russia[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

russia.zip
Size

162.8MB
MD5

93c66a885fb770cc5a97be4b5bcfc56e
SHA1

25c1f6be2de58825e2e98f6cebe3fe12b74e4b69
SHA256

209a8fac9697bb313d4eb4a081927a79e7f4e20f0782cf48b74cd372b00c511c
SHA512

6a89a5099beaf0edecd1a35e178fda12170fe0dfeb93ce540a2d6f215cc34ceeabd988598ac234a88f29f815591b796d6e9988629d89c8e06fe89e2a14a31151
SSDEEP

3145728:zIwOA3nCN8UhJRFpWhrKDBcnB5uCttaPBU0j6K//Cady4dTjvI1dlOzhx:zInA3hUhJRqlK+RtgPBdbzzjQ1dlOzhx

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/patch-1781627.exe	upx

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Adobe Photoshop 2024 2591626 RePack MacOS.exe
unpack002/$PLUGINSDIR/$0
unpack003/$PLUGINSDIR/$0
unpack001/install.exe
unpack001/install2.exe

Files

russia.zip
.zip
Adobe Photoshop 2024 2591626 RePack MacOS.exe
.exe windows:6 windows x86 arch:x86

40ab50289f7ef5fae60801f88d4541fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
GetExitCodeProcess
CloseHandle
LocalFree
SizeofResource
VirtualProtect
QueryPerformanceFrequency
VirtualFree
GetFullPathNameW
GetProcessHeap
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetModuleHandleW
FreeLibrary
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
CreateThread
CompareStringW
LoadLibraryA
ResetEvent
GetVolumeInformationW
GetVersion
GetDriveTypeW
RaiseException
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetSystemWindowsDirectoryW
GetThreadPriority
SetThreadPriority
GetCurrentProcess
VirtualAlloc
GetCommandLineW
GetSystemInfo
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
LCMapStringW
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
GetSystemDirectoryW
DeleteFileW
GetLocalTime
GetEnvironmentVariableW
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
TlsGetValue
GetDateFormatW
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetUserDefaultLangID
RemoveDirectoryW
CreateEventW
SetThreadLocale
GetThreadLocale

comctl32

InitCommonControls

user32

CreateWindowExW
TranslateMessage
CharLowerBuffW
CallWindowProcW
CharUpperW
PeekMessageW
GetSystemMetrics
SetWindowLongW
MessageBoxW
DestroyWindow
CharUpperBuffW
CharNextW
MsgWaitForMultipleObjects
LoadStringW
ExitWindowsEx
DispatchMessageW

oleaut32

SysAllocStringLen
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
VariantChangeType
SafeArrayCreate

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenThreadToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExW
OpenProcessToken
FreeSid
AllocateAndInitializeSid
EqualSid
RegQueryValueExW
GetTokenInformation
ConvertSidToStringSidW
RegCloseKey

Exports

Exports

__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 662KB - Virtual size: 661KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 28KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 113B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Adobe_Photoshop_2021_223049_x64_dHtji.exe
.exe windows:5 windows x86 arch:x86

d65e30146b16dbd7905cef42c0dae1eb

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:30:e6:32:71:e8:11:e7:67:7b:e5:4a
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

20/10/2022, 13:16

Not After

21/10/2023, 13:16

Subject

CN=NBZ OOO,O=NBZ OOO,L=Saint Petersburg,ST=Saint Petersburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:30:e6:32:71:e8:11:e7:67:7b:e5:4a
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

20/10/2022, 13:16

Not After

21/10/2023, 13:16

Subject

CN=NBZ OOO,O=NBZ OOO,L=Saint Petersburg,ST=Saint Petersburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f1:f2:29:a2:b5:27:b4:0d:fc:e0:c2:a9:de:fb:18:28:62:03:83:0b:9d:c1:9a:74:66:fc:0a:03:2a:35:c3:e5
Signer

Actual PE Digest

f1:f2:29:a2:b5:27:b4:0d:fc:e0:c2:a9:de:fb:18:28:62:03:83:0b:9d:c1:9a:74:66:fc:0a:03:2a:35:c3:e5

Digest Algorithm

sha256

PE Digest Matches

true

7f:74:d1:e8:59:3f:9a:69:85:0d:d3:40:87:b7:1b:45:17:b4:60:5e
Signer

Actual PE Digest

7f:74:d1:e8:59:3f:9a:69:85:0d:d3:40:87:b7:1b:45:17:b4:60:5e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

powrprof

CallNtPowerInformation

crypt32

CertFreeCertificateChainEngine
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain

ws2_32

closesocket
WSAGetLastError
recv
bind
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
__WSAFDIsSet
select
accept
getaddrinfo
send
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
htonl
WSAEventSelect
WSAResetEvent
listen
ioctlsocket
freeaddrinfo
WSAWaitForMultipleEvents

normaliz

IdnToAscii

kernel32

GetModuleHandleW
GetProcAddress
FormatMessageW
HeapFree
GetProcessHeap
GetTickCount64
DeleteFileW
CreateFileW
GetFileSizeEx
SetFilePointer
SetEndOfFile
CloseHandle
WriteFile
CreateThread
WaitForSingleObject
WaitForMultipleObjects
MoveFileExW
GetExitCodeProcess
CreateEventW
SetEvent
ReadFile
HeapAlloc
LoadLibraryW
FreeLibrary
CreateDirectoryW
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
GetFileAttributesW
GetModuleFileNameW
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetTempFileNameW
GetTempPathW
GetLocalTime
GetCommandLineW
GetSystemTimeAsFileTime
IsWow64Process
GetCurrentProcess
GetDiskFreeSpaceExW
SizeofResource
GlobalLock
GlobalFree
GlobalUnlock
GetTickCount
CreateMutexW
ReleaseMutex
AllocConsole
GetStdHandle
LocalFree
GlobalMemoryStatusEx
GetSystemInfo
LocalAlloc
GetNativeSystemInfo
GetLocaleInfoA
GetVolumeInformationW
SetLastError
InitializeCriticalSectionEx
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
QueryPerformanceCounter
WaitForSingleObjectEx
GetEnvironmentVariableA
MoveFileExA
CreateFileA
LockResource
LCMapStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlUnwind
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
LoadResource
FindResourceW
VerifyVersionInfoW
VerSetConditionMask
Sleep
GetLastError
TlsFree
LoadLibraryExW
SetStdHandle
GetFileType
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DecodePointer
EncodePointer
GetStringTypeW
ReadConsoleW
GetConsoleOutputCP
HeapReAlloc
HeapSize
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetFilePointerEx
GetFileAttributesExW
FreeResource
GetCurrentDirectoryW
GetFullPathNameW
FlushFileBuffers
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetConsoleMode
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
GlobalAlloc
VirtualQuery

user32

LockWindowUpdate
GetSysColorBrush
SetCursorPos
GetCursorPos
ReleaseCapture
SetCapture
GetFocus
GetSystemMetrics
EndPaint
FrameRect
BeginPaint
GetDlgCtrlID
IsWindowEnabled
GetDC
ReleaseDC
ShowScrollBar
SetScrollInfo
SetScrollPos
DrawIconEx
MapDialogRect
CharLowerA
MonitorFromPoint
SetFocus
DrawTextW
FillRect
KillTimer
GetWindowTextW
GetWindowTextLengthW
TrackMouseEvent
GetSysColor
MoveWindow
ClientToScreen
SetForegroundWindow
UpdateWindow
ShowWindow
GetDlgItem
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
SendMessageW
RedrawWindow
SetWindowPos
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
PostMessageW
EnableWindow
SetWindowTextW
DefWindowProcW
GetWindowLongW
DestroyWindow
UnregisterClassW
SetWindowLongW
CreateWindowExW
GetDesktopWindow
RegisterClassExW
GetParent
MapWindowPoints
GetWindowRect
SetTimer
ShowCursor
SetCursor
DestroyCursor
LoadCursorW
CharUpperW
MessageBoxW
SetClassLongW
PostQuitMessage
LoadIconW
DestroyIcon
FlashWindow
GetClientRect
EnumChildWindows

gdi32

CreateFontIndirectW
GetBkColor
DeleteObject
GetStockObject
SetBkColor
SetDCBrushColor
GetDeviceCaps
CreateSolidBrush
AddFontMemResourceEx
SetDIBits
BitBlt
StretchBlt
SetStretchBltMode
CreatePen
GetTextColor
SelectObject
SetBkMode
CreateCompatibleBitmap
SetTextColor
GetDIBits
GetBkMode
DeleteDC
CreateCompatibleDC

advapi32

CryptReleaseContext
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptGenRandom
CryptAcquireContextA
RegOpenKeyW
RegEnumKeyExW
RegQueryInfoKeyW
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW

shell32

ShellExecuteExW
SHGetFolderPathW
ord171
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
CommandLineToArgvW
SHGetMalloc

ole32

StringFromGUID2
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemFree
CoInitializeEx
CoUninitialize
CoCreateGuid

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

shlwapi

PathFileExistsW

comctl32

ord410
ord412
InitCommonControlsEx
ord413

gdiplus

GdipDrawImageRectI
GdiplusStartup
GdiplusShutdown
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStream
GdipImageSelectActiveFrame
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetInterpolationMode
GdipDrawImageRectRectI
GdipGetImageHeight
GdipGetImageWidth
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipAlloc
GdipFree

winmm

timeKillEvent
timeSetEvent

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

msimg32

GradientFill

Sections

.text
Size: 627KB - Virtual size: 626KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Adobe_Photoshop_CC_2024_Rus_dHthR.exe
.exe windows:5 windows x86 arch:x86

d65e30146b16dbd7905cef42c0dae1eb

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:30:e6:32:71:e8:11:e7:67:7b:e5:4a
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

20/10/2022, 13:16

Not After

21/10/2023, 13:16

Subject

CN=NBZ OOO,O=NBZ OOO,L=Saint Petersburg,ST=Saint Petersburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:30:e6:32:71:e8:11:e7:67:7b:e5:4a
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

20/10/2022, 13:16

Not After

21/10/2023, 13:16

Subject

CN=NBZ OOO,O=NBZ OOO,L=Saint Petersburg,ST=Saint Petersburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a0:51:c6:90:e0:22:82:72:9d:da:c1:47:30:cc:1b:0f:14:31:60:76:56:90:04:80:80:40:8b:07:bb:2a:00:9a
Signer

Actual PE Digest

a0:51:c6:90:e0:22:82:72:9d:da:c1:47:30:cc:1b:0f:14:31:60:76:56:90:04:80:80:40:8b:07:bb:2a:00:9a

Digest Algorithm

sha256

PE Digest Matches

true

a5:ea:8b:e7:4c:dd:84:d4:b9:08:e4:30:56:c0:c0:99:00:ce:49:f6
Signer

Actual PE Digest

a5:ea:8b:e7:4c:dd:84:d4:b9:08:e4:30:56:c0:c0:99:00:ce:49:f6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

powrprof

CallNtPowerInformation

crypt32

CertFreeCertificateChainEngine
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain

ws2_32

closesocket
WSAGetLastError
recv
bind
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
__WSAFDIsSet
select
accept
getaddrinfo
send
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
htonl
WSAEventSelect
WSAResetEvent
listen
ioctlsocket
freeaddrinfo
WSAWaitForMultipleEvents

normaliz

IdnToAscii

kernel32

GetModuleHandleW
GetProcAddress
FormatMessageW
HeapFree
GetProcessHeap
GetTickCount64
DeleteFileW
CreateFileW
GetFileSizeEx
SetFilePointer
SetEndOfFile
CloseHandle
WriteFile
CreateThread
WaitForSingleObject
WaitForMultipleObjects
MoveFileExW
GetExitCodeProcess
CreateEventW
SetEvent
ReadFile
HeapAlloc
LoadLibraryW
FreeLibrary
CreateDirectoryW
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
GetFileAttributesW
GetModuleFileNameW
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetTempFileNameW
GetTempPathW
GetLocalTime
GetCommandLineW
GetSystemTimeAsFileTime
IsWow64Process
GetCurrentProcess
GetDiskFreeSpaceExW
SizeofResource
GlobalLock
GlobalFree
GlobalUnlock
GetTickCount
CreateMutexW
ReleaseMutex
AllocConsole
GetStdHandle
LocalFree
GlobalMemoryStatusEx
GetSystemInfo
LocalAlloc
GetNativeSystemInfo
GetLocaleInfoA
GetVolumeInformationW
SetLastError
InitializeCriticalSectionEx
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
QueryPerformanceCounter
WaitForSingleObjectEx
GetEnvironmentVariableA
MoveFileExA
CreateFileA
LockResource
LCMapStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlUnwind
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
LoadResource
FindResourceW
VerifyVersionInfoW
VerSetConditionMask
Sleep
GetLastError
TlsFree
LoadLibraryExW
SetStdHandle
GetFileType
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DecodePointer
EncodePointer
GetStringTypeW
ReadConsoleW
GetConsoleOutputCP
HeapReAlloc
HeapSize
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetFilePointerEx
GetFileAttributesExW
FreeResource
GetCurrentDirectoryW
GetFullPathNameW
FlushFileBuffers
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetConsoleMode
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
GlobalAlloc
VirtualQuery

