be97e750745f18e223e44d1ae8fed09d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

be97e750745f18e223e44d1ae8fed09d_JaffaCakes118
Size

12.9MB
MD5

be97e750745f18e223e44d1ae8fed09d
SHA1

8d16a312bf9811462a8ab1a74cd5f3ce48bf44a3
SHA256

b1e420db4a4e1d6e17d0d5431587b7774722ece3eabc31d9b5fbe75146f6b31f
SHA512

d32ea1b0a1a4e1fd1e58c63c8899003ecc16b5898185ec95e1071f4fb8c10d53c2db175ac84929dcadcb9c8b1d295f14257ffb90d5da5a9e7f7ff8ac615419eb
SSDEEP

393216:vmng8hrD4L3WLWTKB365H8oiuTeRTWW34qQR3T:+ngS16N5/b44DR3T

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Windows Sysinternals Suite 2011.02.23/DMON.SYS
unpack001/Windows Sysinternals Suite 2011.02.23/ctrl2cap.nt4.sys
unpack001/Windows Sysinternals Suite 2011.02.23/ctrl2cap.nt5.sys

Files

be97e750745f18e223e44d1ae8fed09d_JaffaCakes118
.zip
155ɫվ.url
.url
Windows Sysinternals Suite 2011.02.23/ADExplorer.exe
.exe windows:5 windows x86 arch:x86

fc22a526c18358f987f144e2ac31d338

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2f:d4:4e:d4:2b:d9:7a:7d:c3:b0:f9:7b:8c:27:d5:6c:23:f4:3b:b4
Signer

Actual PE Digest

2f:d4:4e:d4:2b:d9:7a:7d:c3:b0:f9:7b:8c:27:d5:6c:23:f4:3b:b4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\src\ADExplorer\Release\ADExplorer.pdb

Imports

netapi32

NetUserGetGroups
NetUserGetLocalGroups

rpcrt4

UuidFromStringW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

LCMapStringA
GetConsoleMode
GetConsoleCP
GetModuleHandleA
DebugBreak
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
SetHandleCount
LCMapStringW
GetModuleFileNameA
GetStdHandle
ExitProcess
VirtualAlloc
VirtualFree
HeapCreate
GetStringTypeA
GetCurrentThreadId
SetLastError
TlsFree
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RaiseException
RtlUnwind
GetStartupInfoA
GetCommandLineA
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CreateThread
ResumeThread
ExitThread
HeapSize
HeapAlloc
GetStringTypeW
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
ExpandEnvironmentStringsA
GetProcessHeap
HeapFree
WideCharToMultiByte
lstrlenA
WriteFile
FileTimeToLocalFileTime
GetCurrentProcess
FreeLibrary
GetSystemInfo
GetLastError
Sleep
GetSystemTimeAsFileTime
MultiByteToWideChar
CreateFileW
ReadFile
GetSystemDirectoryW
OutputDebugStringW
GetFileSize
TlsAlloc
FormatMessageW
TlsSetValue
GetUserDefaultLangID
TlsGetValue
GetSystemDefaultLangID
LocalAlloc
LocalFree
GetTimeZoneInformation
FileTimeToSystemTime
GetTimeFormatW
CompareFileTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetDateFormatW
DeleteFileW
CloseHandle
DeleteCriticalSection
CreateFileMappingW
GlobalFree
EnterCriticalSection
GetProcAddress
GlobalUnlock
CompareStringW
GetModuleFileNameW
GetFileAttributesW
LeaveCriticalSection
GetVersionExW
LoadLibraryW
GlobalAlloc
InitializeCriticalSection
GetTickCount
GetModuleHandleW
GlobalLock
InterlockedDecrement
InterlockedIncrement
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
SetFilePointer
GetCommandLineW
SetStdHandle
FlushFileBuffers
VirtualQuery
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA

user32

DispatchMessageW
MoveWindow
CheckMenuItem
MsgWaitForMultipleObjects
DrawTextW
PostMessageW
SetCapture
LoadImageW
TrackPopupMenu
PostQuitMessage
GetMessageW
GetWindowRect
ScreenToClient
GetDlgItemInt
TranslateAcceleratorW
CloseClipboard
GetWindowTextLengthW
SetCursor
SetWindowPlacement
DestroyWindow
ClientToScreen
EndPaint
DialogBoxIndirectParamW
CopyIcon
IsZoomed
GetSubMenu
DeleteMenu
GetFocus
DialogBoxParamW
GetParent
LoadCursorW
MessageBeep
MenuItemFromPoint
GetClientRect
SetFocus
GetMenuItemInfoW
BeginPaint
PtInRect
SetPropW
InsertMenuItemW
TranslateMessage
LoadAcceleratorsW
InflateRect
ChildWindowFromPoint
SetDlgItemInt
GetMenu
IsDialogMessageW
DefWindowProcW
CallWindowProcW
GetPropW
DrawFrameControl
EndDeferWindowPos
DestroyIcon
SetWindowTextW
DestroyMenu
SetClipboardData
RegisterClassExW
LoadIconW
GetWindowPlacement
OffsetRect
InvalidateRect
LoadMenuW
GetWindowLongW
AppendMenuW
GetWindowTextW
PeekMessageW
GetClassNameW
EnableMenuItem
EmptyClipboard
GetDlgItem
SetWindowLongW
EndDialog
SendDlgItemMessageW
GetSysColor
SetWindowPos
CheckDlgButton
EnumChildWindows
ShowWindow
CreatePopupMenu
GetSysColorBrush
IsDlgButtonChecked
CreateDialogParamW
DrawMenuBar
GetActiveWindow
GetMenuItemCount
CreateWindowExW
SetMenuDefaultItem
OpenClipboard
DeferWindowPos
MessageBoxW
ReleaseCapture
BeginDeferWindowPos
GetSystemMetrics
IsWindowVisible
GetDlgItemTextW
SetDlgItemTextW
SendMessageW
MapWindowPoints
UpdateWindow
EnableWindow

gdi32

SetBkColor
ExtTextOutW
EndPage
StartPage
GetDeviceCaps
SetMapMode
SetTextColor
CreateFontIndirectW
SetBkMode
SelectObject
GetObjectW
EndDoc
GetStockObject
StartDocW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
PrintDlgW

advapi32

GetSecurityDescriptorLength
RegDeleteValueW
RegCreateKeyW
RegEnumValueW
RegSetValueExW
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetLengthSid
ConvertSidToStringSidW
ConvertSecurityDescriptorToStringSecurityDescriptorW
RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
IsValidSid
GetSecurityDescriptorOwner
GetSidIdentifierAuthority
GetSidSubAuthority
MapGenericMask
GetSidSubAuthorityCount
EqualSid
GetAce
LookupAccountSidW
AllocateAndInitializeSid
RegCloseKey

shell32

CommandLineToArgvW
ShellExecuteW

ole32

CoInitialize
CreateBindCtx
CoUninitialize
CoCreateInstance
IIDFromString
StringFromGUID2

oleaut32

SafeArrayAccessData
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayGetUBound
SysFreeString
SafeArrayGetElement
VarDateFromStr
VariantChangeType
VariantInit
SysAllocStringByteLen
VariantClear
SafeArrayGetLBound
SysStringLen
SysAllocString

comctl32

ImageList_Draw
CreateToolbarEx
CreatePropertySheetPageW
ImageList_Create
ImageList_ReplaceIcon
ImageList_EndDrag
ImageList_DragMove
ImageList_BeginDrag
ImageList_DragLeave
ImageList_DragEnter
ord17
CreateStatusWindowW
PropertySheetW

activeds

ord9
ord20
ord15
ord12
ord13
ord7

wldap32

ord155
ord118
ord14
ord73
ord145
ord13
ord188
ord88

Sections

.text
Size: 316KB - Virtual size: 315KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/ADInsight.chm
.chm
Windows Sysinternals Suite 2011.02.23/ADInsight.exe
.exe windows:4 windows x86 arch:x86

d140f11cc65811212afe98adaa36a53a

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e6:6b:93:35:a4:b0:80:6a:fb:98:bd:67:94:dc:81:9d:e7:2b:78:88
Signer

Actual PE Digest

e6:6b:93:35:a4:b0:80:6a:fb:98:bd:67:94:dc:81:9d:e7:2b:78:88

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\ADInsight\Exe\release\ADInsight.pdb

