSigner
Actual PE Digest7e:ba:2d:d1:14:bc:0a:92:23:5b:6e:62:35:89:d4:3b:b4:10:09:3dDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
d:\Builds\trunk\common\signed-pe-injection\InjectedPeReader\Release\iprd.pdb
Imports
psapi
GetModuleFileNameExW
GetProcessImageFileNameW
kernel32
FindFirstFileA
GetProcAddress
FindClose
LoadLibraryA
QueryDosDeviceW
CloseHandle
SetLastError
CreateMutexW
Sleep
ReleaseSemaphore
CreateSemaphoreW
GetCurrentThreadId
GetVersion
GetFileType
GetStdHandle
GetTickCount
QueryPerformanceCounter
GlobalMemoryStatus
GetVersionExA
FlushConsoleInputBuffer
GetLastError
LocalAlloc
GetDriveTypeA
SetEnvironmentVariableA
CompareStringW
MultiByteToWideChar
CreateFileW
ReadFile
GetModuleHandleW
FreeLibrary
FindFirstFileW
WaitForSingleObject
LocalFree
FormatMessageW
WideCharToMultiByte
SetCurrentDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryA
GetCurrentDirectoryA
OpenProcess
GetCurrentProcessId
CompareStringA
GetProcessHeap
HeapFree
GetCommandLineA
HeapAlloc
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
EnterCriticalSection
LeaveCriticalSection
SetConsoleCtrlHandler
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
RaiseException
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
VirtualAlloc
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA
LCMapStringW
RtlUnwind
SetFilePointer
WriteFile
GetModuleFileNameA
ExitProcess
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTimeZoneInformation
GetConsoleCP
FlushFileBuffers
GetFullPathNameW
GetFileInformationByHandle
PeekNamedPipe
GetModuleHandleA
SetStdHandle
CreateFileA
HeapSize
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
user32
GetDesktopWindow
SetDebugErrorLevel
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
advapi32
CreateWellKnownSid
SetEntriesInAclW
GetNamedSecurityInfoW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
SetNamedSecurityInfoW
BuildTrusteeWithSidW
Exports
Exports
caCleanUpConfig
caExtractAffiliate
caExtractAffiliateW
caExtractExistingLicense
caExtractExistingLicenseW
caExtractLicense
caExtractLicenseW
caGetLicenseState
caLogMessage
caLogMessageW
caResetLicenseState
caSetConfig
caSetConfigW
Sections
.text Size: 340KB - Virtual size: 340KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 96KB - Virtual size: 96KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 45KB - Virtual size: 54KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 436B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 33KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$TEMP/runtime.msi.msi
-
$TEMP/twitter.bmp
-
$TEMP/utilplg.dll.dll windows:5 windows x86 arch:x86
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
1e:44:68:3e:8f:d5:c1:e3:94:85:de:55:8e:87:77:79Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before05/08/2009, 00:00Not After18/08/2010, 23:59SubjectCN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
47:60:c1:7e:68:a3:d2:7e:e3:0b:4e:55:de:0d:c2:61:74:d1:92:a1Signer
Actual PE Digest47:60:c1:7e:68:a3:d2:7e:e3:0b:4e:55:de:0d:c2:61:74:d1:92:a1Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Exports
Exports
Execute
ExecuteW
VerifyTrust
VerifyTrustW
Sections
UPX0 Size: - Virtual size: 72KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 39KB - Virtual size: 40KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.dll windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.text Size: 60KB - Virtual size: 59KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 436B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
2.0.17/agent.exe.exe windows:5 windows x86 arch:x86
02cdd00f68b38364a6e651e3ba1e6db7
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
25:47:b0:da:73:5e:fb:4b:02:0f:c8:38:ad:98:21:16Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before20/07/2010, 00:00Not After18/08/2011, 23:59SubjectCN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
61:0c:12:06:00:00:00:00:00:1bCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2006, 17:01Not After23/05/2016, 17:11SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
79:3f:83:9e:0f:eb:d7:f4:71:29:f6:6f:26:d2:0f:cf:d2:d1:32:f9Signer
Actual PE Digest79:3f:83:9e:0f:eb:d7:f4:71:29:f6:6f:26:d2:0f:cf:d2:d1:32:f9Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
D:\Builder\Builds\2.0.17.48\air\2.0.17\agent\Release\agent.pdb
Imports
dut
?VerifySignature@Util@@SAHPB_WPAX@Z
?VerifyIssuer@Util@@SAHPB_WPAPB_W@Z
?VerifyAll@Util@@SAHPB_WPA_W@Z
?HexChar@Util@@SAPADPAEK@Z
?error@@YAXPADZZ
?GetOsVersion@Util@@SAKXZ
?RegValueQuery@Util@@SAKPA_W0PAKPAE1@Z
?setDebugLevel@@YAXH@Z
?ConvertStringToWCHAR@Util@@SAPA_WPAD@Z
?ConvertWCHARToString@Util@@SAPADPA_W@Z
?trace_open@@YAHXZ
?IsFileInCatStore@Util@@SAHPB_WPAX@Z
?GetCertHashData@Util@@SAHPB_WPAXPAPB_WPAPAEPAK@Z
?CharHex@Util@@SAPAEPADPAK@Z
?BaseName@Util@@SAPADPAD@Z
?LoadFile@Util@@SAHPB_WPAXPAPAEPAK@Z
dxm
??0XML@@QAE@XZ
?LoadBuffer@XML@@UAEHPAD@Z
?GetW@XML@@UAEPA_WPAD@Z
?GetDword@XML@@UAEKPAD@Z
?GetMany@XML@@UAEPAPADPAD@Z
??1XML@@QAE@XZ
dcf
?AddDword@Config@@UAEHPADKH@Z
?NodeExists@Config@@QAEHPAD0@Z
?AddMany@Config@@UAEHPADPAPADH@Z
?SetDword@Config@@UAEHPADKH@Z
??0Config@@QAE@XZ
??1Config@@QAE@XZ
?GetDword@Config@@UAEKPAD@Z
?Load@Config@@UAEHXZ
?GetW@Config@@UAEPA_WPAD@Z
?ReLoad@Config@@UAEHXZ
?Get@Config@@UAEPADPAD@Z
?Set@Config@@UAEHPAD0H@Z
?Add@Config@@UAEHPAD0H@Z
?Save@Config@@UAEHH@Z
?GetMany@Config@@UAEPAPADPAD@Z
?GetManyW@Config@@UAEPAPA_WPAD@Z
?AddW@Config@@UAEHPADPA_WH@Z
?GetKey@Config@@QAEPAUevp_pkey_st@@PADH@Z
?Delete@Config@@UAEKPADH@Z
?SetW@Config@@UAEHPADPA_WH@Z
?FreeManyW@Config@@UAEXPAPA_W@Z
?Exists@Config@@UAEHPAD@Z
dqr
?QueryLoadW@@YAKPA_W0@Z
?QueryOpen@@YAKGPAPAXPAH@Z
?QueryUpdateHash@@YAKPAXHPAEKEPAD@Z
?QueryGet@@YAKPAXDHPAEK11PAKPAPAD@Z
?QueryException@@YAKPAXHPAEK@Z
?QueryPreGet@@YAKPAXHPAEK11PAKPAPAD@Z
?QueryMultiGet@@YAKPAXHPAEKH1KHH11PAKPAPAD@Z
?QueryConnectivityGet@@YAKPAH@Z
?QueryFalsePositive@@YAKPAXHPAEK@Z
?QueryMultiAssocGet@@YAKPAXHPAEKHPAPAEPAK@Z
?QueryPing@@YAKPAXPAK11PAH@Z
?QueryLicenseRegister@@YAKPAXPAEKPAK21@Z
dti
?PreFullScan@TetraEngineInterface@@QAEHHHH@Z
?BootScan@TetraEngineInterface@@QAEHXZ
?GetDBInfo@TetraEngineInterface@@QAEHPAK0@Z
?GetSyncTetraInstance@@YGKPAX@Z
?GetASynchronousTetraInstance@@YGKPAX@Z
?DeInitScanner@TetraEngineInterface@@QAEHXZ
?DeInit@TetraInterface@@QAEXXZ
?DebugOptions@TetraEngineInterface@@QAEXXZ
?SetOptions@TetraEngineInterface@@QAEHXZ
?ScanFile@TetraEngineInterface@@QAEHPAXPB_W0@Z
?ScanFile@TetraEngineInterface@@QAEHPB_WPAX@Z
?m_config@TetraInterface@@2VConfig@@A
?RootkitScan@TetraEngineInterface@@QAEHPAX@Z
?TetraUpdaterInit@@YGHPAU_TETRA_UPDATER_PARAM@@@Z
dsl
sqlite3_prepare_v2
sqlite3_column_int
sqlite3_close
sqlite3_busy_timeout
sqlite3_finalize
sqlite3_step
sqlite3_errmsg
sqlite3_open_v2
sqlite3_column_text
fltlib
FilterSendMessage
FilterReplyMessage
FilterGetMessage
FilterConnectCommunicationPort
shlwapi
StrStrIA
kernel32
InterlockedCompareExchange
UnhandledExceptionFilter
TerminateProcess
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
SetUnhandledExceptionFilter
FlushConsoleInputBuffer
GetVersionExA
LoadLibraryA
GlobalMemoryStatus
QueryPerformanceCounter
GetStdHandle
GetFileType
GetVersion
SetLastError
FormatMessageW
WaitForSingleObjectEx
DeleteFileW
lstrcmpA
LocalFree
lstrcpyW
LocalAlloc
WideCharToMultiByte
MultiByteToWideChar
DeviceIoControl
CreateFileW
GetFileAttributesExW
Module32NextW
Module32FirstW
Process32NextW
CreateToolhelp32Snapshot
FindClose
FindNextFileW
FindFirstFileW
GetLogicalDriveStringsW
TerminateThread
ReadFile
ResetEvent
IsDebuggerPresent
GetSystemTimeAsFileTime
InterlockedExchange
ConnectNamedPipe
DisconnectNamedPipe
WaitForSingleObject
CreateEventW
CreateThread
GetVersionExW
CreateMutexW
ExitProcess
Sleep
SetProcessWorkingSetSize
GetCurrentProcess
WaitForMultipleObjects
GetModuleFileNameW
SetCurrentDirectoryW
CloseHandle
GetSystemInfo
OpenProcess
GetCurrentProcessId
GetProcessTimes
GetSystemTimes
GetSystemTime
SystemTimeToFileTime
GetFileAttributesW
CreateProcessW
GetTickCount
SetEvent
GetLastError
GetCurrentThread
SetThreadPriority
GetLogicalDriveStringsA
QueryDosDeviceA
EnterCriticalSection
LeaveCriticalSection
ReleaseMutex
InterlockedIncrement
GetCurrentThreadId
GetFileSize
DuplicateHandle
CreateFileA
DeleteFileA
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
LoadLibraryW
GetProcAddress
FreeLibrary
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateSemaphoreW
ReleaseSemaphore
WriteFile
GetOverlappedResult
CreateNamedPipeW
user32
MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
LoadStringW
wsprintfW
advapi32
DeleteService
RegisterEventSourceA
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
CloseServiceHandle
LookupPrivilegeValueW
OpenThreadToken
ImpersonateSelf
InitializeSecurityDescriptor
AdjustTokenPrivileges
RegOpenKeyExW
RegEnumValueW
RegQueryValueExW
RegCloseKey
CreateServiceW
ChangeServiceConfig2W
ControlService
StartServiceW
ReportEventA
DeregisterEventSource
QueryServiceStatus
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
SetSecurityDescriptorDacl
shell32
SHGetFolderPathW
SHGetFolderPathA
ole32
CoInitializeEx
StringFromGUID2
CoInitialize
CoCreateInstance
CoUninitialize
oleaut32
SysFreeString
VariantClear
SysAllocString
msvcp90
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
msvcr90
__iob_func
abort
qsort
isdigit
memchr
strncpy
ferror
fflush
_setmode
_fileno
ftell
feof
fseek
fgets
strcmp
isspace
isxdigit
fputs
signal
_getch
isupper
fprintf
vsprintf_s
_scprintf
fopen
atoi
strtok_s
strchr
sscanf
sprintf
memmove
memmove_s
_set_purecall_handler
_snwprintf_s
_set_invalid_parameter_handler
exit
_unlock
__dllonexit
_encode_pointer
_lock
vfprintf
_decode_pointer
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
__winitenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_CxxThrowException
__set_app_type
_crt_debugger_hook
_except_handler4_common