user32

LockWindowUpdate
GetSysColorBrush
SetCursorPos
GetCursorPos
ReleaseCapture
SetCapture
GetFocus
GetSystemMetrics
EndPaint
FrameRect
BeginPaint
GetDlgCtrlID
IsWindowEnabled
GetDC
ReleaseDC
ShowScrollBar
SetScrollInfo
SetScrollPos
DrawIconEx
MapDialogRect
CharLowerA
MonitorFromPoint
SetFocus
DrawTextW
FillRect
KillTimer
GetWindowTextW
GetWindowTextLengthW
TrackMouseEvent
GetSysColor
MoveWindow
ClientToScreen
SetForegroundWindow
UpdateWindow
ShowWindow
GetDlgItem
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
SendMessageW
RedrawWindow
SetWindowPos
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
PostMessageW
EnableWindow
SetWindowTextW
DefWindowProcW
GetWindowLongW
DestroyWindow
UnregisterClassW
SetWindowLongW
CreateWindowExW
GetDesktopWindow
RegisterClassExW
GetParent
MapWindowPoints
GetWindowRect
SetTimer
ShowCursor
SetCursor
DestroyCursor
LoadCursorW
CharUpperW
MessageBoxW
SetClassLongW
PostQuitMessage
LoadIconW
DestroyIcon
FlashWindow
GetClientRect
EnumChildWindows

gdi32

CreateFontIndirectW
GetBkColor
DeleteObject
GetStockObject
SetBkColor
SetDCBrushColor
GetDeviceCaps
CreateSolidBrush
AddFontMemResourceEx
SetDIBits
BitBlt
StretchBlt
SetStretchBltMode
CreatePen
GetTextColor
SelectObject
SetBkMode
CreateCompatibleBitmap
SetTextColor
GetDIBits
GetBkMode
DeleteDC
CreateCompatibleDC

advapi32

CryptReleaseContext
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptGenRandom
CryptAcquireContextA
RegOpenKeyW
RegEnumKeyExW
RegQueryInfoKeyW
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW

shell32

ShellExecuteExW
SHGetFolderPathW
ord171
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
CommandLineToArgvW
SHGetMalloc

ole32

StringFromGUID2
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemFree
CoInitializeEx
CoUninitialize
CoCreateGuid

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

shlwapi

PathFileExistsW

comctl32

ord410
ord412
InitCommonControlsEx
ord413

gdiplus

GdipDrawImageRectI
GdiplusStartup
GdiplusShutdown
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStream
GdipImageSelectActiveFrame
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetInterpolationMode
GdipDrawImageRectRectI
GdipGetImageHeight
GdipGetImageWidth
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipAlloc
GdipFree

winmm

timeKillEvent
timeSetEvent

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

msimg32

GradientFill

Sections

.text
Size: 627KB - Virtual size: 626KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppWizardSetup_1.104.23.exe
.exe windows:4 windows x86 arch:x86

7eae418c7423834ffc3d79b4300bd6fb

Code Sign

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

Issuer

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Not Before

15/01/2024, 00:00

Not After

14/04/2035, 23:59

Subject

CN=Sectigo Public Time Stamping Signer R35,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

Issuer

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

22/03/2021, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:13:67:08:e3:4d:41:c4:94:c2:c1:d1
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

02/10/2023, 13:04

Not After

02/10/2026, 13:04

Subject

CN=RA DELTA LLC,O=RA DELTA LLC,L=Sergiyev Posad,ST=Moscow Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c1:35:37:da:e3:7a:07:08:04:c2:91:d0:6b:fa:1c:07:a2:da:fd:a3
Signer

Actual PE Digest

c1:35:37:da:e3:7a:07:08:04:c2:91:d0:6b:fa:1c:07:a2:da:fd:a3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
SetCurrentDirectoryW
GetFileAttributesW
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
GetVersion
SetErrorMode
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
ExitProcess
MoveFileW
CreateThread
GetLastError
CreateDirectoryW
CreateProcessW
RemoveDirectoryW
lstrcmpiA
CreateFileW
GetTempFileNameW
WriteFile
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
lstrcmpiW
lstrcmpW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
ExpandEnvironmentStringsW
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
DeleteFileW
FindFirstFileW
FindNextFileW
FindClose
SetFilePointer
ReadFile
MulDiv
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
WritePrivateProfileStringW
FreeLibrary
GetPrivateProfileStringW
GetModuleHandleW
LoadLibraryExW

user32

GetWindowRect
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
ScreenToClient
EnableMenuItem
GetDlgItem
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
SystemParametersInfoW
EndDialog
RegisterClassW
DialogBoxParamW
CreateWindowExW
GetClassInfoW
DestroyWindow
CharNextW
ExitWindowsEx
SetWindowTextW
LoadImageW
SetTimer
ShowWindow
PostQuitMessage
wsprintfW
SetWindowLongW
FindWindowExW
IsWindow
CreatePopupMenu
AppendMenuW
GetSystemMetrics
DrawTextW
EndPaint
CreateDialogParamW
SendMessageTimeoutW
SetForegroundWindow

gdi32

SelectObject
SetTextColor
SetBkMode
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor

shell32

ShellExecuteExW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
SHFileOperationW
SHBrowseForFolderW

advapi32

AdjustTokenPrivileges
RegCreateKeyExW
RegOpenKeyExW
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
RegEnumValueW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegEnumKeyW

comctl32

ImageList_Create
ImageList_AddMasked
ord17
ImageList_Destroy

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/$0
.exe windows:6 windows x86 arch:x86

eb5bc6ff6263b364dfbfb78bdb48ed59

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetACP
GetExitCodeProcess
LocalFree
CloseHandle
SizeofResource
VirtualProtect
VirtualFree
GetFullPathNameW
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetModuleHandleW
FreeLibrary
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
CreateThread
CompareStringW
LoadLibraryA
ResetEvent
GetVersion
RaiseException
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
SetThreadPriority
GetCurrentProcess
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
GetSystemDirectoryW
DeleteFileW
GetLocalTime
GetEnvironmentVariableW
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
TlsGetValue
GetDateFormatW
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetUserDefaultLangID
RemoveDirectoryW
CreateEventW
SetThreadLocale
GetThreadLocale

comctl32

InitCommonControls

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

CreateWindowExW
TranslateMessage
CharLowerBuffW
CallWindowProcW
CharUpperW
PeekMessageW
GetSystemMetrics
SetWindowLongW
MessageBoxW
DestroyWindow
CharNextW
MsgWaitForMultipleObjects
LoadStringW
ExitWindowsEx
DispatchMessageW

oleaut32

SysAllocStringLen
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
VariantChangeType
SafeArrayCreate

netapi32

NetWkstaGetInfo
NetApiBufferFree

advapi32

RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
OpenProcessToken
RegOpenKeyExW

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 660KB - Virtual size: 660KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AppWizardSetup_1.64.23.exe
.exe windows:4 windows x86 arch:x86

7eae418c7423834ffc3d79b4300bd6fb

Code Sign

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

Issuer

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Not Before

15/01/2024, 00:00

Not After

14/04/2035, 23:59

Subject

CN=Sectigo Public Time Stamping Signer R35,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

Issuer

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

22/03/2021, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:13:67:08:e3:4d:41:c4:94:c2:c1:d1
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

02/10/2023, 13:04

Not After

02/10/2026, 13:04

Subject

CN=RA DELTA LLC,O=RA DELTA LLC,L=Sergiyev Posad,ST=Moscow Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

dd:2c:89:4b:c6:36:68:93:22:b0:7e:5f:86:7b:a7:b8:0a:10:3c:8d
Signer

Actual PE Digest

dd:2c:89:4b:c6:36:68:93:22:b0:7e:5f:86:7b:a7:b8:0a:10:3c:8d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
SetCurrentDirectoryW
GetFileAttributesW
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
GetVersion
SetErrorMode
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
ExitProcess
MoveFileW
CreateThread
GetLastError
CreateDirectoryW
CreateProcessW
RemoveDirectoryW
lstrcmpiA
CreateFileW
GetTempFileNameW
WriteFile
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
lstrcmpiW
lstrcmpW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
ExpandEnvironmentStringsW
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
DeleteFileW
FindFirstFileW
FindNextFileW
FindClose
SetFilePointer
ReadFile
MulDiv
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
WritePrivateProfileStringW
FreeLibrary
GetPrivateProfileStringW
GetModuleHandleW
LoadLibraryExW

user32

GetWindowRect
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
ScreenToClient
EnableMenuItem
GetDlgItem
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
SystemParametersInfoW
EndDialog
RegisterClassW
DialogBoxParamW
CreateWindowExW
GetClassInfoW
DestroyWindow
CharNextW
ExitWindowsEx
SetWindowTextW
LoadImageW
SetTimer
ShowWindow
PostQuitMessage
wsprintfW
SetWindowLongW
FindWindowExW
IsWindow
CreatePopupMenu
AppendMenuW
GetSystemMetrics
DrawTextW
EndPaint
CreateDialogParamW
SendMessageTimeoutW
SetForegroundWindow

gdi32

SelectObject
SetTextColor
SetBkMode
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor

shell32

ShellExecuteExW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
SHFileOperationW
SHBrowseForFolderW

advapi32

AdjustTokenPrivileges
RegCreateKeyExW
RegOpenKeyExW
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
RegEnumValueW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegEnumKeyW

comctl32

ImageList_Create
ImageList_AddMasked
ord17
ImageList_Destroy

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/$0
.exe windows:6 windows x86 arch:x86

eb5bc6ff6263b364dfbfb78bdb48ed59

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetACP
GetExitCodeProcess
LocalFree
CloseHandle
SizeofResource
VirtualProtect
VirtualFree
GetFullPathNameW
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetModuleHandleW
FreeLibrary
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
CreateThread
CompareStringW
LoadLibraryA
ResetEvent
GetVersion
RaiseException
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
SetThreadPriority
GetCurrentProcess
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
GetSystemDirectoryW
DeleteFileW
GetLocalTime
GetEnvironmentVariableW
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
TlsGetValue
GetDateFormatW
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetUserDefaultLangID
RemoveDirectoryW
CreateEventW
SetThreadLocale
GetThreadLocale

comctl32

InitCommonControls

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

CreateWindowExW
TranslateMessage
CharLowerBuffW
CallWindowProcW
CharUpperW
PeekMessageW
GetSystemMetrics
SetWindowLongW
MessageBoxW
DestroyWindow
CharNextW
MsgWaitForMultipleObjects
LoadStringW
ExitWindowsEx
DispatchMessageW

oleaut32

SysAllocStringLen
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
VariantChangeType
SafeArrayCreate

netapi32

NetWkstaGetInfo
NetApiBufferFree

advapi32

RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
OpenProcessToken
RegOpenKeyExW

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 660KB - Virtual size: 660KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DS-Setup[vWTVZr6Y3].exe
.exe windows:5 windows x86 arch:x86

c8d5713e748ddf15d7fa0d940d367580

Code Sign

da:7f:eb:58:df:c0:bf:b8:71:dc:62:ee:74:07:e2
Certificate

Issuer

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

28/08/2022, 16:32

Not After

15/08/2025, 15:42

Subject

SERIALNUMBER=39638734,CN=GRAND MEDYA\, TOV,O=GRAND MEDYA\, TOV,L=Odesa,C=UA,1.3.6.1.4.1.311.60.2.1.3=#13025541,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6e:dd:4f:25:e7:31:7d:39:81:57:31:34:cf:c1:dc:a0
Certificate

Issuer

CN=SSL.com EV Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

07/03/2019, 19:37

Not After

03/03/2034, 19:37

Subject

CN=SSL.com EV Code Signing Intermediate CA ECC R2,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2c:29:9c:5b:16:ed:05:95
Certificate

Issuer

CN=SSL.com EV Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

12/02/2016, 18:15

Not After

12/02/2041, 18:15

Subject

CN=SSL.com EV Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

19/02/2024, 16:18

Not After

16/02/2034, 16:18

Subject

CN=SSL.com Timestamping Unit 2024 E1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f8:45:1c:6c:30:d5:b6:a3:fa:5d:24:f5:2b:17:ae:82:df:26:88:53
Signer

Actual PE Digest

f8:45:1c:6c:30:d5:b6:a3:fa:5d:24:f5:2b:17:ae:82:df:26:88:53

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegQueryValueExW
RegSetValueExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCreateKeyExW
RegOpenKeyExW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
SHFileOperationW
ShellExecuteExW

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
IIDFromString
CoCreateInstance