Imports

comctl32

ImageList_ReplaceIcon
ord17
ImageList_GetIconSize
ImageList_SetBkColor
ImageList_Draw
ImageList_Add
ImageList_Destroy
ImageList_Create
ImageList_AddMasked
InitCommonControlsEx
ImageList_LoadImageW

ws2_32

WSACleanup
WSAStartup

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

SetThreadPriority
WaitForSingleObject
ResetEvent
SetEvent
GetLastError
SetWaitableTimer
WaitNamedPipeW
MoveFileExW
GetCurrentProcess
SetNamedPipeHandleState
GetVersionExW
OutputDebugStringW
ReleaseMutex
CreateWaitableTimerW
CreateFileW
LeaveCriticalSection
lstrlenW
GetCurrentThreadId
EnterCriticalSection
InitializeCriticalSection
MultiByteToWideChar
SetLastError
GlobalAlloc
GetTimeFormatW
GlobalUnlock
FileTimeToSystemTime
GlobalLock
GlobalReAlloc
HeapAlloc
CreateThread
HeapFree
GetProcessHeap
WriteFile
ReadFile
GetOverlappedResult
WaitForMultipleObjects
GetUserDefaultLangID
ReadProcessMemory
InterlockedIncrement
GetExitCodeThread
LoadLibraryA
GetStringTypeA
SetFilePointer
GetCurrentProcessId
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
HeapSize
GetConsoleMode
GetConsoleCP
LCMapStringW
LCMapStringA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
CreateNamedPipeW
InterlockedDecrement
GetCPInfo
GetModuleFileNameA
GetStdHandle
ExitProcess
GetModuleHandleA
HeapCreate
HeapDestroy
VirtualAlloc
VirtualFree
DeleteCriticalSection
RtlUnwind
RaiseException
GetStartupInfoA
GetVersionExA
GetCommandLineA
GetSystemTimeAsFileTime
HeapReAlloc
ResumeThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
ConnectNamedPipe
lstrcmpW
GetCommandLineW
CreateEventW
GetTickCount
LocalFree
GetCurrentDirectoryW
OpenProcess
GetModuleHandleW
CloseHandle
lstrcmpiW
LoadLibraryW
FreeLibrary
QueryPerformanceFrequency
QueryPerformanceCounter
FlushFileBuffers
GetComputerNameW
GetProcAddress
Sleep
WideCharToMultiByte
LoadResource
LockResource
FindResourceW
GetTempPathW
FindResourceExW
GetTempFileNameW
DeleteFileW
SizeofResource
GetModuleFileNameW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeW
GetLocaleInfoA
SetStdHandle
GetACP
SetEndOfFile
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
ExpandEnvironmentStringsA

user32

CloseClipboard
EmptyClipboard
OpenClipboard
DrawFocusRect
RegisterClassExW
DrawFrameControl
OffsetRect
EndPaint
SystemParametersInfoW
SetRect
DrawTextW
GetDCEx
SetWindowsHookExW
CallNextHookEx
UnhookWindowsHookEx
BeginPaint
PtInRect
GetSystemMetrics
GetDesktopWindow
GetIconInfo
UpdateWindow
ClientToScreen
CreateDialogParamW
GetWindowLongW
AppendMenuW
DeferWindowPos
GetWindowTextW
InvalidateRgn
DestroyMenu
LoadImageW
GetMenuState
GetActiveWindow
DispatchMessageW
EndDeferWindowPos
CreateIconIndirect
GetSubMenu
CreateWindowExW
DestroyWindow
ScreenToClient
ShowWindow
LoadIconW
FindWindowW
DefWindowProcW
MessageBoxW
IsChild
GetClientRect
SetWindowPos
CheckMenuItem
CreatePopupMenu
GetWindow
GetClassNameW
SendMessageTimeoutW
IsZoomed
IsIconic
CallWindowProcW
TrackMouseEvent
GetDlgItemTextW
GetDlgCtrlID
GetMessageW
GetWindowThreadProcessId
ReleaseCapture
TranslateAcceleratorW
PostQuitMessage
SetDlgItemInt
SetCapture
BeginDeferWindowPos
GetDlgItemInt
GetFocus
GetMenu
LoadMenuW
IsWindow
SetFocus
IsDialogMessageW
RegisterClassW
DestroyAcceleratorTable
PostMessageW
DialogBoxParamW
GetCursorPos
GetDC
SetWindowLongW
SetWindowTextW
TrackPopupMenu
MessageBeep
RegisterWindowMessageW
SetMenuItemInfoW
WaitForInputIdle
KillTimer
SendMessageW
ReleaseDC
SetForegroundWindow
EnableMenuItem
TranslateMessage
LoadStringW
IsDlgButtonChecked
CheckDlgButton
LoadAcceleratorsW
SetTimer
GetMenuItemInfoW
InvalidateRect
GetSysColor
GetWindowRect
SetDlgItemTextW
GetParent
GetSysColorBrush
ChildWindowFromPoint
LoadCursorW
GetDlgItem
MoveWindow
EndDialog
SetCursor
GetDlgItemTextA
SetDlgItemTextA
FlashWindow
CheckRadioButton
DrawIconEx
EnableWindow
FillRect
SetClipboardData
DestroyIcon
UnregisterClassA

gdi32

GetTextExtentPoint32W
LineTo
MoveToEx
SetBkColor
GetDIBits
BitBlt
CreateSolidBrush
DeleteDC
CreateCompatibleDC
CreateDIBSection
DeleteObject
CreateCompatibleBitmap
GetTextMetricsW
SetBkMode
SelectObject
SetTextColor
GetObjectW
CreateFontIndirectW
ExtTextOutW
GetStockObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW
FindTextW
ChooseFontW
ChooseColorW

advapi32

RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegSetValueW
RegCreateKeyW
RegQueryValueExW
ConvertSecurityDescriptorToStringSecurityDescriptorW
RegOpenKeyExA
RegQueryValueExA
OpenProcessToken
LookupAccountSidW
GetTokenInformation
RegOpenKeyW
ConvertSidToStringSidW
IsValidSid

shell32

SHGetFileInfoW
SHGetFolderPathW
ShellExecuteExW
Shell_NotifyIconW
CommandLineToArgvW
ShellExecuteW

shlwapi

SHDeleteKeyW

Sections

.text
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 584KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/AccessEnum.exe
.exe windows:4 windows x86 arch:x86

83787f51a42290311b4f8e08f0802867

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

bc:e2:6e:0f:15:48:9a:32:45:f6:3b:ef:ad:6d:fc:65:37:59:76:36
Signer

Actual PE Digest

bc:e2:6e:0f:15:48:9a:32:45:f6:3b:ef:ad:6d:fc:65:37:59:76:36

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetStartupInfoA
LocalAlloc
LocalFree
OpenProcess
CompareStringW
GetModuleHandleW
GetCurrentProcess
FindFirstFileW
FindNextFileW
FindClose
LoadLibraryW
GetProcAddress
GetLastError
CreateThread
FormatMessageW
SetThreadPriority
ResumeThread
DeleteFileW
GetFileAttributesW
Sleep
GetEnvironmentVariableW
InterlockedIncrement
CreateFileW
WriteFile
CloseHandle
InterlockedDecrement
lstrlenW

user32

GetSysColor
GetDlgItem
LoadCursorW
GetParent
GetSysColorBrush
SetCursor
InvalidateRect
ChildWindowFromPoint
CheckDlgButton
IsDlgButtonChecked
SetDlgItemTextW
EndPaint
DrawFrameControl
EnableWindow
DefWindowProcW
PostQuitMessage
DestroyMenu
TrackPopupMenu
SetMenuItemInfoW
GetWindowRect
MoveWindow
EndDialog
LoadIconW
SendMessageW
EnableMenuItem
GetSubMenu
LoadMenuW
GetFocus
ChildWindowFromPointEx
MapWindowPoints
SetWindowLongW
GetWindowLongW
SetWindowTextW
CheckMenuItem
GetMenuItemInfoW
GetMenu
CreateDialogParamW
GetDlgItemTextW
GetClientRect
BeginPaint
PtInRect
wsprintfW
IsWindowEnabled
DialogBoxParamW
SetClassLongW
PostMessageW
DispatchMessageW
TranslateMessage
IsDialogMessageW
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
UpdateWindow
ShowWindow
RegisterClassExW
InflateRect
DialogBoxIndirectParamW
FindWindowW
WaitForInputIdle
SetForegroundWindow
FindWindowExW
SetFocus
GetWindowThreadProcessId
CreatePopupMenu
InsertMenuItemW
GetCursorPos
SetWindowPos
LoadImageW
ScreenToClient
GetClassNameW
DeferWindowPos
BeginDeferWindowPos
EnumChildWindows
EndDeferWindowPos
OffsetRect
UnionRect
GetPropW
CallWindowProcW
IsZoomed
GetSystemMetrics
DestroyIcon
MessageBoxW
SetPropW