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
_stat64i32
__CxxFrameHandler3
strrchr
tolower
strftime
rand
_snprintf_s
srand
_wstat64
_localtime64_s
strncmp
??_V@YAXPAX@Z
_wcslwr_s
wcstok
wcsstr
wcschr
realloc
fclose
fread
_wfopen_s
_purecall
_wcsicmp
_vsnprintf
getenv
strtoul
memcpy
fwrite
memset
_errno
_wstat64i32
_wfsopen
strerror_s
_onexit
_vscprintf
free
malloc
strstr
sprintf_s
wcscpy_s
_strdup
_wcsdup
??3@YAXPAX@Z
??2@YAPAXI@Z
swprintf_s
strncpy_s
strcat_s
wcscat_s
strcpy_s
calloc
printf
_time64
_i64toa_s
_ltoa_s
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
?what@exception@std@@UBEPBDXZ
memcpy_s
wcstok_s
_wtoi
swscanf_s
wcsncpy_s
rpcrt4
UuidCreate
UuidToStringW
RpcStringFreeW
psapi
GetModuleFileNameExW
GetProcessMemoryInfo
wintrust
WinVerifyTrust
crypt32
CryptMsgGetParam
CertFindCertificateInStore
CertFreeCertificateContext
CertCloseStore
CryptMsgClose
CertGetNameStringW
CryptDecodeObject
CryptQueryObject
winhttp
WinHttpOpenRequest
WinHttpOpen
WinHttpConnect
WinHttpWriteData
WinHttpSetCredentials
WinHttpReadData
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpAddRequestHeaders
WinHttpCloseHandle
WinHttpSendRequest
ws2_32
WSAGetLastError
closesocket
WSASetLastError
recv
shutdown
send
Sections
.text Size: 451KB - Virtual size: 451KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 159KB - Virtual size: 159KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 57KB - Virtual size: 69KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 43KB - Virtual size: 42KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
2.0.17/creport.exe.exe windows:5 windows x86 arch:x86
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
25:47:b0:da:73:5e:fb:4b:02:0f:c8:38:ad:98:21:16Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before20/07/2010, 00:00Not After18/08/2011, 23:59SubjectCN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
c9:f0:27:a3:d8:f7:0b:7e:d5:5e:39:c5:8d:e2:a4:d3:45:44:92:28Signer
Actual PE Digestc9:f0:27:a3:d8:f7:0b:7e:d5:5e:39:c5:8d:e2:a4:d3:45:44:92:28Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 56KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 22KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
2.0.17/dcf.dll.dll windows:5 windows x86 arch:x86
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
25:47:b0:da:73:5e:fb:4b:02:0f:c8:38:ad:98:21:16Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before20/07/2010, 00:00Not After18/08/2011, 23:59SubjectCN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
64:01:d3:0d:2d:e7:98:fa:2a:36:d6:1d:0e:d8:b9:9e:e0:e2:ad:32Signer
Actual PE Digest64:01:d3:0d:2d:e7:98:fa:2a:36:d6:1d:0e:d8:b9:9e:e0:e2:ad:32Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Exports
Exports
??0Config@@QAE@ABV0@@Z
??0Config@@QAE@XZ
??1Config@@QAE@XZ
??4Config@@QAEAAV0@ABV0@@Z
??_7Config@@6B@
?Add@Config@@UAEHPAD0H@Z
?AddDword@Config@@UAEHPADKH@Z
?AddMany@Config@@UAEHPADPAPADH@Z
?AddManyW@Config@@UAEHPADPAPA_WH@Z
?AddW@Config@@UAEHPADPA_WH@Z
?ConvertKey@Config@@QAEPAUevp_pkey_st@@PADH@Z
?Delete@Config@@UAEKPADH@Z
?Delete@Config@@UAEKPBD0H@Z
?DeleteW@Config@@UAEKPBDPB_WH@Z
?Exists@Config@@UAEHPAD@Z
?Free@Config@@UAEHXZ
?FreeMany@Config@@UAEXPAPAD@Z
?FreeManyW@Config@@UAEXPAPA_W@Z
?FreeW@Config@@UAEXPA_W@Z
?Get@Config@@UAEPADPAD@Z
?GetDword@Config@@UAEKPAD@Z
?GetFullVersionW@Config@@UAEPA_WXZ
?GetKey@Config@@QAEPAUevp_pkey_st@@PADH@Z
?GetLocal@Config@@UAEPADPAD@Z
?GetMany@Config@@UAEPAPADPAD@Z
?GetManyW@Config@@UAEPAPA_WPAD@Z
?GetPipeSettings@Config@@UAEJPAUpipeSettings@@@Z
?GetW@Config@@UAEPA_WPAD@Z
?Load@Config@@UAEHPA_W0@Z
?Load@Config@@UAEHXZ
?LoadKey@Config@@QAEPAUevp_pkey_st@@PADH@Z
?NodeExists@Config@@QAEHPAD0@Z
?ReLoad@Config@@UAEHXZ
?Refresh@Config@@AAEHXZ
?Save@Config@@UAEHH@Z
?Set@Config@@UAEHPAD0H@Z
?SetDword@Config@@UAEHPADKH@Z
?SetW@Config@@UAEHPADPA_WH@Z
?Store@Config@@AAEHXZ
CreateConfigClassInstance
ReleaseConfigClassInstance
Sections
UPX0 Size: - Virtual size: 272KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 167KB - Virtual size: 168KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.dll windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.text Size: 245KB - Virtual size: 244KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 83KB - Virtual size: 83KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 40KB - Virtual size: 42KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
2.0.17/dcm.dll.dll regsvr32 windows:5 windows x86 arch:x86
605cc3a88fa64d0e682679c26712cd37
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
25:47:b0:da:73:5e:fb:4b:02:0f:c8:38:ad:98:21:16Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before20/07/2010, 00:00Not After18/08/2011, 23:59SubjectCN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0f:f2:27:61:d2:67:db:1f:82:6e:d2:6a:5b:a8:7d:e5:c4:24:48:8aSigner
Actual PE Digest0f:f2:27:61:d2:67:db:1f:82:6e:d2:6a:5b:a8:7d:e5:c4:24:48:8aDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
d:\Builder\Builds\2.0.17.48\air\2.0.17\contextmenu\Release\dcm-1-en-us.pdb
Imports
kernel32
GetProcAddress
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetFileAttributesW
lstrcpynA
lstrcpynW
WideCharToMultiByte
lstrcpyW
GetOverlappedResult
WaitForSingleObject
WriteFile
CloseHandle
Sleep
lstrcmpiW
CreateEventW
GetCurrentProcessId
GetProcessHeap
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LoadLibraryA
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
FreeLibrary
MultiByteToWideChar
GetLastError
lstrlenW
GetModuleFileNameW
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
CreateFileW
DisableThreadLibraryCalls
lstrlenA
DebugBreak
IsDebuggerPresent
InterlockedCompareExchange
InterlockedExchange
VirtualQuery
user32
InsertMenuItemW
InsertMenuW
CreatePopupMenu
LoadStringW
CharNextW
LoadImageW
GetSysColor
CopyRect
SetRect
GetSystemMetrics
DrawTextW
gdi32
SetBkColor
ExtTextOutW
GetTextExtentPoint32W
DeleteObject
SetTextColor
advapi32
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
shell32
DragQueryFileW
ole32
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
ReleaseStgMedium
CoCreateInstance
CoTaskMemFree
oleaut32
LoadRegTypeLi
SysStringByteLen
SysAllocStringByteLen
UnRegisterTypeLi
SysAllocString
RegisterTypeLi
SysStringLen
LoadTypeLi
SysFreeString
VarUI4FromStr
msvcr90
?terminate@@YAXXZ
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_decode_pointer
_onexit
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler3
_purecall
memset
memcpy_s
??_V@YAXPAX@Z
??_U@YAPAXI@Z
_CxxThrowException
wcsstr
wcsncpy_s
memcmp
wcscpy_s
wcscat_s
free
_recalloc
malloc
wcslen
memmove_s
_CRT_RTC_INITW
_except_handler4_common
_lock
_unlock
__dllonexit
_encode_pointer
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.textbss Size: - Virtual size: 64KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.text Size: 106KB - Virtual size: 105KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 26KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
2.0.17/det.dll.dll windows:5 windows x86 arch:x86
5606b28555ca071d43dae9883af1b778
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
25:47:b0:da:73:5e:fb:4b:02:0f:c8:38:ad:98:21:16Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before20/07/2010, 00:00Not After18/08/2011, 23:59SubjectCN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
5d:8c:18:8b:45:61:74:14:b3:d4:7f:66:3f:6f:b9:32:6d:da:36:0fSigner
Actual PE Digest5d:8c:18:8b:45:61:74:14:b3:d4:7f:66:3f:6f:b9:32:6d:da:36:0fDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
D:\Builder\Builds\2.0.17.48\air\2.0.17\agent\Release\det.pdb
Imports
kernel32
GetTickCount
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime
msvcr90
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
_initterm
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
memmove
printf
qsort
calloc
free
memcpy
memset
Exports
Exports
ethos_destroy
ethos_hash
ethos_hash_unified
ethos_parse
ethos_version
Sections
.text Size: 29KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 928B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
2.0.17/dhr.dll.dll windows:5 windows x86 arch:x86
fdf70a6a0d855dc6e3aff6e23fa1ff21
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
25:47:b0:da:73:5e:fb:4b:02:0f:c8:38:ad:98:21:16Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before20/07/2010, 00:00Not After18/08/2011, 23:59SubjectCN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
75:af:b0:a2:b4:3c:71:0c:de:f9:a1:de:74:4c:26:e2:37:52:66:ffSigner
Actual PE Digest75:af:b0:a2:b4:3c:71:0c:de:f9:a1:de:74:4c:26:e2:37:52:66:ffDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
D:\Builder\Builds\2.0.17.48\air\2.0.17\agent\Release\dhr.pdb
Imports
winhttp
WinHttpOpen
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpSetOption
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpCloseHandle
dcf
?FreeManyW@Config@@UAEXPAPA_W@Z
CreateConfigClassInstance
?GetPipeSettings@Config@@UAEJPAUpipeSettings@@@Z
?Exists@Config@@UAEHPAD@Z
?Free@Config@@UAEHXZ
?Save@Config@@UAEHH@Z
?ReLoad@Config@@UAEHXZ
?Load@Config@@UAEHXZ
?Load@Config@@UAEHPA_W0@Z
?SetDword@Config@@UAEHPADKH@Z
?SetW@Config@@UAEHPADPA_WH@Z
?Set@Config@@UAEHPAD0H@Z
?AddDword@Config@@UAEHPADKH@Z
ReleaseConfigClassInstance
?Add@Config@@UAEHPAD0H@Z
?GetW@Config@@UAEPA_WPAD@Z
?DeleteW@Config@@UAEKPBDPB_WH@Z
?Delete@Config@@UAEKPADH@Z
?Delete@Config@@UAEKPBD0H@Z
?GetDword@Config@@UAEKPAD@Z
?AddManyW@Config@@UAEHPADPAPA_WH@Z
?AddMany@Config@@UAEHPADPAPADH@Z
?AddW@Config@@UAEHPADPA_WH@Z
?FreeMany@Config@@UAEXPAPAD@Z
?FreeW@Config@@UAEXPA_W@Z
?GetFullVersionW@Config@@UAEPA_WXZ
?GetManyW@Config@@UAEPAPA_WPAD@Z
?GetMany@Config@@UAEPAPADPAD@Z
?GetLocal@Config@@UAEPADPAD@Z
?Get@Config@@UAEPADPAD@Z
dut
?error@@YAXPADZZ
?DaclSetBuiltInUsers@Util@@SAHPA_W@Z
?CheckFilePath@Util@@SAHPB_W@Z
?VerifySignature@Util@@SAHPB_WPAX@Z
?error@@YAXPA_WZZ
dxm
??4XML@@QAEAAV0@ABV0@@Z