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

wsprintfA
SystemParametersInfoW
LoadCursorW
SetClassLongW
GetWindowLongW
GetSysColor
ScreenToClient
SetCursor
GetWindowRect
TrackPopupMenu
AppendMenuW
EnableMenuItem
CreatePopupMenu
GetSystemMenu
GetSystemMetrics
IsWindowEnabled
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
CheckDlgButton
EndDialog
DialogBoxParamW
IsWindowVisible
SetWindowPos
CreateWindowExW
GetClassInfoW
RegisterClassW
DispatchMessageW
GetMessagePos
CharNextW
ExitWindowsEx
SetDlgItemTextW
SetTimer
CreateDialogParamW
DestroyWindow
LoadImageW
FindWindowExW
SetWindowLongW
InvalidateRect
ReleaseDC
GetDC
SetForegroundWindow
EnableWindow
GetDlgItem
ShowWindow
IsWindow
PostQuitMessage
SendMessageTimeoutW
SendMessageW
wsprintfW
FillRect
GetClientRect
EndPaint
BeginPaint
DrawTextW
DefWindowProcW
PeekMessageW
GetDlgItemTextW
CharNextA
CharPrevW
MessageBoxIndirectW
CallWindowProcW
SetWindowTextW

gdi32

GetDeviceCaps
SetBkColor
SetBkMode
SetTextColor
CreateBrushIndirect
CreateFontIndirectW
DeleteObject
SelectObject

kernel32

lstrcmpiA
lstrcpyA
lstrcatW
GetModuleHandleA
GetSystemDirectoryW
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
GetLastError
WriteFile
RemoveDirectoryW
GetTempFileNameW
CreateDirectoryW
WideCharToMultiByte
lstrlenW
lstrcpynW
GlobalLock
GlobalUnlock
CreateThread
GetDiskFreeSpaceW
CopyFileW
GetVersionExW
GetWindowsDirectoryW
MoveFileExW
GetCurrentProcess
SetErrorMode
GetTempPathW
SetEnvironmentVariableW
GetCommandLineW
GetModuleFileNameW
GetTickCount
GetFileSize
CreateFileW
MultiByteToWideChar
MoveFileW
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
lstrcmpiW
lstrcmpW
MulDiv
GlobalFree
GlobalAlloc
LoadLibraryExW
GetModuleHandleW
FreeLibrary
Sleep
CloseHandle
SetFileTime
SetFilePointer
SetFileAttributesW
ReadFile
GetShortPathNameW
GetFullPathNameW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CompareFileTime
SearchPathW
SetCurrentDirectoryW
IsProcessorFeaturePresent
ExpandEnvironmentStringsW
GetProcAddress
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
ExitProcess

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 435KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PhotoMasterPS4.exe
.exe windows:5 windows x86 arch:x86

48aa5c8931746a9655524f67b25a47ef

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2a:18:ae:60:67:ba:02:22:30:ff:60:d0
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

17/04/2024, 13:25

Not After

01/07/2027, 11:17

Subject

CN=AMS SOFTWARE LLC,O=AMS SOFTWARE LLC,L=Yaroslavl,ST=Yaroslavl Oblast,C=RU,1.2.840.113549.1.9.1=#0c0e687240616d732d736f66742e7275

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2a:18:ae:60:67:ba:02:22:30:ff:60:d0
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

17/04/2024, 13:25

Not After

01/07/2027, 11:17

Subject

CN=AMS SOFTWARE LLC,O=AMS SOFTWARE LLC,L=Yaroslavl,ST=Yaroslavl Oblast,C=RU,1.2.840.113549.1.9.1=#0c0e687240616d732d736f66742e7275

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for CodeSign1 - R6 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:8b:75:e1:4e:ca:8f:8d:72:cb:5c:63:53:f6:22:b9:1d:10:78:fd:a3:38:6f:c8:14:9f:23:4d:7b:20:4e:31
Signer

Actual PE Digest

74:8b:75:e1:4e:ca:8f:8d:72:cb:5c:63:53:f6:22:b9:1d:10:78:fd:a3:38:6f:c8:14:9f:23:4d:7b:20:4e:31

Digest Algorithm

sha256

PE Digest Matches

true

85:c1:8f:cb:f8:15:65:e4:13:6d:17:d4:07:11:5e:3c:b4:ca:a8:23
Signer

Actual PE Digest

85:c1:8f:cb:f8:15:65:e4:13:6d:17:d4:07:11:5e:3c:b4:ca:a8:23

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

user32

GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
TranslateMessage
SetWindowLongW
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
LoadStringW
GetSystemMetrics
ExitWindowsEx
DispatchMessageW
DestroyWindow
CharUpperBuffW
CallWindowProcW

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
SizeofResource
SignalObjectAndWait
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
RemoveDirectoryW
ReadFile
MultiByteToWideChar
LockResource
LoadResource
LoadLibraryW
GetWindowsDirectoryW
GetVersionExW
GetUserDefaultLangID
GetThreadLocale
GetSystemInfo
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeProcess
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetCurrentProcess
GetCommandLineW
GetCPInfo
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
EnumCalendarInfoW
DeleteFileW
CreateProcessW
CreateFileW
CreateEventW
CreateDirectoryW
CloseHandle
Sleep

comctl32

InitCommonControls

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TelamonCleaner_id66c78d5d79d6dig.exe
.exe windows:6 windows x86 arch:x86

e569e6f445d32ba23766ad67d1e3787f

Code Sign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:e3:19:06:28:b5:61:96:ff:a3:61:a6
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

21/02/2024, 09:02

Not After

21/02/2025, 09:02

Subject

SERIALNUMBER=220340024072,CN=YARD STAR\, TOO,O=YARD STAR\, TOO,STREET=Dom 79\, kv. 147\, ulitsa Sadovaya,L=Kostanay,ST=Kostanay,C=KZ,1.2.840.113549.1.9.1=#0c1461646d696e4079617264737461726b7a2e636f6d,1.3.6.1.4.1.311.60.2.1.3=#13024b5a,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

76:14:64:38:ba:b2:aa:64:a1:4d:e0:f1:e5:b6:3e:bd:3e:7a:c4:38
Signer

Actual PE Digest

76:14:64:38:ba:b2:aa:64:a1:4d:e0:f1:e5:b6:3e:bd:3e:7a:c4:38

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetACP
GetExitCodeProcess
LocalFree
CloseHandle
SizeofResource
VirtualProtect
VirtualFree
GetFullPathNameW
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetModuleHandleW
FreeLibrary
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
CreateThread
CompareStringW
LoadLibraryA
ResetEvent
GetVersion
RaiseException
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetSystemWindowsDirectoryW
GetThreadPriority
SetThreadPriority
GetCurrentProcess
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
GetSystemDirectoryW
DeleteFileW
GetLocalTime
GetEnvironmentVariableW
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
TlsGetValue
GetDateFormatW
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetUserDefaultLangID
RemoveDirectoryW
CreateEventW
SetThreadLocale
GetThreadLocale

comctl32

InitCommonControls

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

CreateWindowExW
TranslateMessage
CharLowerBuffW
CallWindowProcW
CharUpperW
PeekMessageW
GetSystemMetrics
SetWindowLongW
MessageBoxW
DestroyWindow
CharUpperBuffW
CharNextW
MsgWaitForMultipleObjects
LoadStringW
ExitWindowsEx
DispatchMessageW

oleaut32

SysAllocStringLen
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
VariantChangeType
SafeArrayCreate

netapi32

NetWkstaGetInfo
NetApiBufferFree

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW
AdjustTokenPrivileges
GetTokenInformation
ConvertSidToStringSidW
LookupPrivilegeValueW
RegCloseKey
OpenProcessToken
RegOpenKeyExW

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 718KB - Virtual size: 718KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
adobe-photoshop-2024_id4406450ids1s.exe
.exe windows:6 windows x86 arch:x86

ef9a9e856606405623e1b97b65e4bbdd

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:f2:7c:b5:1d:02:e6:b6:f0:22:b5:f2:3e:ea:68:86
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/09/2023, 00:00

Not After

04/09/2026, 23:59

Subject

CN=Global Microtrading PTE. LTD,O=Global Microtrading PTE. LTD,L=Singapore,C=SG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:f2:7c:b5:1d:02:e6:b6:f0:22:b5:f2:3e:ea:68:86
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/09/2023, 00:00

Not After

04/09/2026, 23:59

Subject

CN=Global Microtrading PTE. LTD,O=Global Microtrading PTE. LTD,L=Singapore,C=SG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

42:78:b9:b8:5b:38:52:e9:51:02:bd:91:d6:c9:a3:10:48:8f:78:a8:6e:90:28:af:72:5b:af:be:71:31:09:cc
Signer

Actual PE Digest

42:78:b9:b8:5b:38:52:e9:51:02:bd:91:d6:c9:a3:10:48:8f:78:a8:6e:90:28:af:72:5b:af:be:71:31:09:cc

Digest Algorithm

sha256

PE Digest Matches

true

cf:2b:a3:c8:1a:c9:21:ac:fa:03:24:96:d2:9d:dc:dd:b7:61:a1:7f
Signer

Actual PE Digest

cf:2b:a3:c8:1a:c9:21:ac:fa:03:24:96:d2:9d:dc:dd:b7:61:a1:7f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostname
getnameinfo
ioctlsocket
sendto
recvfrom
freeaddrinfo
getaddrinfo
listen
htonl
accept
select
__WSAFDIsSet
WSACleanup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
recv
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
WSAStartup
shutdown

crypt32

CertCloseStore
CertFindCertificateInStore
CertOpenStore
CertGetCertificateContextProperty
CertOpenSystemStoreW
CertGetEnhancedKeyUsage
CertEnumCertificatesInStore
CertGetIntendedKeyUsage
CertDuplicateCertificateContext
CertFreeCertificateContext

wldap32

ord117
ord41
ord27
ord127
ord167
ord142
ord79
ord133
ord147
ord301
ord219
ord26
ord208
ord216
ord14
ord46
ord145

kernel32

DisconnectNamedPipe
CreateNamedPipeW
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
Sleep
RaiseException
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetExitCodeProcess
CreateFileW
SetEndOfFile
SetFilePointer
GetTickCount
ExpandEnvironmentStringsW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileSizeEx
RemoveDirectoryW
GetTempPathW
SetErrorMode
CreateMutexW
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
CreateProcessW
OpenProcess
GetVersionExW
IsWow64Process
GetModuleFileNameW
GetModuleHandleW
LocalFree
FormatMessageW
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCommandLineW
GetLastError
GetCurrentThreadId
IsBadWritePtr
GetSystemTime
GetSystemDefaultUILanguage
SetLastError
EnterCriticalSection
LeaveCriticalSection
FindResourceExW
GlobalAlloc
GlobalUnlock
GlobalLock
MulDiv
lstrcmpW
DecodePointer
FreeLibrary
GetProcAddress
LoadLibraryExW
GlobalHandle
GlobalFree
lstrcmpiW
VerSetConditionMask
VerifyVersionInfoW
VirtualFree
VirtualAlloc
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryW
LoadLibraryW
QueryPerformanceCounter
MoveFileExW
WaitForSingleObjectEx
CompareFileTime
GetSystemTimeAsFileTime
GetEnvironmentVariableA
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
GetModuleHandleA
SetConsoleMode
GetEnvironmentVariableW
ReadConsoleA
GetConsoleMode
ReadConsoleW
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
GetModuleHandleExW
DeleteFiber
SwitchToFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryA
SystemTimeToFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
CloseHandle
WriteFile
ReadFile
FindResourceW
SizeofResource
LockResource
LoadResource
TerminateThread
CreateThread
SetFileAttributesW
WriteConsoleW
GetTimeZoneInformation
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetFullPathNameW
GetCurrentDirectoryW
SetStdHandle
EnumSystemLocalesW
FlushFileBuffers
GetUserDefaultLCID
OutputDebugStringW
EncodePointer
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
LoadLibraryExA
LCMapStringEx
GetStringTypeW
GetCPInfo
ConnectNamedPipe
RtlUnwind
GetFileAttributesExW
GetDriveTypeW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitThread
FreeLibraryAndExitThread
SetFilePointerEx
SetConsoleCtrlHandler
ExitProcess
GetConsoleOutputCP
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale

user32

SetWindowContextHelpId
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
GetCapture
TrackPopupMenu
AppendMenuW
DestroyMenu
CreatePopupMenu
DestroyAcceleratorTable
CreateAcceleratorTableW
KillTimer
ReleaseCapture
SetCapture
GetFocus
SetFocus
CharNextW
GetDlgItem
GetActiveWindow
MoveWindow
IsChild
IsWindow
GetCursorPos
RegisterClassExW
CallWindowProcW
PostQuitMessage
DefWindowProcW
RegisterWindowMessageW
PostThreadMessageW
PeekMessageW
SendMessageW
GetDesktopWindow
MessageBoxW
GetClientRect
ReleaseDC
GetDC
SetWindowPos
ShowWindow
DestroyWindow
CreateWindowExW
SetForegroundWindow
UnregisterClassW
AllowSetForegroundWindow
GetDlgCtrlID
GetWindowThreadProcessId
EnumWindows
CreateDialogIndirectParamW
ClientToScreen
ScreenToClient
MapWindowPoints
GetSysColor
FillRect
GetWindowLongW
SetWindowLongW
GetParent
GetClassNameW
GetWindow
DispatchMessageW
TranslateMessage
DrawTextW
GetProcessWindowStation
GetUserObjectInformationW
DestroyCursor
OffsetRect
InflateRect
CopyRect
FrameRect
DrawFocusRect
WindowFromPoint
SetCursor
GetClassInfoExW
DrawStateW
GetMessageW
GetMonitorInfoW
MonitorFromWindow
MonitorFromPoint
MapDialogRect
IsDialogMessageW
LoadImageW
LoadCursorW
EndDialog
LoadBitmapW
BeginPaint

gdi32

ExtTextOutW
MoveToEx
SetTextColor
SetBkMode
SetBkColor
LineTo
CreatePen
CreateBitmap
GetObjectW
SelectObject
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreateSolidBrush
CreateFontW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
ChoosePixelFormat
SetPixelFormat

advapi32

CryptEnumProvidersW
CryptDecrypt
CryptExportKey
CryptSetHashParam
CryptSignHashW
CryptGetProvParam
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptDestroyHash
CryptGetUserKey
CryptDestroyKey
RegQueryInfoKeyW
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
RegEnumKeyExW
RegEnumValueW
StartServiceW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegOpenKeyExW
RegQueryValueExW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
RegSetValueExW
CloseServiceHandle
CryptAcquireContextW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderPathW
Shell_NotifyIconW
SHBrowseForFolderW
SHGetSpecialFolderLocation
ShellExecuteW
CommandLineToArgvW
ShellExecuteExW

ole32

OleLockRunning
OleUninitialize
OleInitialize
CoTaskMemAlloc
StringFromGUID2
CoGetClassObject
CoTaskMemRealloc
CoUninitialize
OleRun
CoTaskMemFree
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal

oleaut32

SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
VariantClear
SysStringLen
SysAllocString
SysFreeString
GetErrorInfo
VarUI4FromStr
OleCreateFontIndirect
DispCallFunc
VariantChangeType
VariantInit
LoadRegTypeLi
LoadTypeLi

shlwapi

AssocQueryStringW

comctl32

InitCommonControlsEx

opengl32

wglCreateContext
wglDeleteContext
wglMakeCurrent
glGetString

wininet

HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetSetOptionW
InternetQueryOptionW
InternetReadFile
InternetConnectW
InternetCloseHandle
InternetOpenW

psapi

GetModuleBaseNameW
GetModuleFileNameExW
GetProcessImageFileNameW
EnumProcesses

bcrypt

BCryptGenRandom

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 704KB - Virtual size: 704KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
adobe-photoshop_dHti3.exe
.exe windows:5 windows x86 arch:x86

d65e30146b16dbd7905cef42c0dae1eb

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:30:e6:32:71:e8:11:e7:67:7b:e5:4a
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

20/10/2022, 13:16

Not After

21/10/2023, 13:16

Subject

CN=NBZ OOO,O=NBZ OOO,L=Saint Petersburg,ST=Saint Petersburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:30:e6:32:71:e8:11:e7:67:7b:e5:4a
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

20/10/2022, 13:16

Not After

21/10/2023, 13:16

Subject

CN=NBZ OOO,O=NBZ OOO,L=Saint Petersburg,ST=Saint Petersburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4b:04:0a:97:a0:85:6a:69:f6:14:57:b5:32:3e:24:88:bb:ea:ca:9b:bd:db:bf:1d:57:5d:a7:06:75:12:c7:ae
Signer

Actual PE Digest

4b:04:0a:97:a0:85:6a:69:f6:14:57:b5:32:3e:24:88:bb:ea:ca:9b:bd:db:bf:1d:57:5d:a7:06:75:12:c7:ae

Digest Algorithm

sha256

PE Digest Matches

true

af:64:04:7c:c7:8f:ca:7a:cc:36:94:ce:7b:fa:7c:e1:be:2f:58:b9
Signer

Actual PE Digest

af:64:04:7c:c7:8f:ca:7a:cc:36:94:ce:7b:fa:7c:e1:be:2f:58:b9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

powrprof

CallNtPowerInformation

crypt32

CertFreeCertificateChainEngine
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain

ws2_32

closesocket
WSAGetLastError
recv
bind
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
__WSAFDIsSet
select
accept
getaddrinfo
send
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
htonl
WSAEventSelect
WSAResetEvent
listen
ioctlsocket
freeaddrinfo
WSAWaitForMultipleEvents

normaliz

IdnToAscii

kernel32

GetModuleHandleW
GetProcAddress
FormatMessageW
HeapFree
GetProcessHeap
GetTickCount64
DeleteFileW
CreateFileW
GetFileSizeEx
SetFilePointer
SetEndOfFile
CloseHandle
WriteFile
CreateThread
WaitForSingleObject
WaitForMultipleObjects
MoveFileExW
GetExitCodeProcess
CreateEventW
SetEvent
ReadFile
HeapAlloc
LoadLibraryW
FreeLibrary
CreateDirectoryW
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
GetFileAttributesW
GetModuleFileNameW
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetTempFileNameW
GetTempPathW
GetLocalTime
GetCommandLineW
GetSystemTimeAsFileTime
IsWow64Process
GetCurrentProcess
GetDiskFreeSpaceExW
SizeofResource
GlobalLock
GlobalFree
GlobalUnlock
GetTickCount
CreateMutexW
ReleaseMutex
AllocConsole
GetStdHandle
LocalFree
GlobalMemoryStatusEx
GetSystemInfo
LocalAlloc
GetNativeSystemInfo
GetLocaleInfoA
GetVolumeInformationW
SetLastError
InitializeCriticalSectionEx
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
QueryPerformanceCounter
WaitForSingleObjectEx
GetEnvironmentVariableA
MoveFileExA
CreateFileA
LockResource
LCMapStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlUnwind
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
LoadResource
FindResourceW
VerifyVersionInfoW
VerSetConditionMask
Sleep
GetLastError
TlsFree
LoadLibraryExW
SetStdHandle
GetFileType
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DecodePointer
EncodePointer
GetStringTypeW
ReadConsoleW
GetConsoleOutputCP
HeapReAlloc
HeapSize
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetFilePointerEx
GetFileAttributesExW
FreeResource
GetCurrentDirectoryW
GetFullPathNameW
FlushFileBuffers
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetConsoleMode
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
GlobalAlloc
VirtualQuery

user32

LockWindowUpdate
GetSysColorBrush
SetCursorPos
GetCursorPos
ReleaseCapture
SetCapture
GetFocus
GetSystemMetrics
EndPaint
FrameRect
BeginPaint
GetDlgCtrlID
IsWindowEnabled
GetDC
ReleaseDC
ShowScrollBar
SetScrollInfo
SetScrollPos
DrawIconEx
MapDialogRect
CharLowerA
MonitorFromPoint
SetFocus
DrawTextW
FillRect
KillTimer
GetWindowTextW
GetWindowTextLengthW
TrackMouseEvent
GetSysColor
MoveWindow
ClientToScreen
SetForegroundWindow
UpdateWindow
ShowWindow
GetDlgItem
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
SendMessageW
RedrawWindow
SetWindowPos
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
PostMessageW
EnableWindow
SetWindowTextW
DefWindowProcW
GetWindowLongW
DestroyWindow
UnregisterClassW
SetWindowLongW
CreateWindowExW
GetDesktopWindow
RegisterClassExW
GetParent
MapWindowPoints
GetWindowRect
SetTimer
ShowCursor
SetCursor
DestroyCursor
LoadCursorW
CharUpperW
MessageBoxW
SetClassLongW
PostQuitMessage
LoadIconW
DestroyIcon
FlashWindow
GetClientRect
EnumChildWindows

gdi32

CreateFontIndirectW
GetBkColor
DeleteObject
GetStockObject
SetBkColor
SetDCBrushColor
GetDeviceCaps
CreateSolidBrush
AddFontMemResourceEx
SetDIBits
BitBlt
StretchBlt
SetStretchBltMode
CreatePen
GetTextColor
SelectObject
SetBkMode
CreateCompatibleBitmap
SetTextColor
GetDIBits
GetBkMode
DeleteDC
CreateCompatibleDC

advapi32

CryptReleaseContext
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptGenRandom
CryptAcquireContextA
RegOpenKeyW
RegEnumKeyExW
RegQueryInfoKeyW
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW

shell32

ShellExecuteExW
SHGetFolderPathW
ord171
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
CommandLineToArgvW
SHGetMalloc

ole32

StringFromGUID2
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemFree
CoInitializeEx
CoUninitialize
CoCreateGuid

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

shlwapi

PathFileExistsW

comctl32

ord410
ord412
InitCommonControlsEx
ord413

gdiplus

GdipDrawImageRectI
GdiplusStartup
GdiplusShutdown
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStream
GdipImageSelectActiveFrame
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetInterpolationMode
GdipDrawImageRectRectI
GdipGetImageHeight
GdipGetImageWidth
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipAlloc
GdipFree

winmm

timeKillEvent
timeSetEvent

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

msimg32

GradientFill

Sections

.text
Size: 627KB - Virtual size: 626KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
file_setup_id4406655ids1s.exe
.exe windows:6 windows x86 arch:x86

ef9a9e856606405623e1b97b65e4bbdd

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:f2:7c:b5:1d:02:e6:b6:f0:22:b5:f2:3e:ea:68:86
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/09/2023, 00:00

Not After

04/09/2026, 23:59

Subject

CN=Global Microtrading PTE. LTD,O=Global Microtrading PTE. LTD,L=Singapore,C=SG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:f2:7c:b5:1d:02:e6:b6:f0:22:b5:f2:3e:ea:68:86
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/09/2023, 00:00

Not After

04/09/2026, 23:59

Subject

CN=Global Microtrading PTE. LTD,O=Global Microtrading PTE. LTD,L=Singapore,C=SG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

42:78:b9:b8:5b:38:52:e9:51:02:bd:91:d6:c9:a3:10:48:8f:78:a8:6e:90:28:af:72:5b:af:be:71:31:09:cc
Signer

Actual PE Digest

42:78:b9:b8:5b:38:52:e9:51:02:bd:91:d6:c9:a3:10:48:8f:78:a8:6e:90:28:af:72:5b:af:be:71:31:09:cc

Digest Algorithm

sha256

PE Digest Matches

true

cf:2b:a3:c8:1a:c9:21:ac:fa:03:24:96:d2:9d:dc:dd:b7:61:a1:7f
Signer

Actual PE Digest

cf:2b:a3:c8:1a:c9:21:ac:fa:03:24:96:d2:9d:dc:dd:b7:61:a1:7f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostname
getnameinfo
ioctlsocket
sendto
recvfrom
freeaddrinfo
getaddrinfo
listen
htonl
accept
select
__WSAFDIsSet
WSACleanup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
recv
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
WSAStartup
shutdown

crypt32

CertCloseStore
CertFindCertificateInStore
CertOpenStore
CertGetCertificateContextProperty
CertOpenSystemStoreW
CertGetEnhancedKeyUsage
CertEnumCertificatesInStore
CertGetIntendedKeyUsage
CertDuplicateCertificateContext
CertFreeCertificateContext

wldap32

ord117
ord41
ord27
ord127
ord167
ord142
ord79
ord133
ord147
ord301
ord219
ord26
ord208
ord216
ord14
ord46
ord145