gdi32

SetMapMode
StartDocW
StartPage
GetDeviceCaps
EndPage
EndDoc
SetBkMode
SetTextColor
SelectObject
GetStockObject
GetObjectW
CreateFontIndirectW

comdlg32

PrintDlgW
GetOpenFileNameW
GetSaveFileNameW

advapi32

GetSidLengthRequired
RegEnumKeyExW
RegGetKeySecurity
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
InitializeSid
LookupAccountNameW
GetTokenInformation
OpenProcessToken
RegCreateKeyW
AllocateAndInitializeSid
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
LookupAccountSidW
GetLengthSid
EqualSid
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetAce
GetSecurityDescriptorDacl
IsValidSecurityDescriptor
RegEnumKeyW
RegCloseKey
RegQueryInfoKeyW
GetFileSecurityW
RegOpenKeyExW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
SHGetFileInfoW
ShellExecuteExW

ole32

CoInitializeEx

oleaut32

VariantChangeType
SetErrorInfo
GetErrorInfo
VariantClear
CreateErrorInfo
VariantInit
VarDateFromStr
SysStringLen
SysAllocStringByteLen
SysAllocString
SysFreeString

comctl32

ord17
ImageList_Create
ImageList_ReplaceIcon
ImageList_SetBkColor

netapi32

NetUserGetLocalGroups
NetApiBufferFree
NetWkstaUserGetInfo
NetUserGetGroups

mpr

WNetGetConnectionW

msvcrt

_ftol
swprintf
isspace
wcschr
_controlfp
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_CxxThrowException
malloc
toupper
swscanf
vswprintf
_wfopen
fgetwc
fclose
strlen
strcpy
wcscmp
_purecall
_wcsnicmp
iswspace
wcsncpy
_except_handler3
memset
wcscat
free
wcslen
_EH_prolog
__CxxFrameHandler
??3@YAXPAX@Z
qsort
memcpy
_wcsdup
wcscpy
_wcsicmp
realloc
??2@YAPAXI@Z

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/AdExplorer.chm
.chm
Windows Sysinternals Suite 2011.02.23/Autologon.exe
.exe windows:5 windows x86 arch:x86

4ce8081fec5118c8facf8bc0e3182f2f

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

22:c5:06:e6:82:45:b3:7d:93:5e:a2:89:1e:3c:bd:fa:6a:61:fc:f6
Signer

Actual PE Digest

22:c5:06:e6:82:45:b3:7d:93:5e:a2:89:1e:3c:bd:fa:6a:61:fc:f6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Misc\autolog\Release\Autologon.pdb

Imports

kernel32

GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetConsoleMode
CloseHandle
GetStringTypeW
LoadLibraryA
InterlockedExchange
FreeLibrary
SetConsoleCtrlHandler
RtlUnwind
CreateFileA
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapSize
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
SetFilePointer
FlushFileBuffers
CompareStringA
CompareStringW
LocalAlloc
LocalFree
GetModuleHandleW
GetCommandLineW
GetVersion
LoadLibraryW
GetProcAddress
GetConsoleCP
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetCurrentProcessId
HeapAlloc
GetLastError
HeapFree
GetCommandLineA
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
SetEnvironmentVariableA

user32

DialogBoxIndirectParamW
SetWindowTextW
InflateRect
SendMessageW
LoadIconW
RegisterClassExW
CreateDialogParamW
ShowWindow
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
DialogBoxParamW
GetDlgItemTextW
SetDlgItemTextW
GetWindowRect
OffsetRect
GetSystemMetrics
MoveWindow
GetDlgItem
LoadCursorW
GetSysColorBrush
GetSysColor
ChildWindowFromPoint
InvalidateRect
SetCursor
MessageBoxW
EndDialog
PostQuitMessage
DefWindowProcW

gdi32

GetDeviceCaps
SetMapMode
StartDocW
StartPage
EndPage
EndDoc
GetStockObject
GetObjectW
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

comdlg32

PrintDlgW

advapi32

OpenProcessToken
GetTokenInformation
LookupAccountSidW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
LsaOpenPolicy
LsaStorePrivateData
RegDeleteValueW
LsaClose
RegCloseKey
RegCreateKeyW

shell32

CommandLineToArgvW
ShellExecuteW

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/Bginfo.exe
.exe windows:5 windows x86 arch:x86

eff09afa7e526da6d25d5f8921e5e252

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:64:0f:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/01/2009, 01:58

Not After

20/03/2010, 02:08

Subject

CN=Microsoft Corporation,OU=AOC,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d8:a4:a2:d6:09:8c:cf:4a:1f:24:ab:74:07:06:9e:83:e6:07:9a:ff
Signer

Actual PE Digest

d8:a4:a2:d6:09:8c:cf:4a:1f:24:ab:74:07:06:9e:83:e6:07:9a:ff

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\BgInfo\Release\Bginfo.pdb

Imports

wsock32

WSAStartup

comctl32

CreateToolbarEx
ord17

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

snmpapi

SnmpSvcGetUptime
SnmpUtilOidCpy
SnmpUtilOidNCmp

kernel32

GlobalFlags
SetThreadPriority
ResumeThread
WaitForSingleObject
SetEvent
SuspendThread
CreateEventA
InterlockedExchange
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentProcessId
GetCPInfo
GetOEMCP
GetAtomNameA
GetThreadLocale
GetModuleHandleW
GetPrivateProfileIntA
lstrlenW
GetProcessHeap
HeapFree
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
CompareStringW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
SetStdHandle
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
DuplicateHandle
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetFileType
SetHandleCount
GetTimeZoneInformation
GetStdHandle
LCMapStringW
LCMapStringA
HeapDestroy
SetFilePointer
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
VirtualQuery
VirtualProtect
GetCommandLineA
SetEnvironmentVariableA
DeleteFileA
GetFileAttributesA
FreeLibrary
GetEnvironmentStrings
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCommandLineW
GetModuleHandleA
GetFullPathNameA
ExitProcess
GetModuleFileNameA
WaitForMultipleObjects
GetExitCodeProcess
TerminateProcess
OpenProcess
GetVersionExA
WideCharToMultiByte
CreateDirectoryA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
GetComputerNameA
LoadLibraryA
GetProcAddress
GlobalMemoryStatus
FileTimeToLocalFileTime
FileTimeToSystemTime
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount
SystemTimeToFileTime
GetLogicalDriveStringsA
GetDriveTypeA
SetErrorMode
GetVolumeInformationA
GetDiskFreeSpaceA
FindFirstFileA
FindClose
GetFileSize
ReadFile
GetEnvironmentVariableA
GetDateFormatA
GetTimeFormatA
GetWindowsDirectoryA
FindResourceA
LoadResource
SizeofResource
LockResource
ExpandEnvironmentStringsA
GetSystemInfo
GetCurrentThread
SetThreadAffinityMask
Sleep
GetCurrentProcess
GetProcessAffinityMask
GetLocalTime
CreateFileA
GetLastError
WriteFile
SetEndOfFile
CloseHandle
InterlockedDecrement
FormatMessageA
lstrlenA
LocalAlloc
GetSystemDirectoryA
LocalFree
InterlockedIncrement
WritePrivateProfileStringA
GetPrivateProfileStringA
GetCurrentDirectoryA
MoveFileA
GetStringTypeExA
lstrcmpiA
FlushFileBuffers
LockFile
UnlockFile
GetEnvironmentStringsW
HeapCreate
FatalAppExitA
IsValidCodePage
GetACP
CreateThread
ExitThread
HeapSize
GetStartupInfoA
VirtualAlloc
VirtualFree
RaiseException
HeapAlloc
HeapReAlloc
RtlUnwind
lstrcmpA
GetModuleFileNameW
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
CopyFileA
GlobalSize
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GetFileTime
GetFileSizeEx
SetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
GetFileAttributesExA
GetShortPathNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
SetLastError