??0XML@@QAE@ABV0@@Z
ReleaseXMLClassInstance
CreateXMLClassInstance
kernel32
GetLocaleInfoA
HeapSize
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
FlushFileBuffers
ReadFile
GetProcessHeap
SetEndOfFile
SetFilePointer
GetConsoleMode
GetConsoleCP
SetStdHandle
GetStartupInfoA
GetStdHandle
SetHandleCount
SetLastError
TlsFree
TlsSetValue
WriteConsoleA
TlsGetValue
VirtualAlloc
VirtualFree
HeapDestroy
HeapCreate
CompareStringW
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
RaiseException
GetUserDefaultLCID
DeleteFileW
GetLastError
CloseHandle
CreateFileW
WriteFile
GetSystemTimeAsFileTime
LocalFree
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
LoadLibraryW
FormatMessageW
GetLocaleInfoW
GetConsoleOutputCP
WriteConsoleW
CreateFileA
TlsAlloc
GetModuleHandleA
RtlUnwind
GetCommandLineA
GetCurrentThreadId
ExitProcess
GetProcAddress
GetModuleHandleW
HeapAlloc
HeapReAlloc
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetFileType
advapi32
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptReleaseContext
ole32
CoUninitialize
CoInitialize
CoCreateInstance
oleaut32
SysStringByteLen
SysFreeString
SysAllocString
Exports
Exports
??0Config@@QAE@ABV0@@Z
??4Config@@QAEAAV0@ABV0@@Z
??_7Config@@6B@
GetIBannerHttp
GetICommunityHttp
GetINotificationHttp
GetIUpdateHttp
GetIWAIHttp
ReleaseIBannerHttp
ReleaseICommunityHttp
ReleaseINotificationHttp
ReleaseIUpdateHttp
ReleaseIWAIHttp
Sections
.text Size: 253KB - Virtual size: 252KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 40KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 676B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
2.0.17/dmz.dll.dll windows:5 windows x86 arch:x86
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
25:47:b0:da:73:5e:fb:4b:02:0f:c8:38:ad:98:21:16Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before20/07/2010, 00:00Not After18/08/2011, 23:59SubjectCN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
06:97:d1:31:e3:fe:b0:7d:f7:33:57:56:66:1c:48:9c:6b:5f:79:1dSigner
Actual PE Digest06:97:d1:31:e3:fe:b0:7d:f7:33:57:56:66:1c:48:9c:6b:5f:79:1dDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Exports
Exports
CreateMinizipClassInstance
ReleaseMinizipClassInstance
Sections
UPX0 Size: - Virtual size: 60KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 30KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.dll windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.text Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1016B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
2.0.17/dqr.dll.dll windows:5 windows x86 arch:x86
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
25:47:b0:da:73:5e:fb:4b:02:0f:c8:38:ad:98:21:16Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before20/07/2010, 00:00Not After18/08/2011, 23:59SubjectCN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
de:57:ba:27:f3:c4:38:ce:51:e0:5d:d7:6f:37:ca:3e:5c:f9:9f:44Signer
Actual PE Digestde:57:ba:27:f3:c4:38:ce:51:e0:5d:d7:6f:37:ca:3e:5c:f9:9f:44Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Exports
Exports
?QueryClose@@YAKPAX@Z
?QueryConnectivityGet@@YAKPAH@Z
?QueryConvict@@YAKPAXHPAEKPAD11@Z
?QueryException@@YAKPAXHPAEK@Z
?QueryFalsePositive@@YAKPAXHPAEK@Z
?QueryGet@@YAKPAXDHPAEK11PAKPAPAD@Z
?QueryLicenseRegister@@YAKPAXPAEKPAK21@Z
?QueryLicenseUnregister@@YAKPAXPAEK@Z
?QueryLoadA@@YAKPAD0@Z
?QueryLoadW@@YAKPA_W0@Z
?QueryMultiAssocGet@@YAKPAXHPAEKHPAPAEPAK@Z
?QueryMultiGet@@YAKPAXHPAEKH1KHH11PAKPAPAD@Z
?QueryOpen@@YAKGPAPAXPAH@Z
?QueryPing@@YAKPAXPAK11PAH@Z
?QueryPreGet@@YAKPAXHPAEK11PAKPAPAD@Z
?QueryUnLoad@@YAKXZ
?QueryUpdateHash@@YAKPAXHPAEKEPAD@Z
Sections
UPX0 Size: - Virtual size: 400KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 247KB - Virtual size: 248KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 5KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.dll windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.text Size: 370KB - Virtual size: 370KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 131KB - Virtual size: 131KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 56KB - Virtual size: 65KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 35KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
2.0.17/dre.dll.dll windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 92KB - Virtual size: 92KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
2.0.17/drh.dll.dll .js windows:5 windows x86 arch:x86 polyglot
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
25:47:b0:da:73:5e:fb:4b:02:0f:c8:38:ad:98:21:16Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before20/07/2010, 00:00Not After18/08/2011, 23:59SubjectCN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
ef:52:e6:a7:32:ce:d5:7f:9d:ad:e7:57:6e:90:a3:7a:d7:ed:14:71Signer
Actual PE Digestef:52:e6:a7:32:ce:d5:7f:9d:ad:e7:57:6e:90:a3:7a:d7:ed:14:71Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
d:\Builder\Builds\2.0.17.48\air\2.0.17\client\IPTrayProResources\Release\drh-18-en-us.pdb
Sections
.rdata Size: 512B - Virtual size: 142B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 5.3MB - Virtual size: 5.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
2.0.17/driver/ip/immunetprotect.cat
-
2.0.17/driver/ip/immunetprotect.inf
-
2.0.17/driver/ip/immunetprotect.sys.sys windows:6 windows x86 arch:x86
efa5e162a7aa45d9b4ea27dcbced1286
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
25:47:b0:da:73:5e:fb:4b:02:0f:c8:38:ad:98:21:16Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before20/07/2010, 00:00Not After18/08/2011, 23:59SubjectCN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
61:0c:12:06:00:00:00:00:00:1bCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2006, 17:01Not After23/05/2016, 17:11SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
95:50:92:e8:85:29:56:f2:c9:aa:7e:0c:25:1f:f7:7b:a5:30:d8:6dSigner
Actual PE Digest95:50:92:e8:85:29:56:f2:c9:aa:7e:0c:25:1f:f7:7b:a5:30:d8:6dDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
d:\builder\builds\2.0.17.48\air\2.0.17\drivers\fltcksum\objfre_wxp_x86\i386\ImmunetProtect.pdb
Imports
ntoskrnl.exe
KeBugCheckEx
KeTickCount
RtlCopyUnicodeString
IoGetCurrentProcess
InterlockedPushEntrySList
ExInitializeNPagedLookasideList
IoCreateFileSpecifyDeviceObjectHint
RtlPrefixUnicodeString
ObfDereferenceObject
ZwOpenProcess
ObReferenceObjectByHandle
ZwSetSecurityObject
ZwTerminateProcess
ZwQuerySystemInformation
ZwQueryInformationProcess
KeInitializeEvent
_vsnwprintf
RtlCompareUnicodeString
IoFileObjectType
KeQuerySystemTime
KeDelayExecutionThread
RtlUnwind
PsSetCreateProcessNotifyRoutine
RtlInitUnicodeString
ZwDuplicateObject
ZwClose
ZwReadFile
memcpy
MmMapLockedPagesSpecifyCache
ExAllocatePoolWithTag
ExFreePoolWithTag
memset
InterlockedPopEntrySList
PsGetCurrentProcessId
fltmgr.sys
FltSendMessage
FltWriteFile
FltFreePoolAlignedWithTag
FltQuerySecurityObject
FltQueryInformationFile
FltSetInformationFile
FltEnumerateVolumes
FltGetVolumeName
FltGetDeviceObject
FltEnumerateInstances
FltObjectDereference
FltAllocatePoolAlignedWithTag
FltRegisterFilter
FltStartFiltering
FltBuildDefaultSecurityDescriptor
FltReleaseContext
FltSetStreamHandleContext
FltAllocateContext
FltIsDirectory
FltGetStreamHandleContext
FltReadFile
FltReleaseFileNameInformation
FltParseFileNameInformation
FltGetFileNameInformation
FltUnregisterFilter
FltCloseCommunicationPort
FltCloseClientPort
FltFreeSecurityDescriptor
FltCreateCommunicationPort
Sections
.text Size: 26KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 896B - Virtual size: 780B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 768B - Virtual size: 734B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
2.0.17/driver/is/immunetselfprotect.cat
-
2.0.17/driver/is/immunetselfprotect.inf
-
2.0.17/driver/is/immunetselfprotect.sys.sys windows:6 windows x86 arch:x86
71c01c4b00e824867672836587add321
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
25:47:b0:da:73:5e:fb:4b:02:0f:c8:38:ad:98:21:16Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before20/07/2010, 00:00Not After18/08/2011, 23:59SubjectCN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
61:0c:12:06:00:00:00:00:00:1bCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2006, 17:01Not After23/05/2016, 17:11SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:04:eb:0a:ad:d9:66:30:3e:f4:b6:99:b5:a9:f4:e1:f0:f7:c6:1eSigner
Actual PE Digest0e:04:eb:0a:ad:d9:66:30:3e:f4:b6:99:b5:a9:f4:e1:f0:f7:c6:1eDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
d:\builder\builds\2.0.17.48\air\2.0.17\drivers\fltprot\objfre_wxp_x86\i386\ImmunetSelfProtect.pdb
Imports
ntoskrnl.exe
KeBugCheckEx
KeTickCount
RtlPrefixUnicodeString
RtlCompareUnicodeString
KeWaitForSingleObject
KeReleaseSemaphore
KeInitializeSemaphore
memcpy
PsSetCreateThreadNotifyRoutine
PsSetLoadImageNotifyRoutine
CmRegisterCallback
PsSetCreateProcessNotifyRoutine
PsRemoveCreateThreadNotifyRoutine
PsRemoveLoadImageNotifyRoutine
CmUnRegisterCallback
MmGetSystemRoutineAddress
MmUnmapLockedPages
IoAllocateMdl
MmBuildMdlForNonPagedPool
InterlockedPopEntrySList
InterlockedPushEntrySList
ExInitializeNPagedLookasideList
ObfDereferenceObject
ZwOpenProcess
ObReferenceObjectByHandle
ObQueryNameString
RtlGetVersion
ZwQueryInformationProcess
RtlAppendUnicodeStringToString
KeInitializeEvent
RtlUnwind
MmMapLockedPagesSpecifyCache
IoFreeMdl
KeServiceDescriptorTable
ZwClose
MmIsAddressValid
memset
ExAllocatePoolWithTag
RtlInitUnicodeString
RtlCopyUnicodeString
IoGetCurrentProcess
ExFreePoolWithTag
PsGetCurrentProcessId
hal
KfAcquireSpinLock
KfReleaseSpinLock
fltmgr.sys
FltIsDirectory
FltRegisterFilter
FltStartFiltering
FltBuildDefaultSecurityDescriptor
FltCreateCommunicationPort
FltFreeSecurityDescriptor
FltCloseClientPort
FltCloseCommunicationPort
FltUnregisterFilter
FltGetDestinationFileNameInformation
FltReleaseFileNameInformation