kernel32

DisconnectNamedPipe
CreateNamedPipeW
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
Sleep
RaiseException
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetExitCodeProcess
CreateFileW
SetEndOfFile
SetFilePointer
GetTickCount
ExpandEnvironmentStringsW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileSizeEx
RemoveDirectoryW
GetTempPathW
SetErrorMode
CreateMutexW
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
CreateProcessW
OpenProcess
GetVersionExW
IsWow64Process
GetModuleFileNameW
GetModuleHandleW
LocalFree
FormatMessageW
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCommandLineW
GetLastError
GetCurrentThreadId
IsBadWritePtr
GetSystemTime
GetSystemDefaultUILanguage
SetLastError
EnterCriticalSection
LeaveCriticalSection
FindResourceExW
GlobalAlloc
GlobalUnlock
GlobalLock
MulDiv
lstrcmpW
DecodePointer
FreeLibrary
GetProcAddress
LoadLibraryExW
GlobalHandle
GlobalFree
lstrcmpiW
VerSetConditionMask
VerifyVersionInfoW
VirtualFree
VirtualAlloc
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryW
LoadLibraryW
QueryPerformanceCounter
MoveFileExW
WaitForSingleObjectEx
CompareFileTime
GetSystemTimeAsFileTime
GetEnvironmentVariableA
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
GetModuleHandleA
SetConsoleMode
GetEnvironmentVariableW
ReadConsoleA
GetConsoleMode
ReadConsoleW
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
GetModuleHandleExW
DeleteFiber
SwitchToFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryA
SystemTimeToFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
CloseHandle
WriteFile
ReadFile
FindResourceW
SizeofResource
LockResource
LoadResource
TerminateThread
CreateThread
SetFileAttributesW
WriteConsoleW
GetTimeZoneInformation
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetFullPathNameW
GetCurrentDirectoryW
SetStdHandle
EnumSystemLocalesW
FlushFileBuffers
GetUserDefaultLCID
OutputDebugStringW
EncodePointer
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
LoadLibraryExA
LCMapStringEx
GetStringTypeW
GetCPInfo
ConnectNamedPipe
RtlUnwind
GetFileAttributesExW
GetDriveTypeW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitThread
FreeLibraryAndExitThread
SetFilePointerEx
SetConsoleCtrlHandler
ExitProcess
GetConsoleOutputCP
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale

user32

SetWindowContextHelpId
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
GetCapture
TrackPopupMenu
AppendMenuW
DestroyMenu
CreatePopupMenu
DestroyAcceleratorTable
CreateAcceleratorTableW
KillTimer
ReleaseCapture
SetCapture
GetFocus
SetFocus
CharNextW
GetDlgItem
GetActiveWindow
MoveWindow
IsChild
IsWindow
GetCursorPos
RegisterClassExW
CallWindowProcW
PostQuitMessage
DefWindowProcW
RegisterWindowMessageW
PostThreadMessageW
PeekMessageW
SendMessageW
GetDesktopWindow
MessageBoxW
GetClientRect
ReleaseDC
GetDC
SetWindowPos
ShowWindow
DestroyWindow
CreateWindowExW
SetForegroundWindow
UnregisterClassW
AllowSetForegroundWindow
GetDlgCtrlID
GetWindowThreadProcessId
EnumWindows
CreateDialogIndirectParamW
ClientToScreen
ScreenToClient
MapWindowPoints
GetSysColor
FillRect
GetWindowLongW
SetWindowLongW
GetParent
GetClassNameW
GetWindow
DispatchMessageW
TranslateMessage
DrawTextW
GetProcessWindowStation
GetUserObjectInformationW
DestroyCursor
OffsetRect
InflateRect
CopyRect
FrameRect
DrawFocusRect
WindowFromPoint
SetCursor
GetClassInfoExW
DrawStateW
GetMessageW
GetMonitorInfoW
MonitorFromWindow
MonitorFromPoint
MapDialogRect
IsDialogMessageW
LoadImageW
LoadCursorW
EndDialog
LoadBitmapW
BeginPaint

gdi32

ExtTextOutW
MoveToEx
SetTextColor
SetBkMode
SetBkColor
LineTo
CreatePen
CreateBitmap
GetObjectW
SelectObject
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreateSolidBrush
CreateFontW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
ChoosePixelFormat
SetPixelFormat

advapi32

CryptEnumProvidersW
CryptDecrypt
CryptExportKey
CryptSetHashParam
CryptSignHashW
CryptGetProvParam
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptDestroyHash
CryptGetUserKey
CryptDestroyKey
RegQueryInfoKeyW
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
RegEnumKeyExW
RegEnumValueW
StartServiceW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegOpenKeyExW
RegQueryValueExW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
RegSetValueExW
CloseServiceHandle
CryptAcquireContextW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderPathW
Shell_NotifyIconW
SHBrowseForFolderW
SHGetSpecialFolderLocation
ShellExecuteW
CommandLineToArgvW
ShellExecuteExW

ole32

OleLockRunning
OleUninitialize
OleInitialize
CoTaskMemAlloc
StringFromGUID2
CoGetClassObject
CoTaskMemRealloc
CoUninitialize
OleRun
CoTaskMemFree
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal

oleaut32

SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
VariantClear
SysStringLen
SysAllocString
SysFreeString
GetErrorInfo
VarUI4FromStr
OleCreateFontIndirect
DispCallFunc
VariantChangeType
VariantInit
LoadRegTypeLi
LoadTypeLi

shlwapi

AssocQueryStringW

comctl32

InitCommonControlsEx

opengl32

wglCreateContext
wglDeleteContext
wglMakeCurrent
glGetString

wininet

HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetSetOptionW
InternetQueryOptionW
InternetReadFile
InternetConnectW
InternetCloseHandle
InternetOpenW

psapi

GetModuleBaseNameW
GetModuleFileNameExW
GetProcessImageFileNameW
EnumProcesses

bcrypt

BCryptGenRandom

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 704KB - Virtual size: 704KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
install.exe
.exe windows:5 windows x86 arch:x86

9d4745b4b8ed18dda7e4fbf0015900e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BuildAgent\work\4a73c29f3c4e6ac\downloader\Release\downloader.pdb

Imports

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

secur32

LsaGetLogonSessionData
LsaFreeReturnBuffer
LsaEnumerateLogonSessions

kernel32

WaitForSingleObject
GetVersionExW
Sleep
GetLastError
CloseHandle
GetCurrentProcessId
CreateProcessW
GetExitCodeProcess
GetModuleFileNameW
CreateFileW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
VirtualQuery
GetCurrentProcess
HeapFree
FindClose
DuplicateHandle
MultiByteToWideChar
OutputDebugStringW
HeapAlloc
GetProcessHeap
WideCharToMultiByte
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetCommandLineW
SetHandleInformation
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
ExitProcess
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
WriteFile
DecodePointer
ReadConsoleW
ReadFile
SetEndOfFile
HeapReAlloc
HeapSize
GetModuleHandleExW
GetStdHandle
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
WriteConsoleW
SetFilePointerEx
TlsAlloc
LCMapStringW
CompareStringW
GetFileType
GetStringTypeW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetACP
LocalFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
EncodePointer
RtlUnwind
RaiseException
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount

user32

CharLowerW
wsprintfW

advapi32

CopySid
ConvertSidToStringSidW
GetLengthSid
LsaNtStatusToWinError
OpenProcessToken
GetTokenInformation

shell32

ShellExecuteExW
SHCreateDirectoryExW

ole32

CoUninitialize
CoInitialize

oleaut32

VariantClear

urlmon

URLOpenBlockingStreamW

wintrust

WinVerifyTrust

ws2_32

WSAGetLastError
htons
htonl
connect
socket
send
WSAStartup
getaddrinfo
shutdown
closesocket
WSACleanup
freeaddrinfo
recv

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
install2.exe
.exe windows:5 windows x86 arch:x86

9d4745b4b8ed18dda7e4fbf0015900e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BuildAgent\work\4a73c29f3c4e6ac\downloader\Release\downloader.pdb

Imports

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

secur32

LsaGetLogonSessionData
LsaFreeReturnBuffer
LsaEnumerateLogonSessions

kernel32

WaitForSingleObject
GetVersionExW
Sleep
GetLastError
CloseHandle
GetCurrentProcessId
CreateProcessW
GetExitCodeProcess
GetModuleFileNameW
CreateFileW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
VirtualQuery
GetCurrentProcess
HeapFree
FindClose
DuplicateHandle
MultiByteToWideChar
OutputDebugStringW
HeapAlloc
GetProcessHeap
WideCharToMultiByte
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetCommandLineW
SetHandleInformation
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
ExitProcess
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
WriteFile
DecodePointer
ReadConsoleW
ReadFile
SetEndOfFile
HeapReAlloc
HeapSize
GetModuleHandleExW
GetStdHandle
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
WriteConsoleW
SetFilePointerEx
TlsAlloc
LCMapStringW
CompareStringW
GetFileType
GetStringTypeW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetACP
LocalFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
EncodePointer
RtlUnwind
RaiseException
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount

user32

CharLowerW
wsprintfW

advapi32

CopySid
ConvertSidToStringSidW
GetLengthSid
LsaNtStatusToWinError
OpenProcessToken
GetTokenInformation

shell32

ShellExecuteExW
SHCreateDirectoryExW

ole32

CoUninitialize
CoInitialize

oleaut32

VariantClear

urlmon

URLOpenBlockingStreamW

wintrust

WinVerifyTrust

ws2_32

WSAGetLastError
htons
htonl
connect
socket
send
WSAStartup
getaddrinfo
shutdown
closesocket
WSACleanup
freeaddrinfo
recv

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
installer.exe
.exe windows:5 windows x86 arch:x86

14c198737dea646ad253084b784990ed

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

44:8a:bf:29:b0:45:82:3e:5d:6d:cc:0b
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

05/01/2022, 09:58

Not After

06/01/2024, 09:58

Subject

SERIALNUMBER=911101026662879416,CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,STREET=朝阳区酒仙桥路6号院2号楼1至19层104号内8层801,L=Beijing,ST=Beijing,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13074245494a494e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

dd:b7:29:2d:cb:81:02:6b:1d:bf:94:a3:6d:a0:70:8a:55:13:cc:cc:0b:04:c1:11:b0:b1:d0:f1:c3:11:4a:1f
Signer

Actual PE Digest

dd:b7:29:2d:cb:81:02:6b:1d:bf:94:a3:6d:a0:70:8a:55:13:cc:cc:0b:04:c1:11:b0:b1:d0:f1:c3:11:4a:1f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\750240\out\Release\360Installer.pdb

Imports

kernel32

GetVersionExW
GetVersion
GetProcAddress
GetModuleHandleW
FreeLibrary
lstrlenW
lstrcmpiW
LeaveCriticalSection
RaiseException
EnterCriticalSection
GetLastError
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
DebugBreak
OutputDebugStringW
lstrlenA
LockResource
FreeResource
GetCurrentThreadId
GetCommandLineW
LocalFree
GetSystemDirectoryW
CloseHandle
ReadFile
SetFilePointer
CreateFileW
GetCurrentProcessId
DeviceIoControl
GetUserDefaultUILanguage
GetTempPathW
SetEnvironmentVariableW
Sleep
GetCurrentProcess
FlushInstructionCache
SetLastError
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetFileSizeEx
GetLogicalDriveStringsW
GetDriveTypeW
GetTempFileNameW
DeleteFileW
GetDiskFreeSpaceExW
QueryDosDeviceW
OpenProcess
MulDiv
GetPrivateProfileStringW
GetTickCount
CreateProcessW
LoadLibraryW
GetModuleFileNameA
CreateToolhelp32Snapshot
MoveFileExW
FindClose
GetFullPathNameW
FindFirstFileW
lstrcpyW
FindNextFileW
RemoveDirectoryW
FreeConsole
Process32FirstW
Process32NextW
WideCharToMultiByte
SetEvent
CreateMutexW
CreateEventW
WaitForSingleObject
GetLogicalDrives
WriteFile
LocalAlloc
InterlockedCompareExchange
CreateFileA
GetFileSize
InterlockedExchange
LoadLibraryA
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
SystemTimeToFileTime
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
SetEndOfFile
SetFilePointerEx
TlsGetValue
TlsSetValue
HeapUnlock
OpenThread
HeapLock
HeapWalk
ReleaseMutex
TlsAlloc
TlsFree
lstrcmpA
lstrcmpiA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
ExitProcess
GetStartupInfoW
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
HeapReAlloc
HeapSize
HeapCreate
HeapDestroy
GetStdHandle
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetModuleHandleA
SetStdHandle
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FindResourceExW

Sections

.text
Size: 413KB - Virtual size: 413KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 918KB - Virtual size: 917KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
installer__opgx102.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5e:8b:85:78:e4:21:83:fd:1f:84:cf:04
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

16/06/2023, 06:32

Not After

21/07/2025, 13:59

Subject

SERIALNUMBER=1086168004669,CN=ROSTPAY LLC,O=ROSTPAY LLC,STREET=Dolomanovsky lane\, 70D apt.1(10th floor),L=Rostov-on-Don,ST=Rostov Oblast,C=RU,1.2.840.113549.1.9.1=#0c12737570706f727440726f73747061792e7275,1.3.6.1.4.1.311.60.2.1.2=#130d526f73746f76204f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3f:22:53:7c:55:de:0a:a2:9b:52:a8:1e:37:75:34:5b:67:0c:3a:a9:ba:c5:6c:b2:91:db:84:48:b4:b7:de:6e
Signer

Actual PE Digest

3f:22:53:7c:55:de:0a:a2:9b:52:a8:1e:37:75:34:5b:67:0c:3a:a9:ba:c5:6c:b2:91:db:84:48:b4:b7:de:6e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Projects\misleading-installer\dynamic installer\obj\Release\installer.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
installer__opgx99.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5e:8b:85:78:e4:21:83:fd:1f:84:cf:04
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