user32

FillRect
SubtractRect
InflateRect
GetSysColor
SystemParametersInfoA
DrawEdge
DrawIconEx
SetCapture
RegisterClipboardFormatA
EnableMenuItem
CheckMenuItem
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
RegisterClassExA
SetWindowPlacement
IntersectRect
LoadAcceleratorsA
GetMessageA
GetActiveWindow
TranslateAcceleratorA
IsDialogMessageA
TranslateMessage
DispatchMessageA
GetWindowPlacement
DestroyWindow
GetMenu
GetMenuItemInfoA
SetMenuItemInfoA
GetWindow
GetSystemMetrics
GetDlgCtrlID
CopyRect
SetScrollInfo
GetScrollInfo
EqualRect
RegisterClassA
GetClassInfoA
GetClassInfoExA
GetMenuItemCount
GetMenuItemID
ShowScrollBar
GetScrollPos
SetScrollPos
GetScrollRange
SetScrollRange
SetMenu
GetKeyState
TrackPopupMenuEx
ScrollWindow
PeekMessageA
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
GetTopWindow
SetActiveWindow
GetLastActivePopup
GetForegroundWindow
IsWindow
GetFocus
RemovePropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
GetCapture
IsChild
WinHelpA
SendDlgItemMessageA
RegisterWindowMessageA
GetMenuState
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
RemoveMenu
InsertMenuA
AppendMenuA
GetMenuStringA
GetDlgItemInt
SetDlgItemInt
IsWindowEnabled
ScrollWindowEx
DestroyMenu
ClientToScreen
SetSysColors
ValidateRect
TabbedTextOutA
DrawTextExA
GrayStringA
GetWindowDC
GetWindowThreadProcessId
SetRectEmpty
UnregisterClassA
ShowOwnedPopups
DeleteMenu
DestroyIcon
CharUpperA
BringWindowToTop
CreatePopupMenu
InsertMenuItemA
ReleaseCapture
GetMenuBarInfo
ReuseDDElParam
UnpackDDElParam
SetRect
WindowFromPoint
GetKeyNameTextA
MapVirtualKeyA
IsRectEmpty
GetSystemMenu
SetParent
GetNextDlgTabItem
CreateDialogIndirectParamA
GetDCEx
LockWindowUpdate
GetDialogBaseUnits
SetTimer
LoadStringA
IsIconic
CheckMenuRadioItem
CreateDialogParamA
GetWindowTextLengthA
KillTimer
GetWindowTextA
IsZoomed
PtInRect
DrawFrameControl
DefWindowProcA
IsWindowVisible
GetCursorPos
LoadMenuA
GetSubMenu
SetMenuDefaultItem
SetForegroundWindow
TrackPopupMenu
AdjustWindowRectEx
SetWindowPos
UpdateWindow
ShowWindow
EnableWindow
CheckRadioButton
BeginPaint
EndPaint
DialogBoxParamA
GetDlgItemTextA
IsDlgButtonChecked
CheckDlgButton
LoadIconA
PostMessageA
ChildWindowFromPoint
SetFocus
MoveWindow
CreateWindowExA
FrameRect
MapWindowPoints
CallWindowProcA
SetDlgItemTextA
MessageBoxA
PostQuitMessage
SetWindowLongA
SetPropA
GetPropA
BeginDeferWindowPos
EnumChildWindows
EndDeferWindowPos
GetClientRect
UnionRect
GetParent
GetClassNameA
GetWindowLongA
InvalidateRect
DeferWindowPos
GetWindowRect
ScreenToClient
DialogBoxIndirectParamA
GetDlgItem
OffsetRect
GetSysColorBrush
GetUserObjectInformationA
GetProcessWindowStation
EndDialog
LoadCursorA
LoadImageA
GetDC
ReleaseDC
GetDesktopWindow
PostThreadMessageA
SendMessageA
SetWindowTextA
DrawTextA
SetCursor

gdi32

PatBlt
CreateFontA
ExtTextOutA
DPtoLP
CreateBitmap
GetMapMode
SetBkColor
EnumFontsA
CreateHalftonePalette
GetDIBColorTable
UpdateColors
SetTextColor
GetStockObject
CreateFontIndirectA
GetPixel
StartDocA
StartPage
EndPage
EndDoc
CreatePen
MoveToEx
LineTo
SetPixel
CreatePalette
GetPaletteEntries
SetDIBColorTable
UnrealizeObject
SelectPalette
RealizePalette
CreateSolidBrush
SetStretchBltMode
SetBrushOrgEx
StretchBlt
BitBlt
SetBkMode
DeleteDC
GetSystemPaletteEntries
GetNearestColor
GdiFlush
GetObjectA
GetDIBits
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
CreateDIBSection
GetDeviceCaps
GetDCOrgEx
GetClipBox
CopyMetaFileA
CreateDCA
GetTextExtentPoint32A
SaveDC
RestoreDC
SetPolyFillMode
SetROP2
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
SetArcDirection
SetColorAdjustment
SelectClipRgn
GetClipRgn
CreateRectRgn
SetMapMode
GetTextMetricsA
GetBkColor
CombineRgn
SetRectRgn
CreateRectRgnIndirect
StretchDIBits
GetCharWidthA
CreateHatchBrush
ExtCreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
CreatePatternBrush
CreateDIBPatternBrushPt
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
SelectClipPath

comdlg32

GetOpenFileNameA
ChooseColorA
PrintDlgA
GetSaveFileNameA
CommDlgExtendedError
GetFileTitleA

advapi32

RegSetValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyA
RegCreateKeyA
RegDeleteKeyA
RegEnumValueA
RegCreateKeyExA
StartServiceCtrlDispatcherA
OpenSCManagerA
CreateServiceA
OpenServiceA
StartServiceA
DeleteService
QueryServiceStatus
CloseServiceHandle
RegisterServiceCtrlHandlerA
SetServiceStatus
ImpersonateLoggedOnUser
CreateProcessAsUserA
RevertToSelf
RegOpenKeyA
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
EqualSid
FreeSid
RegDeleteValueA
RegSetValueExA
GetUserNameA
RegEnumKeyExA
RegQueryValueA

shell32

DragQueryFileA
SHChangeNotify
Shell_NotifyIconA
ShellExecuteA
SHAppBarMessage
ExtractIconA
SHGetFileInfoA
DragFinish

ole32

CLSIDFromString
CoInitializeEx
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CoDisconnectObject
StringFromGUID2
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoInitialize
CoUninitialize
OleRun
CoCreateInstance
CreateStreamOnHGlobal
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleInitialize
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
CreateBindCtx
OleRegGetUserType

oleaut32

CreateErrorInfo
SetErrorInfo
GetErrorInfo
SafeArrayGetLBound
LoadRegTypeLi
SafeArrayGetElement
VariantChangeType
SysAllocString
SysStringLen
OleLoadPicture
SystemTimeToVariantTime
VariantClear
VariantInit
VariantCopy
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
LoadTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SysReAllocStringLen
VarDateFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarCyFromStr
VarBstrFromDate
RegisterTypeLi
SafeArrayGetUBound

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathRemoveFileSpecW
PathRemoveExtensionA
PathFindExtensionA

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

Sections

.text
Size: 524KB - Virtual size: 523KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/Cacheset.exe
.exe windows:4 windows x86 arch:x86