FltGetFileNameInformation
FltParseFileNameInformation
Sections
.text Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 932B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
2.0.17/drs.dll.dll windows:5 windows x86 arch:x86
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
25:47:b0:da:73:5e:fb:4b:02:0f:c8:38:ad:98:21:16Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before20/07/2010, 00:00Not After18/08/2011, 23:59SubjectCN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
85:54:e1:1f:fc:8a:8e:a4:00:25:3a:88:ed:e0:c0:ec:8f:a1:5c:07Signer
Actual PE Digest85:54:e1:1f:fc:8a:8e:a4:00:25:3a:88:ed:e0:c0:ec:8f:a1:5c:07Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
UPX0 Size: - Virtual size: 188KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 86KB - Virtual size: 88KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 7KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.dll windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.text Size: 119KB - Virtual size: 119KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 30KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 53KB - Virtual size: 53KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 27KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
2.0.17/dsl.dll.dll windows:5 windows x86 arch:x86
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
25:47:b0:da:73:5e:fb:4b:02:0f:c8:38:ad:98:21:16Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before20/07/2010, 00:00Not After18/08/2011, 23:59SubjectCN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
98:b8:7a:89:23:41:29:5e:f6:ad:56:8a:28:02:7b:49:b9:7b:06:40Signer
Actual PE Digest98:b8:7a:89:23:41:29:5e:f6:ad:56:8a:28:02:7b:49:b9:7b:06:40Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Exports
Exports
CreateSqliteClassInstance
ReleaseSqliteClassInstance
sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_config
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_sql
sqlite3_status
sqlite3_step
sqlite3_stmt_status
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
Sections
UPX0 Size: - Virtual size: 332KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 259KB - Virtual size: 260KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 9KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.dll windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.text Size: 461KB - Virtual size: 460KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 55KB - Virtual size: 55KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
2.0.17/dsp.dll.dll windows:5 windows x86 arch:x86
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
25:47:b0:da:73:5e:fb:4b:02:0f:c8:38:ad:98:21:16Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before20/07/2010, 00:00Not After18/08/2011, 23:59SubjectCN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
2a:a1:50:1f:d3:24:a9:d3:e7:59:23:8a:61:c7:87:9a:e3:4e:82:0dSigner
Actual PE Digest2a:a1:50:1f:d3:24:a9:d3:e7:59:23:8a:61:c7:87:9a:e3:4e:82:0dDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Exports
Exports
features_checksum
features_extract
features_extract_verify
features_text
init_features_list
Sections
UPX0 Size: - Virtual size: 232KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 286KB - Virtual size: 288KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.dll windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.text Size: 178KB - Virtual size: 178KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 252KB - Virtual size: 255KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 688B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
2.0.17/dti.dll.dll windows:5 windows x86 arch:x86
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
25:47:b0:da:73:5e:fb:4b:02:0f:c8:38:ad:98:21:16Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before20/07/2010, 00:00Not After18/08/2011, 23:59SubjectCN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
6d:dc:83:1b:0b:04:a1:a6:8e:eb:25:08:f6:63:84:33:d8:3c:fc:8eSigner
Actual PE Digest6d:dc:83:1b:0b:04:a1:a6:8e:eb:25:08:f6:63:84:33:d8:3c:fc:8eDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Exports
Exports
??0TetraEngineInterface@@QAE@ABV0@@Z
??0TetraEngineInterface@@QAE@XZ
??0TetraInterface@@IAE@XZ
??0TetraUpdateInterface@@QAE@XZ
??1TetraEngineInterface@@QAE@XZ
??1TetraInterface@@IAE@XZ
??1TetraUpdateInterface@@QAE@XZ
??4TetraEngineInterface@@QAEAAV0@ABV0@@Z
??4TetraInterface@@QAEAAV0@ABV0@@Z
??4TetraUpdateInterface@@QAEAAV0@ABV0@@Z
??_7TetraEngineInterface@@6B@
?BootScan@TetraEngineInterface@@QAEHXZ
?CreateCacheFile@TetraInterface@@QAEHPA_W@Z
?DeInit@TetraInterface@@QAEXXZ
?DeInitScanner@TetraEngineInterface@@QAEHXZ
?DebugOptions@TetraEngineInterface@@QAEXXZ
?FullScan@TetraEngineInterface@@QAEHXZ
?GetASynchronousTetraInstance@@YGKPAX@Z
?GetBdCorePath@TetraUpdateInterface@@QAEPA_WPA_W@Z
?GetContext@TetraEngineInterface@@QAEPAXXZ
?GetDBInfo@TetraEngineInterface@@QAEHPAK0@Z
?GetOption@TetraEngineInterface@@QAEPAU_TETRA_OPTIONS@@XZ
?GetPluginDir@TetraUpdateInterface@@QAEPA_WPA_W@Z
?GetQuarantineBaseDir@TetraInterface@@IAEPA_WXZ
?GetSyncTetraInstance@@YGKPAX@Z
?GetTetraBaseDir@TetraInterface@@QAEPA_WXZ
?GetTetraUpdateDir@TetraUpdateInterface@@QAEPA_WXZ
?GetUpdatePath@TetraUpdateInterface@@QAEPA_WXZ
?Init@TetraInterface@@QAEHPB_W0@Z
?InitScanner@TetraEngineInterface@@QAEHP6AXHPB_W0HHH0PAHPAX@ZP6AXH0PA_W12@Z@Z
?LoadFunctionPointers@TetraInterface@@QAEHPA_W@Z
?PathScan@TetraEngineInterface@@QAEHPB_W@Z
?PreFullScan@TetraEngineInterface@@QAEHHHH@Z
?ReadOptions@TetraEngineInterface@@UAEHXZ
?ReadOptions@TetraUpdateInterface@@QAEHXZ
?ReleaseTetraInstance@@YGXPAX@Z
?Reload@TetraInterface@@QAEHPB_W0@Z
?ReloadConfig@TetraInterface@@QAEHXZ
?RootkitScan@TetraEngineInterface@@QAEHPAX@Z
?RootkitScanInternal@TetraEngineInterface@@IAEHPA_WPAX@Z
?ScanFile@TetraEngineInterface@@QAEHPAXPB_W0@Z
?ScanFile@TetraEngineInterface@@QAEHPB_WPAX@Z
?ScanFileInMemory@TetraEngineInterface@@QAEHPB_W@Z
?SetBaseDefDir@TetraUpdateInterface@@QAEXXZ
?SetOptions@TetraEngineInterface@@QAEHXZ
?SetUpdate@TetraEngineInterface@@QAEHXZ
?SetUpdateEvent@TetraInterface@@SAXXZ
?TetraAsyncUpdaterInit@@YGHPAU_TETRA_UPDATER_PARAM@@@Z
?TetraUpdaterDeInit@@YAHXZ
?TetraUpdaterInit@@YGHPAU_TETRA_UPDATER_PARAM@@@Z
?ThreatScanner_CreateInstance@TetraInterface@@1P6AHPAPAUCThreatScannerStruct@@@ZA
?ThreatScanner_CreateInstanceEx@TetraInterface@@1P6AHPAPAUCThreatScannerStruct@@H@ZA
?ThreatScanner_DeleteException@TetraInterface@@1P6AXPAX@ZA
?ThreatScanner_DestroyInstance@TetraInterface@@1P6AHPAUCThreatScannerStruct@@@ZA
?ThreatScanner_EnumerateDatabaseRecords@TetraInterface@@1P6AHPAUCThreatScannerStruct@@P6AXPB_WPAX@Z2@ZA
?ThreatScanner_GetDatabaseInformation@TetraInterface@@1P6AHPAUCThreatScannerStruct@@PAK1@ZA
?ThreatScanner_GetLicenseInformation@TetraInterface@@1P6AHPAUCThreatScannerStruct@@PAK@ZA
?ThreatScanner_GetOption@TetraInterface@@1P6AHPAUCThreatScannerStruct@@HPAX@ZA
?ThreatScanner_GetQuarantine@TetraInterface@@1P6AHPAUCThreatScannerStruct@@PAPAX@ZA
?ThreatScanner_GetVersion@TetraInterface@@1P6AHPAH0@ZA
?ThreatScanner_Initialize@TetraInterface@@1P6AHPB_W0@ZA
?ThreatScanner_InitializeEx@TetraInterface@@1P6AHPB_W0PA_WPAX@ZA
?ThreatScanner_InitializeMemoryScan@TetraInterface@@1P6AHPAUCThreatScannerStruct@@PB_WK@ZA
?ThreatScanner_ScanBuffer@TetraInterface@@1P6AHPAUCThreatScannerStruct@@PAXHKPAKHPAH3PAPB_W@ZA
?ThreatScanner_ScanMemory@TetraInterface@@1P6AHPAUCThreatScannerStruct@@HPAKHPAH2PAPB_W@ZA
?ThreatScanner_ScanObject@TetraInterface@@1P6AHPAUCThreatScannerStruct@@HPB_WHPAH2PAPB_WH1@ZA
?ThreatScanner_ScanObjectByHandle@TetraInterface@@1P6AHPAUCThreatScannerStruct@@PAXPB_WHPAH3PAPB_WH@ZA
?ThreatScanner_ScanPath@TetraInterface@@1P6AHPAUCThreatScannerStruct@@HPB_WH@ZA
?ThreatScanner_ScanStream@TetraInterface@@1P6AHPAUCThreatScannerStruct@@PAUIStream@@HHPAH2PAPB_W@ZA
?ThreatScanner_SetHashCallback@TetraInterface@@1P6AHPAUCThreatScannerStruct@@P6AXPAXPADHQAY0BA@E@Z1@ZA
?ThreatScanner_SetIntOption@TetraInterface@@1P6AHPAUCThreatScannerStruct@@HH@ZA
?ThreatScanner_SetPasswordCallback@TetraInterface@@1P6AHPAUCThreatScannerStruct@@P6AXHPB_WPA_WPAHPAX@Z4@ZA
?ThreatScanner_SetScanCallback2@TetraInterface@@1P6AHPAUCThreatScannerStruct@@P6AXPAU_ScanCbkParams@@PAHPAX@Z3@ZA
?ThreatScanner_SetScanCallback@TetraInterface@@1P6AHPAUCThreatScannerStruct@@P6AXHPB_W1HHH1PAHPAX@Z3@ZA
?ThreatScanner_SetScanPriority@TetraInterface@@1P6AHPAUCThreatScannerStruct@@H@ZA
?ThreatScanner_SetStringOption@TetraInterface@@1P6AHPAUCThreatScannerStruct@@HPB_W@ZA
?ThreatScanner_Uninitialize@TetraInterface@@1P6AHXZA
?ThreatScanner_UninitializeMemoryScan@TetraInterface@@1P6AHPAUCThreatScannerStruct@@@ZA
?UpdateDefDir@TetraUpdateInterface@@QAEXXZ
?WaitUpdateEvent@TetraInterface@@SAXXZ
?count@TetraInterface@@1JC
?m_ConfigLoaded@TetraInterface@@2HA
?m_FuncLoad@TetraInterface@@1HA
?m_UpdateEvent@TetraInterface@@1PAXA
?m_config@TetraInterface@@2VConfig@@A
?m_dwLastLoad@TetraInterface@@2KA
?m_hInitLibEvent@TetraInterface@@1PAXA
?m_hLibrary@TetraInterface@@1PAUHINSTANCE__@@A
?update@TetraUpdateInterface@@QAEHPAX0@Z
Sections
UPX0 Size: - Virtual size: 48KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 14KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 10KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
2.0.17/dut.dll.dll windows:5 windows x86 arch:x86
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
25:47:b0:da:73:5e:fb:4b:02:0f:c8:38:ad:98:21:16Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before20/07/2010, 00:00Not After18/08/2011, 23:59SubjectCN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
d6:8c:7d:8c:a9:87:ac:68:26:4b:79:4b:a1:36:3c:67:9b:7e:34:dbSigner
Actual PE Digestd6:8c:7d:8c:a9:87:ac:68:26:4b:79:4b:a1:36:3c:67:9b:7e:34:dbDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Exports
Exports
??4Util@@QAEAAV0@ABV0@@Z
?BaseName@Util@@SAPADPAD@Z