16/06/2023, 06:32

Not After

21/07/2025, 13:59

Subject

SERIALNUMBER=1086168004669,CN=ROSTPAY LLC,O=ROSTPAY LLC,STREET=Dolomanovsky lane\, 70D apt.1(10th floor),L=Rostov-on-Don,ST=Rostov Oblast,C=RU,1.2.840.113549.1.9.1=#0c12737570706f727440726f73747061792e7275,1.3.6.1.4.1.311.60.2.1.2=#130d526f73746f76204f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3e:f2:61:1f:a7:80:70:a7:d1:05:17:86:80:57:dd:2e:3e:fd:2b:92:22:43:cc:20:a6:40:0c:3d:b5:62:73:9d
Signer

Actual PE Digest

3e:f2:61:1f:a7:80:70:a7:d1:05:17:86:80:57:dd:2e:3e:fd:2b:92:22:43:cc:20:a6:40:0c:3d:b5:62:73:9d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Projects\misleading-installer\dynamic installer\obj\Release\installer.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
patch-1781627.exe
.exe windows:5 windows x86 arch:x86

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

36:92:62:2f:d8:26:08:22:46:4f:a3:ed
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

20/07/2022, 07:27

Not After

21/07/2023, 07:27

Subject

CN=IP Iaroslavskii Anton Andreyevich,O=IP Iaroslavskii Anton Andreyevich,L=Petrozavodsk,ST=Republic of Karelia,C=RU,1.2.840.113549.1.9.1=#0c1666756e646f726167616d65734079616e6465782e7275

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

36:92:62:2f:d8:26:08:22:46:4f:a3:ed
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

20/07/2022, 07:27

Not After

21/07/2023, 07:27

Subject

CN=IP Iaroslavskii Anton Andreyevich,O=IP Iaroslavskii Anton Andreyevich,L=Petrozavodsk,ST=Republic of Karelia,C=RU,1.2.840.113549.1.9.1=#0c1666756e646f726167616d65734079616e6465782e7275

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f4:92:d8:87:be:1c:8a:8c:68:d7:e9:e0:fd:e1:ab:e6:49:4f:f8:06:a2:8b:09:b9:05:9e:1e:84:2d:ff:63:70
Signer

Actual PE Digest

f4:92:d8:87:be:1c:8a:8c:68:d7:e9:e0:fd:e1:ab:e6:49:4f:f8:06:a2:8b:09:b9:05:9e:1e:84:2d:ff:63:70

Digest Algorithm

sha256

PE Digest Matches

true

9d:88:92:64:12:5c:6e:67:79:c6:e0:3f:95:1d:e3:66:15:89:93:ee
Signer

Actual PE Digest

9d:88:92:64:12:5c:6e:67:79:c6:e0:3f:95:1d:e3:66:15:89:93:ee

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 18.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 8.5MB - Virtual size: 8.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
photoshop-2024-key_id4406296ids1s.exe
.exe windows:6 windows x86 arch:x86

ef9a9e856606405623e1b97b65e4bbdd

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:f2:7c:b5:1d:02:e6:b6:f0:22:b5:f2:3e:ea:68:86
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/09/2023, 00:00

Not After

04/09/2026, 23:59

Subject

CN=Global Microtrading PTE. LTD,O=Global Microtrading PTE. LTD,L=Singapore,C=SG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:f2:7c:b5:1d:02:e6:b6:f0:22:b5:f2:3e:ea:68:86
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/09/2023, 00:00

Not After

04/09/2026, 23:59

Subject

CN=Global Microtrading PTE. LTD,O=Global Microtrading PTE. LTD,L=Singapore,C=SG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

42:78:b9:b8:5b:38:52:e9:51:02:bd:91:d6:c9:a3:10:48:8f:78:a8:6e:90:28:af:72:5b:af:be:71:31:09:cc
Signer

Actual PE Digest

42:78:b9:b8:5b:38:52:e9:51:02:bd:91:d6:c9:a3:10:48:8f:78:a8:6e:90:28:af:72:5b:af:be:71:31:09:cc

Digest Algorithm

sha256

PE Digest Matches

true

cf:2b:a3:c8:1a:c9:21:ac:fa:03:24:96:d2:9d:dc:dd:b7:61:a1:7f
Signer

Actual PE Digest

cf:2b:a3:c8:1a:c9:21:ac:fa:03:24:96:d2:9d:dc:dd:b7:61:a1:7f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostname
getnameinfo
ioctlsocket
sendto
recvfrom
freeaddrinfo
getaddrinfo
listen
htonl
accept
select
__WSAFDIsSet
WSACleanup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
recv
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
WSAStartup
shutdown

crypt32

CertCloseStore
CertFindCertificateInStore
CertOpenStore
CertGetCertificateContextProperty
CertOpenSystemStoreW
CertGetEnhancedKeyUsage
CertEnumCertificatesInStore
CertGetIntendedKeyUsage
CertDuplicateCertificateContext
CertFreeCertificateContext

wldap32

ord117
ord41
ord27
ord127
ord167
ord142
ord79
ord133
ord147
ord301
ord219
ord26
ord208
ord216
ord14
ord46
ord145

kernel32

DisconnectNamedPipe
CreateNamedPipeW
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
Sleep
RaiseException
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetExitCodeProcess
CreateFileW
SetEndOfFile
SetFilePointer
GetTickCount
ExpandEnvironmentStringsW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileSizeEx
RemoveDirectoryW
GetTempPathW
SetErrorMode
CreateMutexW
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
CreateProcessW
OpenProcess
GetVersionExW
IsWow64Process
GetModuleFileNameW
GetModuleHandleW
LocalFree
FormatMessageW
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCommandLineW
GetLastError
GetCurrentThreadId
IsBadWritePtr
GetSystemTime
GetSystemDefaultUILanguage
SetLastError
EnterCriticalSection
LeaveCriticalSection
FindResourceExW
GlobalAlloc
GlobalUnlock
GlobalLock
MulDiv
lstrcmpW
DecodePointer
FreeLibrary
GetProcAddress
LoadLibraryExW
GlobalHandle
GlobalFree
lstrcmpiW
VerSetConditionMask
VerifyVersionInfoW
VirtualFree
VirtualAlloc
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryW
LoadLibraryW
QueryPerformanceCounter
MoveFileExW
WaitForSingleObjectEx
CompareFileTime
GetSystemTimeAsFileTime
GetEnvironmentVariableA
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
GetModuleHandleA
SetConsoleMode
GetEnvironmentVariableW
ReadConsoleA
GetConsoleMode
ReadConsoleW
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
GetModuleHandleExW
DeleteFiber
SwitchToFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryA
SystemTimeToFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
CloseHandle
WriteFile
ReadFile
FindResourceW
SizeofResource
LockResource
LoadResource
TerminateThread
CreateThread
SetFileAttributesW
WriteConsoleW
GetTimeZoneInformation
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetFullPathNameW
GetCurrentDirectoryW
SetStdHandle
EnumSystemLocalesW
FlushFileBuffers
GetUserDefaultLCID
OutputDebugStringW
EncodePointer
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
LoadLibraryExA
LCMapStringEx
GetStringTypeW
GetCPInfo
ConnectNamedPipe
RtlUnwind
GetFileAttributesExW
GetDriveTypeW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitThread
FreeLibraryAndExitThread
SetFilePointerEx
SetConsoleCtrlHandler
ExitProcess
GetConsoleOutputCP
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale

user32

SetWindowContextHelpId
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
GetCapture
TrackPopupMenu
AppendMenuW
DestroyMenu
CreatePopupMenu
DestroyAcceleratorTable
CreateAcceleratorTableW
KillTimer
ReleaseCapture
SetCapture
GetFocus
SetFocus
CharNextW
GetDlgItem
GetActiveWindow
MoveWindow
IsChild
IsWindow
GetCursorPos
RegisterClassExW
CallWindowProcW
PostQuitMessage
DefWindowProcW
RegisterWindowMessageW
PostThreadMessageW
PeekMessageW
SendMessageW
GetDesktopWindow
MessageBoxW
GetClientRect
ReleaseDC
GetDC
SetWindowPos
ShowWindow
DestroyWindow
CreateWindowExW
SetForegroundWindow
UnregisterClassW
AllowSetForegroundWindow
GetDlgCtrlID
GetWindowThreadProcessId
EnumWindows
CreateDialogIndirectParamW
ClientToScreen
ScreenToClient
MapWindowPoints
GetSysColor
FillRect
GetWindowLongW
SetWindowLongW
GetParent
GetClassNameW
GetWindow
DispatchMessageW
TranslateMessage
DrawTextW
GetProcessWindowStation
GetUserObjectInformationW
DestroyCursor
OffsetRect
InflateRect
CopyRect
FrameRect
DrawFocusRect
WindowFromPoint
SetCursor
GetClassInfoExW
DrawStateW
GetMessageW
GetMonitorInfoW
MonitorFromWindow
MonitorFromPoint
MapDialogRect
IsDialogMessageW
LoadImageW
LoadCursorW
EndDialog
LoadBitmapW
BeginPaint

gdi32

ExtTextOutW
MoveToEx
SetTextColor
SetBkMode
SetBkColor
LineTo
CreatePen
CreateBitmap
GetObjectW
SelectObject
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreateSolidBrush
CreateFontW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
ChoosePixelFormat
SetPixelFormat

advapi32

CryptEnumProvidersW
CryptDecrypt
CryptExportKey
CryptSetHashParam
CryptSignHashW
CryptGetProvParam
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptDestroyHash
CryptGetUserKey
CryptDestroyKey
RegQueryInfoKeyW
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
RegEnumKeyExW
RegEnumValueW
StartServiceW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegOpenKeyExW
RegQueryValueExW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
RegSetValueExW
CloseServiceHandle
CryptAcquireContextW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderPathW
Shell_NotifyIconW
SHBrowseForFolderW
SHGetSpecialFolderLocation
ShellExecuteW
CommandLineToArgvW
ShellExecuteExW

ole32

OleLockRunning
OleUninitialize
OleInitialize
CoTaskMemAlloc
StringFromGUID2
CoGetClassObject
CoTaskMemRealloc
CoUninitialize
OleRun
CoTaskMemFree
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal

oleaut32

SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
VariantClear
SysStringLen
SysAllocString
SysFreeString
GetErrorInfo
VarUI4FromStr
OleCreateFontIndirect
DispCallFunc
VariantChangeType
VariantInit
LoadRegTypeLi
LoadTypeLi

shlwapi

AssocQueryStringW

comctl32

InitCommonControlsEx

opengl32

wglCreateContext
wglDeleteContext
wglMakeCurrent
glGetString

wininet

HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetSetOptionW
InternetQueryOptionW
InternetReadFile
InternetConnectW
InternetCloseHandle
InternetOpenW

psapi

GetModuleBaseNameW
GetModuleFileNameExW
GetProcessImageFileNameW
EnumProcesses

bcrypt

BCryptGenRandom

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 704KB - Virtual size: 704KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
photoshop-cc-2017_id4406978ids1s.exe
.exe windows:6 windows x86 arch:x86

ef9a9e856606405623e1b97b65e4bbdd

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:f2:7c:b5:1d:02:e6:b6:f0:22:b5:f2:3e:ea:68:86
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/09/2023, 00:00

Not After

04/09/2026, 23:59

Subject

CN=Global Microtrading PTE. LTD,O=Global Microtrading PTE. LTD,L=Singapore,C=SG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:f2:7c:b5:1d:02:e6:b6:f0:22:b5:f2:3e:ea:68:86
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/09/2023, 00:00

Not After

04/09/2026, 23:59

Subject

CN=Global Microtrading PTE. LTD,O=Global Microtrading PTE. LTD,L=Singapore,C=SG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

42:78:b9:b8:5b:38:52:e9:51:02:bd:91:d6:c9:a3:10:48:8f:78:a8:6e:90:28:af:72:5b:af:be:71:31:09:cc
Signer

Actual PE Digest

42:78:b9:b8:5b:38:52:e9:51:02:bd:91:d6:c9:a3:10:48:8f:78:a8:6e:90:28:af:72:5b:af:be:71:31:09:cc