439a3d1d985661e145989e94cd516315

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

70:62:b4:28:63:9e:25:d9:bc:20:7e:b0:2e:f0:eb:33:2a:ba:50:87
Signer

Actual PE Digest

70:62:b4:28:63:9e:25:d9:bc:20:7e:b0:2e:f0:eb:33:2a:ba:50:87

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
WriteFile
RtlUnwind
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
SetFilePointer
WideCharToMultiByte
LCMapStringA
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
TerminateProcess
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
GetCPInfo
GetACP
GetOEMCP
ReadFile
FlushFileBuffers
GetEnvironmentStrings
SetStdHandle
GetProcAddress
HeapDestroy
ExitProcess
LocalAlloc
LoadLibraryA
LocalFree
GetVersion
GetCurrentProcess
CloseHandle
GetModuleHandleA
FreeEnvironmentStringsW
HeapAlloc
HeapFree
GetStartupInfoA
GetCommandLineA
LCMapStringW

user32

MoveWindow
SetCursor
InflateRect
GetDlgItem
GetSysColorBrush
SetWindowTextA
SendMessageA
DialogBoxIndirectParamA
LoadIconA
LoadCursorA
RegisterClassExA
CreateWindowExA
CreateDialogParamA
ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA
IsDialogMessageA
wsprintfA
SetDlgItemTextA
SetTimer
GetDlgItemTextA
DefWindowProcA
MessageBoxA
EndDialog
PostQuitMessage
GetWindowRect
OffsetRect
GetSystemMetrics

gdi32

SetMapMode
StartDocA
StartPage
EndPage
EndDoc
GetDeviceCaps

comctl32

ord17

comdlg32

PrintDlgA

advapi32

RegCreateKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/Clockres.exe
.exe windows:5 windows x86 arch:x86

e9754b764a5673b45205a33e4429f966

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:64:0f:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/01/2009, 01:58

Not After

20/03/2010, 02:08

Subject

CN=Microsoft Corporation,OU=AOC,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8e:d2:08:b3:8d:e8:3f:41:99:af:c8:32:d0:29:d0:6c:2e:82:81:cf
Signer

Actual PE Digest

8e:d2:08:b3:8d:e8:3f:41:99:af:c8:32:d0:29:d0:6c:2e:82:81:cf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Misc\clockres\Release\Clockres.pdb

Imports

kernel32

SetStdHandle
WriteConsoleA
HeapSize
GetCommandLineW
GetConsoleOutputCP
WriteConsoleW
CloseHandle
CreateFileA
CompareStringA
CompareStringW
LocalAlloc
LocalFree
GetModuleHandleA
LoadLibraryA
GetLocaleInfoW
GetProcAddress
HeapAlloc
GetLastError
HeapFree
GetCommandLineA
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
DeleteCriticalSection
FatalAppExitA
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetTimeZoneInformation
SetEnvironmentVariableA

user32

DialogBoxIndirectParamA
GetDlgItem
GetSysColorBrush
EndDialog
SetWindowTextA
LoadCursorA
SetCursor
InflateRect
SendMessageA

gdi32

GetDeviceCaps
SetMapMode
StartDocA
StartPage
EndPage
EndDoc

comdlg32

PrintDlgA

advapi32

RegQueryValueExA
RegSetValueExA
RegCloseKey
RegCreateKeyA

Sections

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/Contig.exe
.exe windows:5 windows x86 arch:x86

7551b020ba5161a2b0a93682c2680b59

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b6:6b:68:a0:a7:df:8e:42:a6:02:aa:90:55:e5:2c:fb:85:f0:95:c6
Signer

Actual PE Digest

b6:6b:68:a0:a7:df:8e:42:a6:02:aa:90:55:e5:2c:fb:85:f0:95:c6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Contig\Release\Contig.pdb

Imports

kernel32

WriteFile
DeleteFileW
SetFilePointer
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetVersionExW
GetConsoleScreenBufferInfo
GetStdHandle
GetModuleHandleA
LoadLibraryA
GetFileSizeEx
GetCommandLineW
CompareStringW
CompareStringA
ReadFile
CreateFileA
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetFullPathNameW
GetCurrentDirectoryW
FindFirstFileW
FindNextFileW
FindClose
CloseHandle
GetFileSize
FlushFileBuffers
WaitForSingleObject
CreateFileW
GetLastError
FormatMessageW
LocalAlloc
LocalFree
HeapAlloc
HeapFree
Sleep
ExitProcess
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
FatalAppExitA
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
GetModuleFileNameA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
MultiByteToWideChar
RtlUnwind
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapSize
SetEnvironmentVariableA

user32

DialogBoxIndirectParamA
GetDlgItem
GetSysColorBrush
EndDialog
SetWindowTextA
LoadCursorA
SetCursor
InflateRect
SendMessageA

gdi32

SetMapMode
StartDocA
StartPage
EndPage
EndDoc
GetDeviceCaps

comdlg32

PrintDlgA

advapi32

RegQueryValueExA
RegSetValueExA
RegCloseKey
RegCreateKeyA

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/Coreinfo.exe
.exe windows:5 windows x86 arch:x86

bbc5274925e305e2123a42a3c7119c67

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5b:41:27:89:04:68:5d:2e:f7:0d:bf:d7:bc:96:5b:2e:fa:6d:8f:a3
Signer

Actual PE Digest

5b:41:27:89:04:68:5d:2e:f7:0d:bf:d7:bc:96:5b:2e:fa:6d:8f:a3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\src\Misc\Coreinfo\Release\Coreinfo.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

SetThreadPriority
GetStdHandle
GetLastError
GetProcAddress
GetNumaHighestNodeNumber
GetProcessWorkingSetSize
VirtualLock
SetProcessWorkingSetSize
GetSystemInfo
SetThreadAffinityMask
CloseHandle
GetVersion
DeleteFileW
LocalFree
ExpandEnvironmentStringsW
FindResourceW
GetModuleFileNameW
SizeofResource
CreateFileW
SetLastError
LockResource
LocalAlloc
ReadFile
GetProcessHeap
SetEndOfFile
CreateFileA
HeapSize
GetLocaleInfoA
GetFileAttributesW
LoadLibraryW
WriteFile
FormatMessageA
GetCurrentThread
WaitForSingleObject
GetModuleHandleW
GetCurrentProcess
QueryPerformanceCounter
CreateProcessW
GetNumaNodeProcessorMask
GetCommandLineW
LoadResource
LeaveCriticalSection
HeapAlloc
EnterCriticalSection
GetModuleHandleA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
ExitProcess
HeapFree
RaiseException
RtlUnwind
DeleteCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
MultiByteToWideChar
LCMapStringW
LoadLibraryA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetStringTypeA
GetStringTypeW

user32

SetCursor
DialogBoxIndirectParamW
LoadCursorW
InflateRect
GetDlgItem
EndDialog
GetSysColorBrush
SendMessageW
SetWindowTextW

gdi32

StartPage
GetDeviceCaps
SetMapMode
StartDocW
EndDoc
EndPage

comdlg32

PrintDlgW

advapi32

RegSetValueExW
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCreateKeyW
OpenProcessToken
RegQueryValueExW

Sections

.text
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 493KB - Virtual size: 493KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/DISKMON.HLP
Windows Sysinternals Suite 2011.02.23/DMON.SYS
.sys windows:4 windows x86 arch:x86

4a6a9a8e3dc1b05458f7523b9795055c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
ExInitializeNPagedLookasideList
IoDeleteDevice
KeInitializeSpinLock
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
NtClose
NtOpenFile
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
vsprintf
DbgPrint
ObfDereferenceObject
IoGetDeviceObjectPointer
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IoGetConfigurationInformation
InterlockedDecrement
ExInterlockedPushEntrySList
InterlockedIncrement
ExInterlockedPopEntrySList
KeQuerySystemTime
IofCompleteRequest
ExFreePool
sprintf
IoBuildDeviceIoControlRequest
RtlFreeUnicodeString

hal

KeQueryPerformanceCounter
KfAcquireSpinLock
KfReleaseSpinLock

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 928B - Virtual size: 926B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 640B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/Dbgview.exe
.exe windows:5 windows x86 arch:x86

6c426e7c6e3e940e5e5b74af51c68765

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:a4:fa:87:ac:06:3a:b1:86:f3:2f:b5:59:19:55:e9:c2:eb:b1:4d
Signer

Actual PE Digest

9c:a4:fa:87:ac:06:3a:b1:86:f3:2f:b5:59:19:55:e9:c2:eb:b1:4d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Src\DbgView\Exe\Release\Dbgview.pdb