?CharHex@Util@@SAPAEPADPAK@Z
?CheckFilePath@Util@@SAHPBD@Z
?CheckFilePath@Util@@SAHPB_W@Z
?CheckFolderPath@Util@@SAHPBD@Z
?CheckFolderPath@Util@@SAHPB_W@Z
?ConvertStringToWCHAR@Util@@SAPA_WPAD@Z
?ConvertWCHARToString@Util@@SAPADPA_W@Z
?CopyDirectory@Util@@SAHPB_W0@Z
?CopyFileW@Util@@SAHPB_W0@Z
?DaclSetAuthenticatedUsers@Util@@SAHPA_W@Z
?DaclSetBuiltInUsers@Util@@SAHPA_W@Z
?Execute@Util@@SAHPB_WPA_W0@Z
?FreeMem@Util@@SAXPAX@Z
?GetCertHashData@Util@@SAHPB_WPAXPAPB_WPAPAEPAK@Z
?GetCertInfo@Util@@KAHPB_WPAEKPAX@Z
?GetDriveLetter@Util@@SA_WPB_W@Z
?GetFilePathFromProcessID@Util@@SAHKPB_WK@Z
?GetFuncAddress@Util@@SAPAXPB_W0@Z
?GetOsVersion@Util@@SAKXZ
?GetParentPID@Util@@SAKK@Z
?HexChar@Util@@SAPADPAEK@Z
?IsFileInCatStore@Util@@SAHPB_WPAX@Z
?IsManifestResourcePresent@Util@@SAHPB_W@Z
?LoadFile@Util@@SAHPB_WPAXPAPAEPAK@Z
?LoadFile@Util@@SAHPB_WPAXPAPAEPAKPAPAX@Z
?LogicalToDOSPath@Util@@SAHPB_W0K@Z
?QueryInformationFile@Util@@SAHPAXPAPA_W@Z
?RegKeyOpen@Util@@SAKPAUHKEY__@@PA_WPAPAU2@@Z
?RegSetStringValue@Util@@SAKPA_W00@Z
?RegValueQuery@Util@@SAKPA_W0PAKPAE1@Z
?RunAsDesktopUser@Util@@SAHPB_WPA_W0AAU_STARTUPINFOW@@AAU_PROCESS_INFORMATION@@@Z
?StrConcate@Util@@SAPADHPADZZ
?StrConcateW@Util@@SAPA_WHPA_WZZ
?UnixTimeToFileTime@Util@@SAH_JPAU_FILETIME@@@Z
?VerifyAll@Util@@SAHPB_WPA_W@Z
?VerifyIssuer@Util@@SAHPB_WPAPB_W@Z
?VerifyPID@Util@@SAHK@Z
?VerifySignature@Util@@SAHPB_WPAX@Z
?VerifySubject@Util@@SAHPB_WPA_W@Z
?error@@YAXPADZZ
?error@@YAXPA_WZZ
?setDebugLevel@@YAXH@Z
?trace_close@@YAHXZ
?trace_get_filename@@YAHPA_W@Z
?trace_initialized@@YAHXZ
?trace_open@@YAHPB_W0@Z
?trace_open@@YAHPB_W@Z
?trace_open@@YAHXZ
Sections
UPX0 Size: - Virtual size: 48KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 15KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 7KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
2.0.17/dxm.dll.dll windows:5 windows x86 arch:x86
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
25:47:b0:da:73:5e:fb:4b:02:0f:c8:38:ad:98:21:16Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before20/07/2010, 00:00Not After18/08/2011, 23:59SubjectCN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
3b:99:e2:96:03:7f:1f:28:e8:6f:7b:98:1e:e7:6a:f4:ea:14:dc:1eSigner
Actual PE Digest3b:99:e2:96:03:7f:1f:28:e8:6f:7b:98:1e:e7:6a:f4:ea:14:dc:1eDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Exports
Exports
??0XML@@QAE@ABV0@@Z
??0XML@@QAE@XZ
??1XML@@QAE@XZ
??4XML@@QAEAAV0@ABV0@@Z
??_7XML@@6B@
?Add@XML@@UAEHPAD0@Z
?AddDword@XML@@UAEHPADK@Z
?AddMany@XML@@UAEHPADPAPAD@Z
?AddManyW@XML@@UAEHPADPAPA_W@Z
?AddW@XML@@UAEHPADPA_W@Z
?Count@XML@@UAEKXZ
?Delete@XML@@QAEKPAD@Z
?Delete@XML@@QAEKPBD0@Z
?DeleteW@XML@@QAEKPBDPB_W@Z
?Free@XML@@UAEHXZ
?FreeMany@XML@@UAEXPAPAD@Z
?FreeManyW@XML@@UAEXPAPA_W@Z
?FreeW@XML@@UAEXPA_W@Z
?Get@XML@@UAEPADPAD@Z
?GetDword@XML@@UAEKPAD@Z
?GetMany@XML@@UAEPAPADPAD@Z
?GetManyW@XML@@UAEPAPA_WPAD@Z
?GetW@XML@@UAEPA_WPAD@Z
?Load@XML@@UAEHPA_W@Z
?LoadBuffer@XML@@UAEHPAD@Z
?NodeExists@XML@@UAEHPAD0@Z
?ParseTag@XML@@UAEPADPAPAD0PAD@Z
?ParseTagEnd@XML@@UAEHPAPADPAD@Z
?Print@XML@@UAEKXZ
?SaveAdvanceTag@XML@@AAEXPAPAD@Z
?SaveFile@XML@@UAEHPA_W@Z
?SaveGetStartEnd@XML@@AAEHPAVXMLItem@@PAPAV2@1PAD@Z
?SaveGetTag@XML@@AAEPADPAD@Z
?SaveNested@XML@@AAEHPAU_iobuf@@PAVXMLItem@@1PADK@Z
?Set@XML@@UAEHPAD0@Z
?SetDword@XML@@UAEHPADK@Z
?Trim@XML@@SAHPAPAD@Z
CreateXMLClassInstance
ReleaseXMLClassInstance
Sections
UPX0 Size: - Virtual size: 36KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 9KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 5KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
2.0.17/global.xml.wsf
-
2.0.17/ipsupporttool.exe.exe windows:5 windows x86 arch:x86
41f1ea213e0e52c24ab4a6997b501d6f
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
25:47:b0:da:73:5e:fb:4b:02:0f:c8:38:ad:98:21:16Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before20/07/2010, 00:00Not After18/08/2011, 23:59SubjectCN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
79:32:e4:08:af:39:57:f2:29:64:3d:d1:1b:0a:a3:41:83:af:ba:b0Signer
Actual PE Digest79:32:e4:08:af:39:57:f2:29:64:3d:d1:1b:0a:a3:41:83:af:ba:b0Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
D:\Builder\Builds\2.0.17.48\air\2.0.17\agent\Release\ipsupporttool-1.pdb
Imports
fltlib
FilterFindFirst
FilterFindNext
FilterFindClose
dmz
ReleaseMinizipClassInstance
CreateMinizipClassInstance
kernel32
LoadLibraryW
GetVersionExW
GetTimeZoneInformation
GetTempPathW
GetLastError
GetCurrentDirectoryW
GetProcAddress
FindClose
FindNextFileW
WideCharToMultiByte
FormatMessageW
GetModuleFileNameW
SetLastError
LocalFree
GetUserDefaultLangID
GetCurrentProcessId
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ExpandEnvironmentStringsA
GetModuleHandleW
FindFirstFileExW
GetSystemDefaultLangID
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
Sleep
InterlockedExchange
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
user32
LoadStringW
advapi32
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
EnumServicesStatusExW
CloseServiceHandle
shell32
SHGetFolderPathW
msvcr90
wcsrchr
__CxxFrameHandler3
wcscat_s
strcat_s
wcscpy_s
_wcsdup
sprintf_s
_scprintf
_localtime64_s
fflush
_wfopen
vsprintf_s
printf
fprintf
strftime
_vscprintf
fclose
_time64
_errno
??3@YAXPAX@Z
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
__winitenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_time32
swprintf_s
realloc
malloc
free
_localtime32_s
memset
Sections
.text Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1016B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
2.0.17/iptray.exe.exe windows:5 windows x86 arch:x86
a894e7986baba8ff4e0d6a3de24c2c7b
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
25:47:b0:da:73:5e:fb:4b:02:0f:c8:38:ad:98:21:16Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before20/07/2010, 00:00Not After18/08/2011, 23:59SubjectCN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
7b:6e:c0:fa:72:ee:54:5d:57:7f:c5:10:d2:da:e0:6a:17:06:98:bcSigner
Actual PE Digest7b:6e:c0:fa:72:ee:54:5d:57:7f:c5:10:d2:da:e0:6a:17:06:98:bcDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
D:\Builder\Builds\2.0.17.48\air\2.0.17\agent\Release\iptray-1.pdb
Imports
dhr
GetIUpdateHttp
ReleaseINotificationHttp
GetINotificationHttp
GetIBannerHttp
ReleaseICommunityHttp
ReleaseIUpdateHttp
GetICommunityHttp
dut
?GetFilePathFromProcessID@Util@@SAHKPB_WK@Z
?VerifySignature@Util@@SAHPB_WPAX@Z
?error@@YAXPA_WZZ
?error@@YAXPADZZ
?trace_open@@YAHPB_W0@Z
?trace_open@@YAHXZ
?setDebugLevel@@YAXH@Z
?UnixTimeToFileTime@Util@@SAH_JPAU_FILETIME@@@Z
?GetOsVersion@Util@@SAKXZ
?CheckFilePath@Util@@SAHPB_W@Z
?DaclSetBuiltInUsers@Util@@SAHPA_W@Z
dcf
?GetDword@Config@@UAEKPAD@Z
?DeleteW@Config@@UAEKPBDPB_WH@Z
?AddMany@Config@@UAEHPADPAPADH@Z
?GetLocal@Config@@UAEPADPAD@Z
?GetFullVersionW@Config@@UAEPA_WXZ
?FreeW@Config@@UAEXPA_W@Z
CreateConfigClassInstance
ReleaseConfigClassInstance
?GetManyW@Config@@UAEPAPA_WPAD@Z
?FreeManyW@Config@@UAEXPAPA_W@Z
?AddW@Config@@UAEHPADPA_WH@Z
?Save@Config@@UAEHH@Z
?Delete@Config@@UAEKPADH@Z
?AddManyW@Config@@UAEHPADPAPA_WH@Z
??0Config@@QAE@XZ
??1Config@@QAE@XZ
?Load@Config@@UAEHXZ
?Set@Config@@UAEHPAD0H@Z
?Add@Config@@UAEHPAD0H@Z
?GetPipeSettings@Config@@UAEJPAUpipeSettings@@@Z
?Get@Config@@UAEPADPAD@Z
?GetMany@Config@@UAEPAPADPAD@Z
?Free@Config@@UAEHXZ
?FreeMany@Config@@UAEXPAPAD@Z
?Delete@Config@@UAEKPBD0H@Z
?Exists@Config@@UAEHPAD@Z
?ReLoad@Config@@UAEHXZ
?Load@Config@@UAEHPA_W0@Z
?SetDword@Config@@UAEHPADKH@Z
?SetW@Config@@UAEHPADPA_WH@Z
?AddDword@Config@@UAEHPADKH@Z
?GetW@Config@@UAEPA_WPAD@Z
dxm
??4XML@@QAEAAV0@ABV0@@Z
??0XML@@QAE@ABV0@@Z
psapi
GetProcessMemoryInfo
dbghelp
MiniDumpWriteDump
secur32
GetUserNameExW
kernel32
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
GetFileSizeEx
GetFileTime
GetTempFileNameW
GetTempPathW
SearchPathW
GetProfileIntW
VirtualProtect
FindResourceExW
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetCPInfo
HeapReAlloc
HeapAlloc
WritePrivateProfileStringW
VirtualQuery
ExitThread
CreateThread
RtlUnwind
HeapSize
SetStdHandle
GetFileType
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCurrentDirectoryA
GetDriveTypeA
CreateFileA
SetEnvironmentVariableA
GetPrivateProfileIntW
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalGetAtomNameW
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
CompareStringA
GetThreadLocale
GetFileSize
lstrlenA
GetModuleHandleA
SetErrorMode
SuspendThread
ResumeThread
SetThreadPriority
FindFirstFileW
FileTimeToLocalFileTime
FindNextFileW
FindClose
FreeResource
GlobalAddAtomW
GlobalFindAtomW
InterlockedCompareExchange
GetProcessHeap
GetFileAttributesW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetModuleHandleW
GetVersionExA
SetLastError
GlobalFree
CopyFileW
GlobalSize
GlobalUnlock
lstrlenW
MulDiv
GlobalLock
GlobalAlloc
GetTimeFormatW
GetNumberFormatW
GetLocaleInfoW
ReadFile
SetNamedPipeHandleState
GetOverlappedResult
WriteFile
ResetEvent
GetVersion
WideCharToMultiByte
GetSystemTimes
GetSystemInfo
GlobalMemoryStatusEx
OpenProcess
GetProcessTimes
ReleaseSemaphore
CreateSemaphoreW
LocalFree
FormatMessageW
GetSystemTime
FileTimeToSystemTime
Process32NextW
ProcessIdToSessionId
Process32FirstW
CreateToolhelp32Snapshot
SetCurrentDirectoryW
MultiByteToWideChar
ExitProcess
SetProcessWorkingSetSize
ReleaseMutex
CreateMutexW
GetProcAddress
GetCurrentDirectoryW
ExpandEnvironmentStringsW
GetVersionExW
lstrcpyW
GetCurrentProcessId
CloseHandle
GetCurrentThreadId
RaiseException
CreateFileW
GetModuleFileNameW
OutputDebugStringW
GetCurrentProcess
CreateProcessW
InterlockedExchange
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
GetLocalTime
GetTickCount
FreeLibrary
LoadLibraryW
WaitForMultipleObjects
InterlockedDecrement
DeleteFileW
WaitForSingleObject
SetEvent
GetLastError
CreateEventW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
FindResourceW
LoadResource
LockResource