Digest Algorithm

sha256

PE Digest Matches

true

cf:2b:a3:c8:1a:c9:21:ac:fa:03:24:96:d2:9d:dc:dd:b7:61:a1:7f
Signer

Actual PE Digest

cf:2b:a3:c8:1a:c9:21:ac:fa:03:24:96:d2:9d:dc:dd:b7:61:a1:7f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostname
getnameinfo
ioctlsocket
sendto
recvfrom
freeaddrinfo
getaddrinfo
listen
htonl
accept
select
__WSAFDIsSet
WSACleanup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
recv
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
WSAStartup
shutdown

crypt32

CertCloseStore
CertFindCertificateInStore
CertOpenStore
CertGetCertificateContextProperty
CertOpenSystemStoreW
CertGetEnhancedKeyUsage
CertEnumCertificatesInStore
CertGetIntendedKeyUsage
CertDuplicateCertificateContext
CertFreeCertificateContext

wldap32

ord117
ord41
ord27
ord127
ord167
ord142
ord79
ord133
ord147
ord301
ord219
ord26
ord208
ord216
ord14
ord46
ord145

kernel32

DisconnectNamedPipe
CreateNamedPipeW
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
Sleep
RaiseException
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetExitCodeProcess
CreateFileW
SetEndOfFile
SetFilePointer
GetTickCount
ExpandEnvironmentStringsW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileSizeEx
RemoveDirectoryW
GetTempPathW
SetErrorMode
CreateMutexW
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
CreateProcessW
OpenProcess
GetVersionExW
IsWow64Process
GetModuleFileNameW
GetModuleHandleW
LocalFree
FormatMessageW
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCommandLineW
GetLastError
GetCurrentThreadId
IsBadWritePtr
GetSystemTime
GetSystemDefaultUILanguage
SetLastError
EnterCriticalSection
LeaveCriticalSection
FindResourceExW
GlobalAlloc
GlobalUnlock
GlobalLock
MulDiv
lstrcmpW
DecodePointer
FreeLibrary
GetProcAddress
LoadLibraryExW
GlobalHandle
GlobalFree
lstrcmpiW
VerSetConditionMask
VerifyVersionInfoW
VirtualFree
VirtualAlloc
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryW
LoadLibraryW
QueryPerformanceCounter
MoveFileExW
WaitForSingleObjectEx
CompareFileTime
GetSystemTimeAsFileTime
GetEnvironmentVariableA
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
GetModuleHandleA
SetConsoleMode
GetEnvironmentVariableW
ReadConsoleA
GetConsoleMode
ReadConsoleW
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
GetModuleHandleExW
DeleteFiber
SwitchToFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryA
SystemTimeToFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
CloseHandle
WriteFile
ReadFile
FindResourceW
SizeofResource
LockResource
LoadResource
TerminateThread
CreateThread
SetFileAttributesW
WriteConsoleW
GetTimeZoneInformation
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetFullPathNameW
GetCurrentDirectoryW
SetStdHandle
EnumSystemLocalesW
FlushFileBuffers
GetUserDefaultLCID
OutputDebugStringW
EncodePointer
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
LoadLibraryExA
LCMapStringEx
GetStringTypeW
GetCPInfo
ConnectNamedPipe
RtlUnwind
GetFileAttributesExW
GetDriveTypeW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitThread
FreeLibraryAndExitThread
SetFilePointerEx
SetConsoleCtrlHandler
ExitProcess
GetConsoleOutputCP
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale

user32

SetWindowContextHelpId
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
GetCapture
TrackPopupMenu
AppendMenuW
DestroyMenu
CreatePopupMenu
DestroyAcceleratorTable
CreateAcceleratorTableW
KillTimer
ReleaseCapture
SetCapture
GetFocus
SetFocus
CharNextW
GetDlgItem
GetActiveWindow
MoveWindow
IsChild
IsWindow
GetCursorPos
RegisterClassExW
CallWindowProcW
PostQuitMessage
DefWindowProcW
RegisterWindowMessageW
PostThreadMessageW
PeekMessageW
SendMessageW
GetDesktopWindow
MessageBoxW
GetClientRect
ReleaseDC
GetDC
SetWindowPos
ShowWindow
DestroyWindow
CreateWindowExW
SetForegroundWindow
UnregisterClassW
AllowSetForegroundWindow
GetDlgCtrlID
GetWindowThreadProcessId
EnumWindows
CreateDialogIndirectParamW
ClientToScreen
ScreenToClient
MapWindowPoints
GetSysColor
FillRect
GetWindowLongW
SetWindowLongW
GetParent
GetClassNameW
GetWindow
DispatchMessageW
TranslateMessage
DrawTextW
GetProcessWindowStation
GetUserObjectInformationW
DestroyCursor
OffsetRect
InflateRect
CopyRect
FrameRect
DrawFocusRect
WindowFromPoint
SetCursor
GetClassInfoExW
DrawStateW
GetMessageW
GetMonitorInfoW
MonitorFromWindow
MonitorFromPoint
MapDialogRect
IsDialogMessageW
LoadImageW
LoadCursorW
EndDialog
LoadBitmapW
BeginPaint

gdi32

ExtTextOutW
MoveToEx
SetTextColor
SetBkMode
SetBkColor
LineTo
CreatePen
CreateBitmap
GetObjectW
SelectObject
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreateSolidBrush
CreateFontW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
ChoosePixelFormat
SetPixelFormat

advapi32

CryptEnumProvidersW
CryptDecrypt
CryptExportKey
CryptSetHashParam
CryptSignHashW
CryptGetProvParam
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptDestroyHash
CryptGetUserKey
CryptDestroyKey
RegQueryInfoKeyW
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
RegEnumKeyExW
RegEnumValueW
StartServiceW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegOpenKeyExW
RegQueryValueExW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
RegSetValueExW
CloseServiceHandle
CryptAcquireContextW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderPathW
Shell_NotifyIconW
SHBrowseForFolderW
SHGetSpecialFolderLocation
ShellExecuteW
CommandLineToArgvW
ShellExecuteExW

ole32

OleLockRunning
OleUninitialize
OleInitialize
CoTaskMemAlloc
StringFromGUID2
CoGetClassObject
CoTaskMemRealloc
CoUninitialize
OleRun
CoTaskMemFree
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal

oleaut32

SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
VariantClear
SysStringLen
SysAllocString
SysFreeString
GetErrorInfo
VarUI4FromStr
OleCreateFontIndirect
DispCallFunc
VariantChangeType
VariantInit
LoadRegTypeLi
LoadTypeLi

shlwapi

AssocQueryStringW

comctl32

InitCommonControlsEx

opengl32

wglCreateContext
wglDeleteContext
wglMakeCurrent
glGetString

wininet

HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetSetOptionW
InternetQueryOptionW
InternetReadFile
InternetConnectW
InternetCloseHandle
InternetOpenW

psapi

GetModuleBaseNameW
GetModuleFileNameExW
GetProcessImageFileNameW
EnumProcesses

bcrypt

BCryptGenRandom

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 704KB - Virtual size: 704KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
photoshop-cc-2017_id4408005ids1s.exe
.exe windows:6 windows x86 arch:x86

ef9a9e856606405623e1b97b65e4bbdd

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:f2:7c:b5:1d:02:e6:b6:f0:22:b5:f2:3e:ea:68:86
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/09/2023, 00:00

Not After

04/09/2026, 23:59

Subject

CN=Global Microtrading PTE. LTD,O=Global Microtrading PTE. LTD,L=Singapore,C=SG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:f2:7c:b5:1d:02:e6:b6:f0:22:b5:f2:3e:ea:68:86
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/09/2023, 00:00

Not After

04/09/2026, 23:59

Subject

CN=Global Microtrading PTE. LTD,O=Global Microtrading PTE. LTD,L=Singapore,C=SG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

42:78:b9:b8:5b:38:52:e9:51:02:bd:91:d6:c9:a3:10:48:8f:78:a8:6e:90:28:af:72:5b:af:be:71:31:09:cc
Signer

Actual PE Digest

42:78:b9:b8:5b:38:52:e9:51:02:bd:91:d6:c9:a3:10:48:8f:78:a8:6e:90:28:af:72:5b:af:be:71:31:09:cc

Digest Algorithm

sha256

PE Digest Matches

true

cf:2b:a3:c8:1a:c9:21:ac:fa:03:24:96:d2:9d:dc:dd:b7:61:a1:7f
Signer

Actual PE Digest

cf:2b:a3:c8:1a:c9:21:ac:fa:03:24:96:d2:9d:dc:dd:b7:61:a1:7f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostname
getnameinfo
ioctlsocket
sendto
recvfrom
freeaddrinfo
getaddrinfo
listen
htonl
accept
select
__WSAFDIsSet
WSACleanup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
recv
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
WSAStartup
shutdown

crypt32

CertCloseStore
CertFindCertificateInStore
CertOpenStore
CertGetCertificateContextProperty
CertOpenSystemStoreW
CertGetEnhancedKeyUsage
CertEnumCertificatesInStore
CertGetIntendedKeyUsage
CertDuplicateCertificateContext
CertFreeCertificateContext

wldap32

ord117
ord41
ord27
ord127
ord167
ord142
ord79
ord133
ord147
ord301
ord219
ord26
ord208
ord216
ord14
ord46
ord145

kernel32

DisconnectNamedPipe
CreateNamedPipeW
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
Sleep
RaiseException
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetExitCodeProcess
CreateFileW
SetEndOfFile
SetFilePointer
GetTickCount
ExpandEnvironmentStringsW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileSizeEx
RemoveDirectoryW
GetTempPathW
SetErrorMode
CreateMutexW
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
CreateProcessW
OpenProcess
GetVersionExW
IsWow64Process
GetModuleFileNameW
GetModuleHandleW
LocalFree
FormatMessageW
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCommandLineW
GetLastError
GetCurrentThreadId
IsBadWritePtr
GetSystemTime
GetSystemDefaultUILanguage
SetLastError
EnterCriticalSection
LeaveCriticalSection
FindResourceExW
GlobalAlloc
GlobalUnlock
GlobalLock
MulDiv
lstrcmpW
DecodePointer
FreeLibrary
GetProcAddress
LoadLibraryExW
GlobalHandle
GlobalFree
lstrcmpiW
VerSetConditionMask
VerifyVersionInfoW
VirtualFree
VirtualAlloc
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryW
LoadLibraryW
QueryPerformanceCounter
MoveFileExW
WaitForSingleObjectEx
CompareFileTime
GetSystemTimeAsFileTime
GetEnvironmentVariableA
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
GetModuleHandleA
SetConsoleMode
GetEnvironmentVariableW
ReadConsoleA
GetConsoleMode
ReadConsoleW
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
GetModuleHandleExW
DeleteFiber
SwitchToFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryA
SystemTimeToFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
CloseHandle
WriteFile
ReadFile
FindResourceW
SizeofResource
LockResource
LoadResource
TerminateThread
CreateThread
SetFileAttributesW
WriteConsoleW
GetTimeZoneInformation
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetFullPathNameW
GetCurrentDirectoryW
SetStdHandle
EnumSystemLocalesW
FlushFileBuffers
GetUserDefaultLCID
OutputDebugStringW
EncodePointer
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
LoadLibraryExA
LCMapStringEx
GetStringTypeW
GetCPInfo
ConnectNamedPipe
RtlUnwind
GetFileAttributesExW
GetDriveTypeW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitThread
FreeLibraryAndExitThread
SetFilePointerEx
SetConsoleCtrlHandler
ExitProcess
GetConsoleOutputCP
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale

user32

SetWindowContextHelpId
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
GetCapture
TrackPopupMenu
AppendMenuW
DestroyMenu
CreatePopupMenu
DestroyAcceleratorTable
CreateAcceleratorTableW
KillTimer
ReleaseCapture
SetCapture
GetFocus
SetFocus
CharNextW
GetDlgItem
GetActiveWindow
MoveWindow
IsChild
IsWindow
GetCursorPos
RegisterClassExW
CallWindowProcW
PostQuitMessage
DefWindowProcW
RegisterWindowMessageW
PostThreadMessageW
PeekMessageW
SendMessageW
GetDesktopWindow
MessageBoxW
GetClientRect
ReleaseDC
GetDC
SetWindowPos
ShowWindow
DestroyWindow
CreateWindowExW
SetForegroundWindow
UnregisterClassW
AllowSetForegroundWindow
GetDlgCtrlID
GetWindowThreadProcessId
EnumWindows
CreateDialogIndirectParamW
ClientToScreen
ScreenToClient
MapWindowPoints
GetSysColor
FillRect
GetWindowLongW
SetWindowLongW
GetParent
GetClassNameW
GetWindow
DispatchMessageW
TranslateMessage
DrawTextW
GetProcessWindowStation
GetUserObjectInformationW
DestroyCursor
OffsetRect
InflateRect
CopyRect
FrameRect
DrawFocusRect
WindowFromPoint
SetCursor
GetClassInfoExW
DrawStateW
GetMessageW
GetMonitorInfoW
MonitorFromWindow
MonitorFromPoint
MapDialogRect
IsDialogMessageW
LoadImageW
LoadCursorW
EndDialog
LoadBitmapW
BeginPaint

gdi32

ExtTextOutW
MoveToEx
SetTextColor
SetBkMode
SetBkColor
LineTo
CreatePen
CreateBitmap
GetObjectW
SelectObject
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreateSolidBrush
CreateFontW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
ChoosePixelFormat
SetPixelFormat

advapi32

CryptEnumProvidersW
CryptDecrypt
CryptExportKey
CryptSetHashParam
CryptSignHashW
CryptGetProvParam
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptDestroyHash
CryptGetUserKey
CryptDestroyKey
RegQueryInfoKeyW
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
RegEnumKeyExW
RegEnumValueW
StartServiceW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegOpenKeyExW
RegQueryValueExW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
RegSetValueExW
CloseServiceHandle
CryptAcquireContextW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderPathW
Shell_NotifyIconW
SHBrowseForFolderW
SHGetSpecialFolderLocation
ShellExecuteW
CommandLineToArgvW
ShellExecuteExW

ole32

OleLockRunning
OleUninitialize
OleInitialize
CoTaskMemAlloc
StringFromGUID2
CoGetClassObject
CoTaskMemRealloc
CoUninitialize
OleRun
CoTaskMemFree
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal

oleaut32

SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
VariantClear
SysStringLen
SysAllocString
SysFreeString
GetErrorInfo
VarUI4FromStr
OleCreateFontIndirect
DispCallFunc
VariantChangeType
VariantInit
LoadRegTypeLi
LoadTypeLi

shlwapi

AssocQueryStringW

comctl32

InitCommonControlsEx

opengl32

wglCreateContext
wglDeleteContext
wglMakeCurrent
glGetString

wininet

HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetSetOptionW
InternetQueryOptionW
InternetReadFile
InternetConnectW
InternetCloseHandle
InternetOpenW

psapi

GetModuleBaseNameW
GetModuleFileNameExW
GetProcessImageFileNameW
EnumProcesses

bcrypt

BCryptGenRandom

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 704KB - Virtual size: 704KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
photoshop_2022_id4408373ids1s.exe
.exe windows:6 windows x86 arch:x86

ef9a9e856606405623e1b97b65e4bbdd

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:f2:7c:b5:1d:02:e6:b6:f0:22:b5:f2:3e:ea:68:86
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/09/2023, 00:00