Imports

ws2_32

htonl
bind
getsockname
listen
accept
inet_ntoa
WSAStartup
inet_addr
gethostbyaddr
htons
gethostbyname
socket
connect
WSAGetLastError
closesocket

mpr

WNetAddConnection2A
WNetCancelConnection2A

comctl32

ord17
CreateToolbarEx

kernel32

lstrlenA
GetTimeFormatA
InitializeCriticalSection
GetCurrentProcessId
GetComputerNameA
GetFullPathNameA
GetCommandLineA
GetVersion
GetOverlappedResult
WriteFile
ResetEvent
WaitForMultipleObjects
ReadFile
LockResource
SizeofResource
LoadResource
FindResourceA
LocalAlloc
GetCommandLineW
RaiseException
GetTickCount
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcpyA
lstrcatA
HeapFree
HeapAlloc
GetProcessHeap
GetDateFormatA
DosDateTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileSize
GlobalFree
WriteFileEx
QueueUserAPC
SleepEx
ExpandEnvironmentStringsA
SetFilePointer
FindFirstFileA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
GetModuleFileNameA
GetStdHandle
ExitProcess
Sleep
HeapReAlloc
VirtualAlloc
FatalAppExitA
DeleteCriticalSection
VirtualFree
HeapDestroy
HeapCreate
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
GetCurrentThread
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
GetCPInfo
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
CreateThread
ResumeThread
ExitThread
SearchPathA
FindClose
GlobalMemoryStatus
LoadLibraryA
FreeLibrary
CreateFileA
QueryPerformanceFrequency
GetLocaleInfoA
GetCurrentDirectoryA
GetSystemDirectoryA
DeviceIoControl
GetCurrentThreadId
WaitForSingleObject
TerminateThread
SetLastError
EnterCriticalSection
LeaveCriticalSection
OpenMutexA
CreateMutexA
CreateFileMappingA
MapViewOfFile
CreateEventA
UnmapViewOfFile
GetSystemTime
SystemTimeToFileTime
QueryPerformanceCounter
SetEvent
InterlockedIncrement
CloseHandle
lstrcpynA
GetLastError
FormatMessageA
LocalFree
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetEnvironmentVariableA
DeleteFileA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
InterlockedExchange
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
HeapSize
GetLocaleInfoW
SetEndOfFile
CompareStringA
CompareStringW
GetSystemTimeAsFileTime
SetEnvironmentVariableA

user32

BeginPaint
DrawTextA
EndPaint
GetFocus
ClientToScreen
ScreenToClient
GetDialogBaseUnits
DrawFocusRect
GetParent
IsDlgButtonChecked
PostMessageA
CheckRadioButton
DialogBoxIndirectParamA
InflateRect
RegisterClassExA
FindWindowA
LoadAcceleratorsA
RegisterWindowMessageA
MsgWaitForMultipleObjects
PeekMessageA
TranslateAcceleratorA
IsWindow
IsDialogMessageA
TranslateMessage
DispatchMessageA
GetMessageA
RegisterClassA
LoadBitmapA
SetTimer
LoadStringA
MoveWindow
DefWindowProcA
KillTimer
GetClientRect
InvalidateRgn
CreateDialogParamA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
CallWindowProcA
GetWindowThreadProcessId
SetWindowLongA
GetCursorPos
DestroyWindow
SetForegroundWindow
TrackPopupMenu
CreateWindowExA
UpdateWindow
SetWindowPos
SetDlgItemTextA
SendDlgItemMessageA
AttachThreadInput
AppendMenuA
SetMenuItemBitmaps
DialogBoxParamA
SetFocus
GetDlgItemTextA
SetCapture
ReleaseCapture
EnableMenuItem
DeleteMenu
GetWindowRect
IsIconic
IsZoomed
SendMessageA
GetSystemMetrics
LoadIconA
GetWindowTextA
ShowWindow
GetDC
GetMenuCheckMarkDimensions
ReleaseDC
PostQuitMessage
SetWindowTextA
EndDialog
GetDlgItem
LoadCursorA
GetSysColorBrush
GetSysColor
ChildWindowFromPoint
InvalidateRect
SetCursor
GetSubMenu
GetMenuItemCount
InsertMenuItemA
MessageBoxA
GetMenu
CheckMenuItem
EnableWindow
CheckDlgButton
ModifyMenuA

gdi32

CreateFontA
GetTextExtentPointA
TextOutA
AbortDoc
GetTextExtentPoint32A
ExtTextOutA
SetAbortProc
SetBkColor
GetDeviceCaps
SetMapMode
StartDocA
StartPage
EndPage
EndDoc
GetTextMetricsA
DeleteObject
SelectObject
SetTextColor
SetBkMode
CreateFontIndirectA
GetObjectA
GetStockObject
DeleteDC
StretchBlt
CreateCompatibleBitmap
CreateSolidBrush
CreateCompatibleDC

comdlg32

GetSaveFileNameA
GetOpenFileNameA
ChooseColorA
FindTextA
ChooseFontA
PrintDlgA

advapi32

OpenSCManagerA
DeleteService
ControlService
OpenServiceA
StartServiceA
QueryServiceStatus
CreateServiceA
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyA
RegQueryValueExA
RegCreateKeyA
RegDeleteValueA
RegSetValueExA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA

shell32

ShellExecuteExA
SHGetMalloc
SHGetSpecialFolderLocation
SHBrowseForFolderA
Shell_NotifyIconA
ShellExecuteA

Sections

.text
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/Desktops.exe
.exe windows:5 windows x86 arch:x86

c8681af63c4b3bc7041fe674efea6dd2

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

29:ec:a7:83:5f:13:86:b7:82:1b:50:f3:8a:9a:2f:12:83:5e:76:51
Signer

Actual PE Digest

29:ec:a7:83:5f:13:86:b7:82:1b:50:f3:8a:9a:2f:12:83:5e:76:51

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Desktops\Release\Desktops.pdb

Imports

kernel32

GetStringTypeA
LCMapStringW
LCMapStringA
LoadLibraryA
RtlUnwind
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetStringTypeW
GetCommandLineW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
WriteFile
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
ExitProcess
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
WideCharToMultiByte
LocalAlloc
LocalFree
CreateProcessW
GetVersion
CloseHandle
CreateEventW
GetProcAddress
GetLastError
GetModuleFileNameW
FormatMessageW
Sleep
LoadLibraryW
GetModuleHandleW
GetSystemWindowsDirectoryW
FreeEnvironmentStringsW
HeapReAlloc
VirtualAlloc
EnterCriticalSection
HeapFree
ExitThread
ResumeThread
CreateThread
HeapAlloc
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
GetModuleHandleA

user32

DialogBoxIndirectParamW
InflateRect
SetWindowTextW
CreateDesktopW
DestroyWindow
SetCursor
TranslateAcceleratorW
GetWindowRect
SetActiveWindow
GetMessageW
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
PostMessageW
GetKeyState
SetForegroundWindow
DialogBoxParamW
LoadCursorW
CallNextHookEx
OpenDesktopW
FindWindowW
GetClientRect
SetFocus
GetDC
TranslateMessage
LoadAcceleratorsW
ChildWindowFromPoint
LoadIconW
OffsetRect
InvalidateRect
BringWindowToTop
SystemParametersInfoW
ReleaseDC
GetDlgItem
EndDialog
GetSysColor
SetWindowPos
GetCursorPos
CheckDlgButton
ShowWindow
CreatePopupMenu
GetSysColorBrush
IsDlgButtonChecked
SwitchDesktop
SetThreadDesktop
CreateWindowExW
InsertMenuW
SetWindowsHookExW
MessageBoxW
RegisterClassW
GetSystemMetrics
SendMessageW
UnregisterHotKey
DestroyMenu
RegisterHotKey
DefWindowProcW
MoveWindow
DispatchMessageW
GetWindowPlacement

gdi32

StartPage
GetDeviceCaps
SetMapMode
StartDocW
EndDoc
BitBlt
SetTextColor
DeleteDC
CreateFontIndirectW
StretchBlt
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
SetStretchBltMode
GetStockObject
EndPage

comdlg32

PrintDlgW

advapi32

RegCreateKeyW
RegSetValueExW
RegCloseKey
GetSecurityDescriptorSacl
RegOpenKeyExW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteValueW
RegOpenKeyW
RegQueryValueExW
RegCreateKeyExW

shell32

ShellExecuteW
Shell_NotifyIconW

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/Disk2vhd.chm
.chm
Windows Sysinternals Suite 2011.02.23/DiskView.exe
.exe windows:5 windows x86 arch:x86