SizeofResource
GetSystemTimeAsFileTime
InterlockedIncrement
VirtualAlloc
user32
DrawIconEx
DrawEdge
DrawFrameControl
DrawFocusRect
SetCursorPos
EnableScrollBar
GetMenuDefaultItem
IsCharLowerW
MapVirtualKeyExW
IsClipboardFormatAvailable
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
FrameRect
GetUpdateRect
CharUpperBuffW
CopyIcon
SubtractRect
GetIconInfo
GetDoubleClickTime
CreateMenu
GetWindowRgn
DestroyCursor
SetCapture
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableW
GetMenuItemInfoW
InflateRect
UnpackDDElParam
ReuseDDElParam
ReleaseCapture
LoadAcceleratorsW
InvalidateRect
InsertMenuItemW
CreatePopupMenu
TranslateAcceleratorW
ShowOwnedPopups
MessageBeep
IsZoomed
PostQuitMessage
CharNextW
SetWindowContextHelpId
MapDialogRect
EndPaint
BeginPaint
ClientToScreen
GrayStringW
DrawTextExW
TabbedTextOutW
FillRect
UnregisterClassW
ValidateRect
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
IsWindowEnabled
GetNextDlgTabItem
EndDialog
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
GetDlgItem
GetTopWindow
DestroyWindow
EmptyClipboard
UnionRect
GetMessagePos
PeekMessageW
MapWindowPoints
ScrollWindow
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
IsWindowVisible
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
ScreenToClient
EqualRect
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
CallWindowProcW
GetMenu
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetMenuState
GetMenuStringW
AppendMenuW
InsertMenuW
GetMenuItemCount
RemoveMenu
DefWindowProcW
SetCursor
DrawTextW
PtInRect
GetWindowDC
CopyRect
GetSysColorBrush
SetRectEmpty
SetRect
CheckMenuItem
EnableMenuItem
RedrawWindow
SetParent
EnumChildWindows
GetClassNameW
GetMenuItemID
DestroyMenu
TrackPopupMenu
SetForegroundWindow
GetCursorPos
SetMenuItemBitmaps
SetMenuDefaultItem
GetSubMenu
LoadMenuW
IsWindow
DestroyIcon
LoadImageW
EndDeferWindowPos
BeginDeferWindowPos
BringWindowToTop
LoadStringW
GetWindow
GetWindowThreadProcessId
FindWindowW
CloseClipboard
SetClipboardData
MessageBoxW
SetWindowRgn
GetAsyncKeyState
DispatchMessageW
TranslateMessage
GetMessageW
DrawIcon
IsIconic
CloseWindow
wsprintfW
RegisterClassExW
LoadIconW
LoadCursorW
GetClientRect
ReleaseDC
UpdateLayeredWindow
GetDC
DeferWindowPos
SetActiveWindow
GetWindowRect
SetWindowLongW
GetWindowLongW
GetSystemMetrics
SystemParametersInfoW
RegisterWindowMessageW
SendMessageW
KillTimer
GetParent
PostMessageW
EnableWindow
SetTimer
GetMessageTime
GetKeyNameTextW
CopyImage
OpenClipboard
DrawStateW
RegisterClipboardFormatW
LockWindowUpdate
IsMenu
GetSystemMenu
SetClassLongW
NotifyWinEvent
CreateAcceleratorTableW
DestroyAcceleratorTable
CharUpperW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyW
ToUnicodeEx
PostThreadMessageW
DeleteMenu
WaitMessage
WindowFromPoint
GetNextDlgGroupItem
UnhookWindowsHookEx
AdjustWindowRectEx
gdi32
SelectClipRgn
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
GetBkColor
GetTextColor
GetTextExtentPoint32W
CreateRectRgnIndirect
GetMapMode
PatBlt
DPtoLP
GetRgnBox
GetTextMetricsW
OffsetRgn
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
CreateRoundRectRgn
RealizePalette
SetPixel
CreateEllipticRgn
CreatePolygonRgn
Polyline
Ellipse
Polygon
Rectangle
RoundRect
CreatePalette
GetPaletteEntries
GetWindowOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetViewportOrgEx
LPtoDP
ExtFloodFill
SetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExW
GetTextFaceW
SetPixelV
SetRectRgn
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
CopyMetaFileW
GetDeviceCaps
GetPixel
BitBlt
GetDIBits
CombineRgn
CreateRectRgn
CreateFontIndirectW
GetRegionData
ExtCreateRegion
CreateDIBSection
GetObjectW
SetDIBColorTable
DeleteObject
GetDIBColorTable
StretchBlt
DeleteDC
SelectObject
CreateCompatibleBitmap
CreateHatchBrush
CreateCompatibleDC
msimg32
TransparentBlt
AlphaBlend
comdlg32
GetFileTitleW
winspool.drv
OpenPrinterW
DocumentPropertiesW
ClosePrinter
advapi32
RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
GetUserNameW
shell32
SHBrowseForFolderW
SHGetFileInfoW
SHGetPathFromIDListW
ShellExecuteW
DragQueryFileW
DragFinish
SHGetFolderPathA
SHAppBarMessage
Shell_NotifyIconW
SHPathPrepareForWriteW
comctl32
InitCommonControlsEx
_TrackMouseEvent
ImageList_GetIconSize
shlwapi
PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
PathRemoveFileSpecW
oledlg
OleUIBusyW
ole32
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
OleLockRunning
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoDisconnectObject
OleGetClipboard
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
IsAccelerator
CoUninitialize
CoInitializeEx
CoRevokeClassObject
CoRegisterMessageFilter
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleTranslateAccelerator
CreateStreamOnHGlobal
CoTaskMemFree
OleDestroyMenuDescriptor
CoGetClassObject
OleCreateMenuDescriptor
oleaut32
SafeArrayUnaccessData
SafeArrayDestroy
SysAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayCreate
SafeArrayPutElement
SysStringLen
SysStringByteLen
VariantChangeType
VariantCopy
DispCallFunc
LoadRegTypeLi
OleCreateFontIndirect
SafeArrayGetElemsize
SafeArrayAccessData
LoadTypeLi
SysFreeString
SysAllocString
VariantClear
VariantInit
gdiplus
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipCloneImage
GdipAlloc
GdipFree
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
imm32
ImmReleaseContext
ImmGetContext
ImmGetOpenStatus
winmm
PlaySoundW
Exports
Exports
??0Config@@QAE@ABV0@@Z
??4Config@@QAEAAV0@ABV0@@Z
??_7Config@@6B@
Sections
.text Size: 1.7MB - Virtual size: 1.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 380KB - Virtual size: 379KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 107KB - Virtual size: 156KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 95KB - Virtual size: 94KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 229KB - Virtual size: 229KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
2.0.17/uninstall.exe.exe windows:5 windows x86 arch:x86
bf95d1fc1d10de18b32654b123ad5e1f
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
25:47:b0:da:73:5e:fb:4b:02:0f:c8:38:ad:98:21:16Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before20/07/2010, 00:00Not After18/08/2011, 23:59SubjectCN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
61:0c:12:06:00:00:00:00:00:1bCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2006, 17:01Not After23/05/2016, 17:11SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
4a:62:f6:8e:81:14:14:90:bd:2d:9b:4d:3d:85:bd:86:3f:26:2c:91Signer
Actual PE Digest4a:62:f6:8e:81:14:14:90:bd:2d:9b:4d:3d:85:bd:86:3f:26:2c:91Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW
user32
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow
gdi32
SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject
shell32
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation
advapi32
RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW
comctl32
ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create
ole32
CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance
version
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
Sections
.text Size: 26KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 452KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 596KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
2.0.17/updater.exe.exe windows:5 windows x86 arch:x86
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
25:47:b0:da:73:5e:fb:4b:02:0f:c8:38:ad:98:21:16Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before20/07/2010, 00:00Not After18/08/2011, 23:59SubjectCN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
eb:6c:94:85:27:18:1f:b5:0f:04:12:11:92:31:97:b7:42:8c:cd:42Signer
Actual PE Digesteb:6c:94:85:27:18:1f:b5:0f:04:12:11:92:31:97:b7:42:8c:cd:42Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 44KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 14KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
tetra/BDUpdateServiceCom.dll.dll regsvr32 windows:4 windows x86 arch:x86
68454f50735500c10fc7492fee12c9c5
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
1e:44:68:3e:8f:d5:c1:e3:94:85:de:55:8e:87:77:79Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before05/08/2009, 00:00Not After18/08/2010, 23:59SubjectCN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
61:0c:12:06:00:00:00:00:00:1bCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2006, 17:01Not After23/05/2016, 17:11SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
27:a1:2b:2f:ec:b5:fc:99:43:92:02:15:83:ef:28:a4:4b:07:aa:90Signer
Actual PE Digest27:a1:2b:2f:ec:b5:fc:99:43:92:02:15:83:ef:28:a4:4b:07:aa:90Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
e:\Work\OEMSdk-Kit\redist\Win32\BDUpdateServiceCom.pdb
Imports
kernel32
GetFileSize
CreateFileW
CreateMutexA
WriteFile
GetVersionExA
FindClose
FindFirstFileW
GetProcAddress
LoadLibraryA
DeviceIoControl
GetVersion
CreateFileA
FileTimeToDosDateTime
FileTimeToLocalFileTime
SetFilePointer
ReadFile
GetFileType
GetStdHandle
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
FlushConsoleInputBuffer
WideCharToMultiByte
HeapFree
GetProcessHeap
SetConsoleMode
ReadConsoleInputA
DuplicateHandle
OutputDebugStringA
GetThreadLocale
SetThreadLocale
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetModuleFileNameW
FreeLibrary
CloseHandle
CreateMutexW
WaitForSingleObject
ReleaseMutex
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetCurrentThreadId
lstrlenW
GetDriveTypeA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEndOfFile
SetStdHandle
LCMapStringW
LCMapStringA
GetCurrentDirectoryA
GetFullPathNameW
FlushFileBuffers
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
Sleep
IsValidCodePage
GetOEMCP
GetCPInfo
HeapSize
SetLastError
InterlockedExchange
GetACP
GetLocaleInfoA
HeapAlloc
RtlUnwind
HeapReAlloc
VirtualProtect
VirtualAlloc
GetModuleHandleA
GetSystemInfo
VirtualQuery
GetCommandLineA