Not After

04/09/2026, 23:59

Subject

CN=Global Microtrading PTE. LTD,O=Global Microtrading PTE. LTD,L=Singapore,C=SG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:f2:7c:b5:1d:02:e6:b6:f0:22:b5:f2:3e:ea:68:86
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/09/2023, 00:00

Not After

04/09/2026, 23:59

Subject

CN=Global Microtrading PTE. LTD,O=Global Microtrading PTE. LTD,L=Singapore,C=SG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

42:78:b9:b8:5b:38:52:e9:51:02:bd:91:d6:c9:a3:10:48:8f:78:a8:6e:90:28:af:72:5b:af:be:71:31:09:cc
Signer

Actual PE Digest

42:78:b9:b8:5b:38:52:e9:51:02:bd:91:d6:c9:a3:10:48:8f:78:a8:6e:90:28:af:72:5b:af:be:71:31:09:cc

Digest Algorithm

sha256

PE Digest Matches

true

cf:2b:a3:c8:1a:c9:21:ac:fa:03:24:96:d2:9d:dc:dd:b7:61:a1:7f
Signer

Actual PE Digest

cf:2b:a3:c8:1a:c9:21:ac:fa:03:24:96:d2:9d:dc:dd:b7:61:a1:7f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostname
getnameinfo
ioctlsocket
sendto
recvfrom
freeaddrinfo
getaddrinfo
listen
htonl
accept
select
__WSAFDIsSet
WSACleanup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
recv
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
WSAStartup
shutdown

crypt32

CertCloseStore
CertFindCertificateInStore
CertOpenStore
CertGetCertificateContextProperty
CertOpenSystemStoreW
CertGetEnhancedKeyUsage
CertEnumCertificatesInStore
CertGetIntendedKeyUsage
CertDuplicateCertificateContext
CertFreeCertificateContext

wldap32

ord117
ord41
ord27
ord127
ord167
ord142
ord79
ord133
ord147
ord301
ord219
ord26
ord208
ord216
ord14
ord46
ord145

kernel32

DisconnectNamedPipe
CreateNamedPipeW
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
Sleep
RaiseException
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetExitCodeProcess
CreateFileW
SetEndOfFile
SetFilePointer
GetTickCount
ExpandEnvironmentStringsW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileSizeEx
RemoveDirectoryW
GetTempPathW
SetErrorMode
CreateMutexW
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
CreateProcessW
OpenProcess
GetVersionExW
IsWow64Process
GetModuleFileNameW
GetModuleHandleW
LocalFree
FormatMessageW
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCommandLineW
GetLastError
GetCurrentThreadId
IsBadWritePtr
GetSystemTime
GetSystemDefaultUILanguage
SetLastError
EnterCriticalSection
LeaveCriticalSection
FindResourceExW
GlobalAlloc
GlobalUnlock
GlobalLock
MulDiv
lstrcmpW
DecodePointer
FreeLibrary
GetProcAddress
LoadLibraryExW
GlobalHandle
GlobalFree
lstrcmpiW
VerSetConditionMask
VerifyVersionInfoW
VirtualFree
VirtualAlloc
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryW
LoadLibraryW
QueryPerformanceCounter
MoveFileExW
WaitForSingleObjectEx
CompareFileTime
GetSystemTimeAsFileTime
GetEnvironmentVariableA
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
GetModuleHandleA
SetConsoleMode
GetEnvironmentVariableW
ReadConsoleA
GetConsoleMode
ReadConsoleW
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
GetModuleHandleExW
DeleteFiber
SwitchToFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryA
SystemTimeToFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
CloseHandle
WriteFile
ReadFile
FindResourceW
SizeofResource
LockResource
LoadResource
TerminateThread
CreateThread
SetFileAttributesW
WriteConsoleW
GetTimeZoneInformation
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetFullPathNameW
GetCurrentDirectoryW
SetStdHandle
EnumSystemLocalesW
FlushFileBuffers
GetUserDefaultLCID
OutputDebugStringW
EncodePointer
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
LoadLibraryExA
LCMapStringEx
GetStringTypeW
GetCPInfo
ConnectNamedPipe
RtlUnwind
GetFileAttributesExW
GetDriveTypeW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitThread
FreeLibraryAndExitThread
SetFilePointerEx
SetConsoleCtrlHandler
ExitProcess
GetConsoleOutputCP
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale

user32

SetWindowContextHelpId
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
GetCapture
TrackPopupMenu
AppendMenuW
DestroyMenu
CreatePopupMenu
DestroyAcceleratorTable
CreateAcceleratorTableW
KillTimer
ReleaseCapture
SetCapture
GetFocus
SetFocus
CharNextW
GetDlgItem
GetActiveWindow
MoveWindow
IsChild
IsWindow
GetCursorPos
RegisterClassExW
CallWindowProcW
PostQuitMessage
DefWindowProcW
RegisterWindowMessageW
PostThreadMessageW
PeekMessageW
SendMessageW
GetDesktopWindow
MessageBoxW
GetClientRect
ReleaseDC
GetDC
SetWindowPos
ShowWindow
DestroyWindow
CreateWindowExW
SetForegroundWindow
UnregisterClassW
AllowSetForegroundWindow
GetDlgCtrlID
GetWindowThreadProcessId
EnumWindows
CreateDialogIndirectParamW
ClientToScreen
ScreenToClient
MapWindowPoints
GetSysColor
FillRect
GetWindowLongW
SetWindowLongW
GetParent
GetClassNameW
GetWindow
DispatchMessageW
TranslateMessage
DrawTextW
GetProcessWindowStation
GetUserObjectInformationW
DestroyCursor
OffsetRect
InflateRect
CopyRect
FrameRect
DrawFocusRect
WindowFromPoint
SetCursor
GetClassInfoExW
DrawStateW
GetMessageW
GetMonitorInfoW
MonitorFromWindow
MonitorFromPoint
MapDialogRect
IsDialogMessageW
LoadImageW
LoadCursorW
EndDialog
LoadBitmapW
BeginPaint

gdi32

ExtTextOutW
MoveToEx
SetTextColor
SetBkMode
SetBkColor
LineTo
CreatePen
CreateBitmap
GetObjectW
SelectObject
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreateSolidBrush
CreateFontW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
ChoosePixelFormat
SetPixelFormat

advapi32

CryptEnumProvidersW
CryptDecrypt
CryptExportKey
CryptSetHashParam
CryptSignHashW
CryptGetProvParam
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptDestroyHash
CryptGetUserKey
CryptDestroyKey
RegQueryInfoKeyW
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
RegEnumKeyExW
RegEnumValueW
StartServiceW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegOpenKeyExW
RegQueryValueExW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
RegSetValueExW
CloseServiceHandle
CryptAcquireContextW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderPathW
Shell_NotifyIconW
SHBrowseForFolderW
SHGetSpecialFolderLocation
ShellExecuteW
CommandLineToArgvW
ShellExecuteExW

ole32

OleLockRunning
OleUninitialize
OleInitialize
CoTaskMemAlloc
StringFromGUID2
CoGetClassObject
CoTaskMemRealloc
CoUninitialize
OleRun
CoTaskMemFree
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal

oleaut32

SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
VariantClear
SysStringLen
SysAllocString
SysFreeString
GetErrorInfo
VarUI4FromStr
OleCreateFontIndirect
DispCallFunc
VariantChangeType
VariantInit
LoadRegTypeLi
LoadTypeLi

shlwapi

AssocQueryStringW

comctl32

InitCommonControlsEx

opengl32

wglCreateContext
wglDeleteContext
wglMakeCurrent
glGetString

wininet

HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetSetOptionW
InternetQueryOptionW
InternetReadFile
InternetConnectW
InternetCloseHandle
InternetOpenW

psapi

GetModuleBaseNameW
GetModuleFileNameExW
GetProcessImageFileNameW
EnumProcesses

bcrypt

BCryptGenRandom

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 704KB - Virtual size: 704KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40ab50289f7ef5fae60801f88d4541fc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

comctl32

user32

oleaut32

advapi32

Exports

Exports

Sections

.text Size: 662KB - Virtual size: 661KB

.itext Size: 7KB - Virtual size: 6KB

.data Size: 14KB - Virtual size: 14KB

.bss Size: - Virtual size: 28KB

.idata Size: 4KB - Virtual size: 3KB

.didata Size: 512B - Virtual size: 420B

.edata Size: 512B - Virtual size: 113B

.tls Size: - Virtual size: 24B

.rdata Size: 512B - Virtual size: 93B

.rsrc Size: 68KB - Virtual size: 68KB

d65e30146b16dbd7905cef42c0dae1eb

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

65:30:e6:32:71:e8:11:e7:67:7b:e5:4aCertificate

Extended Key Usages

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

65:30:e6:32:71:e8:11:e7:67:7b:e5:4aCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

f1:f2:29:a2:b5:27:b4:0d:fc:e0:c2:a9:de:fb:18:28:62:03:83:0b:9d:c1:9a:74:66:fc:0a:03:2a:35:c3:e5Signer

7f:74:d1:e8:59:3f:9a:69:85:0d:d3:40:87:b7:1b:45:17:b4:60:5eSigner

Headers

DLL Characteristics

File Characteristics

Imports

powrprof

crypt32

ws2_32

normaliz

kernel32

user32

gdi32

advapi32

shell32

ole32

.text
Size: 662KB - Virtual size: 661KB

.itext
Size: 7KB - Virtual size: 6KB

.data
Size: 14KB - Virtual size: 14KB

.bss
Size: - Virtual size: 28KB

.idata
Size: 4KB - Virtual size: 3KB

.didata
Size: 512B - Virtual size: 420B

.edata
Size: 512B - Virtual size: 113B

.tls
Size: - Virtual size: 24B

.rdata
Size: 512B - Virtual size: 93B

.rsrc
Size: 68KB - Virtual size: 68KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

65:30:e6:32:71:e8:11:e7:67:7b:e5:4a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

65:30:e6:32:71:e8:11:e7:67:7b:e5:4a
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

f1:f2:29:a2:b5:27:b4:0d:fc:e0:c2:a9:de:fb:18:28:62:03:83:0b:9d:c1:9a:74:66:fc:0a:03:2a:35:c3:e5
Signer

7f:74:d1:e8:59:3f:9a:69:85:0d:d3:40:87:b7:1b:45:17:b4:60:5e
Signer

.text
Size: 627KB - Virtual size: 626KB

.rdata
Size: 166KB - Virtual size: 165KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 87KB - Virtual size: 86KB

.reloc
Size: 34KB - Virtual size: 33KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

65:30:e6:32:71:e8:11:e7:67:7b:e5:4a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

65:30:e6:32:71:e8:11:e7:67:7b:e5:4a
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

a0:51:c6:90:e0:22:82:72:9d:da:c1:47:30:cc:1b:0f:14:31:60:76:56:90:04:80:80:40:8b:07:bb:2a:00:9a
Signer

a5:ea:8b:e7:4c:dd:84:d4:b9:08:e4:30:56:c0:c0:99:00:ce:49:f6
Signer