84e4b934930a4a3de022531392bdce11

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

48:4a:a2:5b:b7:a4:dd:04:56:31:a4:6d:8d:ad:ff:fc:4e:10:cb:1d
Signer

Actual PE Digest

48:4a:a2:5b:b7:a4:dd:04:56:31:a4:6d:8d:ad:ff:fc:4e:10:cb:1d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Diskview\Release\DiskView.pdb

Imports

comctl32

ord17
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Create

kernel32

WideCharToMultiByte
MultiByteToWideChar
GetDriveTypeW
GetLogicalDriveStringsW
GetVersionExW
SetErrorMode
LocalFree
LocalAlloc
HeapAlloc
RtlUnwind
GetCurrentProcess
FindResourceW
LoadResource
lstrlenW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
ReadFile
GetProcessHeap
SetEndOfFile
CreateFileA
LoadLibraryA
InterlockedExchange
FreeLibrary
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringA
InitializeCriticalSectionAndSpinCount
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SizeofResource
FlushFileBuffers
SetStdHandle
GetSystemTimeAsFileTime
GetDiskFreeSpaceW
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
GetModuleHandleA
HeapSize
GetModuleFileNameA
ExitProcess
Sleep
GetFileType
GetStdHandle
SetHandleCount
VirtualAlloc
VirtualFree
HeapDestroy
HeapCreate
FatalAppExitA
GetCurrentThread
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
WriteFile
GetStartupInfoA
GetCommandLineA
CreateThread
ResumeThread
ExitThread
HeapFree
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LockResource
DeviceIoControl
FindNextFileW
CreateFileW
InterlockedDecrement
FormatMessageW
GetLastError
FindFirstFileW
FindClose
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedIncrement
GetModuleFileNameW
GetFileAttributesW
ExpandEnvironmentStringsW
GetCommandLineW
CreateProcessW
DeleteFileW
GetExitCodeProcess
WaitForSingleObject
CloseHandle
GetModuleHandleW
GetCurrentProcessId
GetProcAddress
SetFilePointer
HeapReAlloc

user32

SendMessageW
ShowWindow
CreatePopupMenu
InsertMenuItemW
GetCursorPos
TrackPopupMenu
LoadImageW
DialogBoxIndirectParamW
SetWindowTextW
SetCursor
InflateRect
LoadIconW
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
TranslateMessage
IsDialogMessageW
DispatchMessageW
PostQuitMessage
CheckDlgButton
CreateDialogParamW
GetMenu
CheckMenuItem
GetDlgItemTextW
DialogBoxParamW
LoadCursorW
RegisterClassExW
CreateWindowExW
CallWindowProcW
IsZoomed
PtInRect
DrawFrameControl
GetWindowTextW
GetSysColorBrush
SetWindowLongW
ChildWindowFromPoint
SetCapture
ReleaseCapture
EnableWindow
SetTimer
KillTimer
SetForegroundWindow
DestroyWindow
SetFocus
GetDlgItemInt
SetDlgItemInt
SetDlgItemTextW
GetScrollInfo
IsWindowEnabled
DrawTextW
SetScrollInfo
GetFocus
DrawFocusRect
ScrollWindowEx
UpdateWindow
DefWindowProcW
BeginPaint
GetDlgItem
MapWindowPoints
FillRect
EndPaint
EndDialog
SetPropW
GetPropW
BeginDeferWindowPos
EnumChildWindows
EndDeferWindowPos
GetClientRect
GetSystemMetrics
UnionRect
GetParent
GetClassNameW
GetWindowLongW
InvalidateRect
DeferWindowPos
GetWindowRect
ScreenToClient
GetSysColor
OffsetRect
GetDC
ReleaseDC
MessageBoxW

gdi32

SetMapMode
StartDocW
StartPage
EndPage
EndDoc
GetObjectW
CreateFontIndirectW
GetStockObject
PolyPolygon
SetTextColor
SetBkColor
SetBkMode
CreateCompatibleBitmap
BitBlt
CreateDIBSection
CreateCompatibleDC
SelectObject
DeleteDC
DeleteObject
CreateSolidBrush
GetDeviceCaps

comdlg32

GetOpenFileNameW
GetSaveFileNameW
PrintDlgW

advapi32

RegCloseKey
RegCreateKeyW
RegQueryValueExW
RegSetValueExW

shell32

CommandLineToArgvW
ShellExecuteW

ole32

CreateBindCtx

oleaut32

VariantChangeType
VariantClear
VariantInit
SetErrorInfo
GetErrorInfo
CreateErrorInfo
SysAllocStringByteLen
SysAllocString
SysStringLen
SysFreeString

Sections

.text
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 318KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/Diskmon.exe
.exe windows:4 windows x86 arch:x86

934543d446cf80015b5041258a567c79

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

d9:1d:76:f1:e5:4d:32:a7:63:bf:f3:f9:f1:5e:29:49:6f:c0:d0:c4
Signer

Actual PE Digest

d9:1d:76:f1:e5:4d:32:a7:63:bf:f3:f9:f1:5e:29:49:6f:c0:d0:c4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17
CreateToolbarEx

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

GetLastError
GetUserDefaultLangID
SetLastError
LeaveCriticalSection
EnterCriticalSection
lstrlenW
CreateFileA
InitializeCriticalSection
WideCharToMultiByte
MultiByteToWideChar
lstrcpynA
LocalAlloc
SetEndOfFile
ReadFile
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
SetStdHandle
SetFilePointer
Sleep
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
TerminateProcess
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
TlsAlloc
GetCurrentThreadId
HeapReAlloc
VirtualAlloc
DeleteCriticalSection
VirtualFree
HeapCreate
HeapDestroy
ExitProcess
GetCommandLineA
GetStartupInfoA
InterlockedIncrement
InterlockedDecrement
ExitThread
TlsSetValue
CreateThread
ResumeThread
RtlUnwind
OpenProcess
ReadProcessMemory
CloseHandle
GetModuleHandleA
GetProcessHeap
HeapAlloc
lstrcpyA
lstrlenA
HeapFree
lstrcatA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GetTickCount
GetVersion
GetCurrentProcess
GetSystemTime
SystemTimeToFileTime
LoadLibraryA
GetProcAddress
FreeLibrary
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTimeFormatA
FormatMessageA
LocalFree
WriteFile

user32

OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetFocus
DrawTextA
LoadCursorA
InvalidateRect
GetDlgItemTextA
EnableWindow
IsWindowEnabled
SetDlgItemTextA
GetSysColorBrush
ChildWindowFromPoint
GetSysColor
ClientToScreen
GetDlgItem
MoveWindow
GetWindowRect
GetParent
SetCursor
CallWindowProcA
GetClientRect
DrawIconEx
SetWindowLongA
SetWindowTextA
DestroyIcon
IsZoomed
DialogBoxIndirectParamA
InflateRect
ScreenToClient
CheckDlgButton
IsDlgButtonChecked
CheckRadioButton
RegisterWindowMessageA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
IsDialogMessageA
TranslateMessage
DispatchMessageA
CreateWindowExA
UpdateWindow
LoadIconA
RegisterClassA
SetCapture
DialogBoxParamA
ReleaseCapture
SetTimer
SetFocus
GetMenu
CheckMenuItem
GetCursorPos
LoadMenuA
GetSubMenu
TrackPopupMenu
DestroyMenu
EnableMenuItem
LoadStringA
GetDC
GetSystemMetrics
ReleaseDC
WinHelpA
SetWindowPos
PostMessageA
ShowWindow
InvalidateRgn
KillTimer
DefWindowProcA
SendMessageA
DestroyWindow
MessageBoxA
PostQuitMessage
EndDialog
IsIconic

gdi32

EndDoc
EndPage
ExtTextOutA
StartDocA
SetMapMode
GetDeviceCaps
GetTextExtentPoint32A
SetBkColor
SelectObject
SetTextColor
SetBkMode
CreateFontIndirectA
GetObjectA
GetStockObject
DeleteObject
CreateCompatibleDC
GetTextMetricsA
StartPage
CreateSolidBrush

comdlg32

GetSaveFileNameA
FindTextA
ChooseColorA
ChooseFontA
PrintDlgA

advapi32

LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
LookupAccountSidW
RegOpenKeyA
RegSetValueExA
RegCreateKeyA
RegQueryValueExA
GetTokenInformation
LookupAccountSidA
AdjustTokenPrivileges

shell32

SHGetFileInfoA
Shell_NotifyIconA
ShellExecuteA

ole32

CoCreateInstance
CoInitialize
CoSetProxyBlanket

oleaut32

SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
VariantChangeType
SafeArrayGetElement
VariantInit
VariantClear
SysAllocString
SysFreeString
SafeArrayGetLBound