DeleteFileW
GetSystemTimeAsFileTime
FileTimeToSystemTime
GetDriveTypeW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
CreateDirectoryW
MoveFileW
GetConsoleCP
GetConsoleMode
SetConsoleCtrlHandler
VirtualFree
HeapDestroy
HeapCreate
ExitProcess
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
user32
GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow
MessageBoxA
UnregisterClassA
CharNextW
advapi32
ReportEventA
DeregisterEventSource
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegisterEventSourceA
ole32
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc
oleaut32
UnRegisterTypeLi
SysFreeString
VariantInit
VariantClear
SysAllocString
VarUI4FromStr
SysStringLen
LoadRegTypeLi
LoadTypeLi
BSTR_UserUnmarshal
RegisterTypeLi
BSTR_UserFree
BSTR_UserMarshal
BSTR_UserSize
rpcrt4
NdrStubCall2
NdrStubForwardingFunction
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
Exports
Exports
BDUpdSdkCreate
BDUpdSdkDestroy
BDUpdSdkPerformInstall
BDUpdSdkPerformUpdate
BDUpdSdkResetAllSettings
BDUpdSdkSetOption
BDUpdSdkStop
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 552KB - Virtual size: 551KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.orpc Size: 4KB - Virtual size: 267B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 152KB - Virtual size: 149KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 68KB - Virtual size: 400KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 44KB - Virtual size: 43KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tetra/avxdisk.dll.dll windows:4 windows x86 arch:x86
27cf9cfbea40d9de75b282a2af83716a
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
d:\work\bd7\plugins\tools\sdragan\avxdisk\release\avxdisk.pdb
Imports
kernel32
CreateFileA
DeviceIoControl
CloseHandle
SetFilePointerEx
WriteFile
ReadFile
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
Exports
Exports
getgeometry
readsector
writesector
Sections
.text Size: 28KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 176B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tetra/bdardrv.dll.dll windows:4 windows x86 arch:x86
2cb533e4fcab0a4f2b745893c4745713
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
1e:44:68:3e:8f:d5:c1:e3:94:85:de:55:8e:87:77:79Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before05/08/2009, 00:00Not After18/08/2010, 23:59SubjectCN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
61:0c:12:06:00:00:00:00:00:1bCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2006, 17:01Not After23/05/2016, 17:11SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
b5:0a:5a:57:9e:87:a3:bf:da:ae:16:5a:d8:84:96:fc:95:d8:32:49Signer
Actual PE Digestb5:0a:5a:57:9e:87:a3:bf:da:ae:16:5a:d8:84:96:fc:95:d8:32:49Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
d:\Desktop11\trunk\bin\Win32\Release\bdardrv.pdb
Imports
kernel32
SuspendThread
GetLastError
MoveFileW
FlushFileBuffers
CreateFileW
Sleep
WaitForSingleObject
GetVersion
CreateFileA
GetModuleFileNameA
CloseHandle
ResumeThread
OutputDebugStringW
GetModuleFileNameW
LoadLibraryExW
GetProcAddress
FreeLibrary
HeapFree
HeapAlloc
ExitThread
GetCurrentThreadId
CreateThread
GetCommandLineA
GetVersionExA
GetProcessHeap
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
InitializeCriticalSection
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
user32
wsprintfW
advapi32
ControlService
OpenServiceW
StartServiceW
CreateServiceW
CloseServiceHandle
OpenSCManagerW
DeleteService
Exports
Exports
rkAPI_AddFileScanPath
rkAPI_CloseFindHandle
rkAPI_GetFileScanStatus
rkAPI_GetHandleToHiddenFileList
rkAPI_GetHandleToHiddenProcessList
rkAPI_GetNextHiddenFile
rkAPI_GetNextHiddenProcess
rkAPI_GetProcessScanStatus
rkAPI_GetStatistics
rkAPI_InitAPI
rkAPI_InitScanEngines
rkAPI_IsScanFinished
rkAPI_PauseScan
rkAPI_RenameFile
rkAPI_SetScanOptions
rkAPI_StartScan
rkAPI_StopScan
rkAPI_UninitAPI
rkAPI_UninitScanEngines
Sections
.text Size: 52KB - Virtual size: 51KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 16KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 860B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tetra/bdcore.dll.dll windows:4 windows x86 arch:x86
2925528018b2621caf76ae37831a0b5b
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
1e:44:68:3e:8f:d5:c1:e3:94:85:de:55:8e:87:77:79Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before05/08/2009, 00:00Not After18/08/2010, 23:59SubjectCN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
61:0c:12:06:00:00:00:00:00:1bCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2006, 17:01Not After23/05/2016, 17:11SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
47:82:26:10:2d:90:4e:cd:39:e5:08:58:cf:93:f0:45:89:2a:b8:90Signer
Actual PE Digest47:82:26:10:2d:90:4e:cd:39:e5:08:58:cf:93:f0:45:89:2a:b8:90Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
SetErrorMode
LoadLibraryA
FreeLibrary
GetProcAddress
CloseHandle
GetFileSize
ReadFile
WriteFile
SetFilePointer
GetFileType
CreateFileA
GetLastError
GetModuleFileNameA
GetSystemDirectoryA
GetFileAttributesA
GetTempPathA
WideCharToMultiByte
MultiByteToWideChar
SetLastError
GetFullPathNameA
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
SetFileAttributesA
SetEndOfFile
RemoveDirectoryA
MoveFileExA
MoveFileA
LeaveCriticalSection
InitializeCriticalSection
GetWindowsDirectoryA
GetVersionExA
GetShortPathNameA
GetModuleHandleA
FlushFileBuffers
FindNextFileA
FindFirstFileA
FindClose
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
CreateFileMappingA
CreateDirectoryA
CopyFileA
VirtualAlloc
VirtualFree
VirtualProtect
HeapFree
HeapAlloc
HeapReAlloc
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
HeapDestroy
HeapCreate
ExitProcess
TerminateProcess
GetCurrentProcess
RtlUnwind
RaiseException
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
InterlockedExchange
VirtualQuery
CompareStringA
GetCPInfo
CompareStringW
GetACP
GetOEMCP
SetEnvironmentVariableA
GetLocaleInfoA
GetSystemInfo
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
HeapSize
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
shell32
SHGetMalloc
SHGetPathFromIDListA
SHGetDesktopFolder
Exports
Exports
CoreDeleteInstance
CoreGet
CoreInit
CoreInit2
CoreInit3
CoreInit4
CoreInit5
CoreNewInstance
CoreSet
CoreUninit
Sections
.text Size: 60KB - Virtual size: 56KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 16KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 784B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tetra/driverctrl.exe.exe windows:4 windows x86 arch:x86
15685cb2c4d67fb8c6aa49154d050c23
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
c:\repo2\firewall\trunk\bin\Win32\Release\driverctrl.pdb
Imports
kernel32
GetProcessHeap
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
Sleep
GetProcAddress
GetModuleHandleA
ExitProcess
RaiseException
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
WriteFile
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapAlloc
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
LoadLibraryA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetFilePointer
SetStdHandle
CreateFileA
GetVersionExA
HeapFree
LeaveCriticalSection
EnterCriticalSection
CloseHandle
GetSystemDirectoryW
CopyFileW
GetLastError
FormatMessageW
LocalFree
GetCommandLineA
GetCommandLineW
shell32
CommandLineToArgvW
advapi32
QueryServiceConfigW
ChangeServiceConfigW
ControlService
StartServiceW
OpenServiceW
DeleteService
OpenSCManagerW
CreateServiceW
RegOpenKeyExW
RegDeleteValueW
RegCloseKey
CloseServiceHandle
Sections
.text Size: 44KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tetra/profos.dll.dll windows:6 windows x86 arch:x86
4cbab6a583c0ff20ef8cdcdd5100c46f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
k:\profos\20080827\source\dll\objfre_w2k_x86\i386\profos.pdb
Imports
kernel32
HeapAlloc
GetProcessHeap
HeapFree
DisableThreadLibraryCalls
DeviceIoControl
GetProcAddress
GetModuleHandleW
CreateFileW
CloseHandle
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ntdll
memset
Exports
Exports
RBGetto
RBMetto
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 936B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 406B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tetra/profos.sys.sys windows:6 windows x86 arch:x86
279f29389c5622739088c3a3853ad261
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
IoCreateSymbolicLink
IoCreateDevice
RtlAppendUnicodeStringToString
RtlCopyUnicodeString
ExFreePoolWithTag
RtlInitUnicodeString
memcpy
memset
ExAllocatePoolWithTag
NtBuildNumber
KeDelayExecutionThread
RtlVolumeDeviceToDosName
ObQueryNameString
KeDetachProcess
MmSystemRangeStart
KeAttachProcess
MmGetSystemRoutineAddress
KeWaitForSingleObject
IoGetCurrentProcess
PsProcessType
IoThreadToProcess
PsThreadType
KeInitializeEvent
KeReleaseSemaphore
ZwClose
ObfDereferenceObject
ObReferenceObjectByHandle
ZwOpenProcess
KeSetEvent
PsTerminateSystemThread
PsCreateSystemThread
KeInitializeSemaphore
KeTickCount
KeBugCheckEx
IofCompleteRequest
IoDeleteDevice
PsLookupProcessByProcessId
IoDeleteSymbolicLink
RtlUnwind
hal
KfReleaseSpinLock
KeGetCurrentIrql
KfAcquireSpinLock
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 500B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 256B - Virtual size: 192B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 768B - Virtual size: 686B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tetra/scan.dll.dll regsvr32 windows:4 windows x86 arch:x86
f6d8b9666645f181fbd8fcc2478a93c0
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
1e:44:68:3e:8f:d5:c1:e3:94:85:de:55:8e:87:77:79Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before05/08/2009, 00:00Not After18/08/2010, 23:59SubjectCN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
61:0c:12:06:00:00:00:00:00:1bCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2006, 17:01Not After23/05/2016, 17:11SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
c3:20:50:2d:1f:5f:2b:c6:8c:38:f4:ed:de:9a:55:76:85:84:da:02Signer
Actual PE Digestc3:20:50:2d:1f:5f:2b:c6:8c:38:f4:ed:de:9a:55:76:85:84:da:02Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
d:\Projects\ThreatScanner\trunk\trunk\bin\Win32\Release\scan.pdb
Imports
shlwapi
PathIsNetworkPathW
wtsapi32
WTSSendMessageW
version
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
kernel32
MultiByteToWideChar
GetDriveTypeW
GetModuleFileNameW
FreeLibrary
LoadLibraryExW
GetModuleHandleW
WideCharToMultiByte
SetUnhandledExceptionFilter
DeleteFileW
GetTempFileNameW
GetTempPathW
GetProcAddress
LoadLibraryW
GetTickCount
CloseHandle
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
WriteFile
CreateFileW
IsBadReadPtr
GetFileAttributesW
CreateThread
WaitForSingleObject
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
ExitProcess
Sleep
lstrcpyW
CreateEventW
SetEvent
ReadFile
SetFilePointerEx
SetEndOfFile
OutputDebugStringW
OpenProcess
SetFileAttributesW
SetThreadPriority
GetThreadPriority
GetCurrentThread
MapViewOfFile
OpenFileMappingW
UnmapViewOfFile
MoveFileExW
GetFileSize
lstrlenA
HeapFree
GetProcessHeap
IsValidCodePage
GetOEMCP
GetCPInfo
LoadLibraryA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetLastError
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetConsoleCP
WriteConsoleA
GetConsoleMode
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
FreeEnvironmentStringsA
FlushFileBuffers
SetStdHandle
GetTimeZoneInformation
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
HeapCreate
VirtualFree
GetCommandLineA
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
VirtualQuery
GetSystemInfo
GetModuleHandleA
VirtualAlloc
VirtualProtect
RtlUnwind
HeapSize
HeapReAlloc
HeapAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
user32
GetMessageW
DispatchMessageW
MessageBoxW
LoadStringW
CharNextW
TranslateMessage
PostThreadMessageW
UnregisterClassA
advapi32
OpenProcessToken
ImpersonateLoggedOnUser
RegisterServiceCtrlHandlerW
CreateServiceW
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource
ControlService
DeleteService
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RevertToSelf
ole32
CoRegisterClassObject
CoRevokeClassObject
CoImpersonateClient
CoInitializeEx
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CoSuspendClassObjects
CoCreateInstance
CoResumeClassObjects
CoRevertToSelf
StringFromGUID2
oleaut32
LoadTypeLi
SafeArrayGetVartype
SysStringLen
VariantInit
SafeArrayCopy
VariantClear
SysAllocString
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayLock
SafeArrayUnlock
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
RegisterTypeLi
UnRegisterTypeLi
SafeArrayRedim
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree
VARIANT_UserSize
VARIANT_UserMarshal
VARIANT_UserUnmarshal
VARIANT_UserFree
SafeArrayCreate
LoadRegTypeLi
VarUI4FromStr
SafeArrayDestroy
SysFreeString
rpcrt4
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
NdrStubForwardingFunction
NdrStubCall2
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ServiceMain
ThreatScanner_CreateInstance
ThreatScanner_DeleteException
ThreatScanner_DestroyInstance
ThreatScanner_EnumerateDatabaseRecords
ThreatScanner_GetDatabaseInformation
ThreatScanner_GetLicenseInformation
ThreatScanner_GetOption
ThreatScanner_GetVersion
ThreatScanner_Initialize
ThreatScanner_InitializeMemoryScan
ThreatScanner_ScanBuffer
ThreatScanner_ScanMemory
ThreatScanner_ScanObject
ThreatScanner_ScanObjectByHandle
ThreatScanner_ScanPath
ThreatScanner_ScanStream
ThreatScanner_SetHashCallback
ThreatScanner_SetIntOption
ThreatScanner_SetPasswordCallback
ThreatScanner_SetScanCallback
ThreatScanner_SetScanPriority
ThreatScanner_SetStringOption
ThreatScanner_Uninitialize
ThreatScanner_UninitializeMemoryScan
Sections
.text Size: 188KB - Virtual size: 186KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.orpc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 52KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 20KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 24KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tetra/setloadorder.exe.exe windows:4 windows x86 arch:x86
45083a2d38e494503c9eed4bbd1e566e
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
c:\repo2\firewall\trunk\bin\Win32\Release\setloadorder.pdb
Imports
kernel32
GetCommandLineW
GetLastError
HeapReAlloc
HeapAlloc
HeapFree
GetVersionExA
GetProcessHeap
GetStartupInfoW
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapSize
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
CloseHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
advapi32
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
shell32
CommandLineToArgvW
Sections
.text Size: 44KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 176B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tetra/trufos.dll.dll windows:6 windows x86 arch:x86
725c6463726fafbce61db84da486621b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
k:\trufos\20081020\source\dll\objfre_w2k_x86\i386\trufos.pdb
Imports
kernel32
SetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FindClose
FindNextFileW
FindFirstFileW
GetLastError
CloseHandle
GetCurrentProcess
GetFileAttributesW
GetProcAddress
GetModuleHandleW
InitializeCriticalSection
HeapAlloc
GetProcessHeap
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlUnwind
CreateFileW
DeviceIoControl
DisableThreadLibraryCalls
ntdll
memmove
ZwQueryDirectoryFile
ZwClose
RtlNtStatusToDosError
ZwOpenFile
_wcsicmp
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
memset
memcpy
towupper
advapi32
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW
Exports
Exports
RBCStrMatchA
RBCStrMatchW
RBCalcAvgA
RBCalcAvgW
RBCalcDev
RBCalcMaxA
RBCalcMaxW
RBCalcMed
RBCalcMin
RBCalcSum
RBCompMed
RBCompMin
Sections
.text Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 596B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tetra/trufos.sys.sys windows:6 windows x86 arch:x86
3640472bfb19dfa42e4c8a843de4343b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
KeWaitForSingleObject
KeInitializeEvent
ObfDereferenceObject
IoGetRelatedDeviceObject
ZwClose
ObReferenceObjectByHandle
ZwCreateFile
IoSetThreadHardErrorMode
RtlInitUnicodeString
memset
memcpy
IofCompleteRequest
MmMapLockedPagesSpecifyCache
ExQueueWorkItem
ExAllocatePool
IoRegisterFsRegistrationChange
PsSetLoadImageNotifyRoutine
ExInitializeNPagedLookasideList
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlCopyUnicodeString
ExAllocatePoolWithTag
IoAllocateDriverObjectExtension
ExFreePoolWithTag
ObQueryNameString
RtlCompareUnicodeString
ExInterlockedPushEntrySList
ExInterlockedPopEntrySList
IofCallDriver
IoAttachDeviceToDeviceStack
_wcsnicmp
RtlEqualUnicodeString
ObfReferenceObject
IoFileObjectType
ZwOpenFile
IoAttachDevice
IoDetachDevice
ProbeForWrite
ProbeForRead
RtlAppendUnicodeStringToString
MmIsAddressValid
strcmp
ZwQuerySystemInformation
RtlRandom
KeQuerySystemTime
RtlAnsiStringToUnicodeString
RtlInitAnsiString
PsTerminateSystemThread
PsCreateSystemThread
MmGetSystemRoutineAddress
ZwDeleteKey
ZwOpenKey
ZwEnumerateKey
ZwDeleteValueKey
ZwEnumerateValueKey
ZwSetValueKey
ZwCreateKey
KeTickCount
KeBugCheckEx
IoGetDriverObjectExtension
KeSetEvent
RtlUnwind
DbgPrint
RtlAnsiCharToUnicodeChar
hal
KfReleaseSpinLock
KfAcquireSpinLock
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 768B - Virtual size: 692B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 904B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
update/bdcore.dll.dll windows:4 windows x86 arch:x86
2925528018b2621caf76ae37831a0b5b
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
1e:44:68:3e:8f:d5:c1:e3:94:85:de:55:8e:87:77:79Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before05/08/2009, 00:00Not After18/08/2010, 23:59SubjectCN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
61:0c:12:06:00:00:00:00:00:1bCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2006, 17:01Not After23/05/2016, 17:11SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
47:82:26:10:2d:90:4e:cd:39:e5:08:58:cf:93:f0:45:89:2a:b8:90Signer
Actual PE Digest47:82:26:10:2d:90:4e:cd:39:e5:08:58:cf:93:f0:45:89:2a:b8:90Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
SetErrorMode
LoadLibraryA
FreeLibrary
GetProcAddress
CloseHandle
GetFileSize
ReadFile
WriteFile
SetFilePointer
GetFileType
CreateFileA
GetLastError
GetModuleFileNameA
GetSystemDirectoryA
GetFileAttributesA
GetTempPathA
WideCharToMultiByte
MultiByteToWideChar
SetLastError
GetFullPathNameA
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
SetFileAttributesA
SetEndOfFile
RemoveDirectoryA
MoveFileExA
MoveFileA
LeaveCriticalSection
InitializeCriticalSection
GetWindowsDirectoryA
GetVersionExA
GetShortPathNameA
GetModuleHandleA
FlushFileBuffers
FindNextFileA
FindFirstFileA
FindClose
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
CreateFileMappingA
CreateDirectoryA
CopyFileA
VirtualAlloc
VirtualFree
VirtualProtect
HeapFree
HeapAlloc
HeapReAlloc
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
HeapDestroy
HeapCreate
ExitProcess
TerminateProcess
GetCurrentProcess
RtlUnwind
RaiseException
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
InterlockedExchange
VirtualQuery
CompareStringA
GetCPInfo
CompareStringW
GetACP
GetOEMCP
SetEnvironmentVariableA
GetLocaleInfoA
GetSystemInfo
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
HeapSize
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
shell32
SHGetMalloc
SHGetPathFromIDListA
SHGetDesktopFolder
Exports
Exports
CoreDeleteInstance
CoreGet
CoreInit
CoreInit2
CoreInit3
CoreInit4
CoreInit5
CoreNewInstance
CoreSet
CoreUninit
Sections
.text Size: 60KB - Virtual size: 56KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 16KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 784B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