Sections

.text
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/Eula.txt
Windows Sysinternals Suite 2011.02.23/Listdlls.exe
.exe windows:5 windows x86 arch:x86

4ff6022b1b3c921ab5e72c87a0ce41cb

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0e:11:c2:e3:2f:a6:5d:6a:ee:17:21:57:b7:7e:c7:74:c5:0e:d2:55
Signer

Actual PE Digest

0e:11:c2:e3:2f:a6:5d:6a:ee:17:21:57:b7:7e:c7:74:c5:0e:d2:55

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\ListDLLs\Release\Listdlls.pdb

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA

imagehlp

ImageNtHeader
EnumerateLoadedModules64
SymInitialize
SymSetOptions

kernel32

CreateProcessA
GetCommandLineA
ExpandEnvironmentStringsA
GetFileAttributesA
GetModuleFileNameA
GetSystemInfo
WideCharToMultiByte
GetLastError
FormatMessageA
ReadFile
CreateFileA
ReadProcessMemory
OpenProcess
GetVersion
WaitForSingleObject
SizeofResource
LoadResource
FindResourceA
SetLastError
FlushFileBuffers
SetStdHandle
GetLocaleInfoW
HeapSize
GetTimeZoneInformation
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
DeleteFileA
CloseHandle
GetCurrentProcess
GetProcAddress
GetCommandLineW
LoadLibraryA
LocalAlloc
GetModuleHandleA
LocalFree
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
GetProcessHeap
CompareStringA
CompareStringW
LockResource
ExitProcess
HeapAlloc
HeapFree
GetModuleHandleW
Sleep
SetEnvironmentVariableA
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
WriteFile
GetStdHandle
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
GetCurrentThread
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
InitializeCriticalSectionAndSpinCount
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetConsoleCP
GetConsoleMode
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetStringTypeA
GetStringTypeW
GetTimeFormatA

user32

DialogBoxIndirectParamA
GetDlgItem
GetSysColorBrush
EndDialog
SetWindowTextA
LoadCursorA
SetCursor
InflateRect
SendMessageA

gdi32

SetMapMode
StartDocA
StartPage
EndPage
EndDoc
GetDeviceCaps

comdlg32

PrintDlgA

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegDeleteKeyA

Sections

.text
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/LoadOrd.exe
.exe windows:4 windows x86 arch:x86

7e882ca50ab916f7ae8f8efa861ef033

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2d:a4:06:d8:20:68:53:e6:36:1a:15:07:37:5a:98:61:b7:0b:22:b7
Signer

Actual PE Digest

2d:a4:06:d8:20:68:53:e6:36:1a:15:07:37:5a:98:61:b7:0b:22:b7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
GetStdHandle
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
HeapFree
HeapAlloc
GetFileType
RtlUnwind
WriteFile
GetStringTypeA
GetStringTypeW
SetFilePointer
GetProcAddress
SetStdHandle
GlobalUnlock
FlushFileBuffers
GetModuleHandleA
LocalAlloc
LoadLibraryA
LocalFree
GetLastError
Sleep
GlobalAlloc
GlobalLock
HeapDestroy
CloseHandle

user32

MoveWindow
SetCursor
InflateRect
GetSysColorBrush
EndDialog
SetWindowTextA
DialogBoxIndirectParamA
LoadIconA
LoadCursorA
RegisterClassExA
UpdateWindow
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
PostQuitMessage
CreateWindowExA
GetDlgItem
EnableWindow
MessageBoxA
DefWindowProcA
GetClientRect
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
FindWindowA
WaitForInputIdle
ShowWindow
SetForegroundWindow
FindWindowExA
SetFocus
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SendMessageA

gdi32

StartDocA
EndPage
EndDoc
GetStockObject
CreateDCA
GetDeviceCaps
DeleteDC
SetMapMode
StartPage

comdlg32

PrintDlgA

advapi32

RegSetValueExA
RegOpenKeyExA
RegEnumKeyA
RegQueryValueExA
RegCloseKey
RegCreateKeyA

shell32

ShellExecuteExA

comctl32

ord6
ord17

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/PORTMON.CNT
Windows Sysinternals Suite 2011.02.23/PORTMON.HLP
Windows Sysinternals Suite 2011.02.23/ProcFeatures.exe
.exe windows:4 windows x86 arch:x86

83143505850db450c1611bd911c8dc28

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

37:4e:97:f1:50:5a:93:6f:0d:75:2e:f2:56:1e:c7:06:8c:67:d1:17
Signer

Actual PE Digest

37:4e:97:f1:50:5a:93:6f:0d:75:2e:f2:56:1e:c7:06:8c:67:d1:17

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
FlushFileBuffers
SetStdHandle
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
GetStringTypeA
GetOEMCP
GetCPInfo
SetFilePointer
GetModuleHandleA
LocalAlloc
LoadLibraryA
LocalFree
GetACP
IsProcessorFeaturePresent
HeapAlloc
HeapFree
GetCommandLineA
GetVersion
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
RtlUnwind
WriteFile
GetLastError
CloseHandle

user32

DialogBoxIndirectParamA
LoadCursorA
SetCursor
InflateRect
GetDlgItem
GetSysColorBrush
EndDialog
SetWindowTextA
SendMessageA

gdi32

StartPage
GetDeviceCaps
SetMapMode
StartDocA
EndPage
EndDoc

comdlg32

PrintDlgA

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyA

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/Procmon.exe
.exe windows:5 windows x86 arch:x86

506d10c3b5fec0b538e5afdef8e7c78b

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c4:eb:ba:11:cb:73:9e:c4:3b:6e:8a:bb:7b:4d:43:57:f0:ac:23:c9
Signer

Actual PE Digest

c4:eb:ba:11:cb:73:9e:c4:3b:6e:8a:bb:7b:4d:43:57:f0:ac:23:c9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\ProcMon\exe\Release\Procmon.pdb

Imports

ws2_32

send
socket
bind
listen
accept
closesocket
gethostbyname
getservbyname
inet_ntoa
inet_addr
htonl
getservbyport
htons
WSASetLastError
gethostbyaddr
WSAStartup
ntohs
connect
WSAGetLastError
getsockname
recv

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

comctl32

CreateStatusWindowW
ImageList_Add
ImageList_GetIconSize
ImageList_GetIcon
CreateToolbarEx
InitCommonControlsEx
ImageList_Destroy
ord17
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Create
ImageList_DrawEx
ImageList_SetOverlayImage

psapi

GetProcessMemoryInfo

kernel32

MapViewOfFile
UnmapViewOfFile
SetEndOfFile
CreateFileW
CreateFileMappingW
GetDateFormatW
SystemTimeToFileTime
WriteFile
FormatMessageW
GetTimeFormatW
FileTimeToSystemTime
ReadFile
GetNumberFormatW
FileTimeToLocalFileTime
GetVersion
LocalFileTimeToFileTime
ExitProcess
GetComputerNameA
HeapAlloc
QueryPerformanceCounter
HeapFree
SetEvent
GetCurrentThread
HeapDestroy
HeapCreate
SetThreadPriority
ReleaseSemaphore
HeapSize
ResetEvent
CreateSemaphoreW
CreateEventW
WaitForMultipleObjects
QueryPerformanceFrequency
TryEnterCriticalSection
SetConsoleCtrlHandler
GetFileAttributesExW
SetProcessShutdownParameters
GetThreadContext
OpenThread
GetCurrentProcessId
GetSystemDirectoryA
LoadLibraryA
MulDiv
FindFirstFileW
FindClose
FindNextFileW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsA
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
FatalAppExitA
RaiseException
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetCurrentThreadId
ResumeThread
ExitThread
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
lstrlenW
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
GetConsoleMode
SetHandleCount
GetFileType
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
SetFilePointer
GetFileSize
GlobalUnlock
CompareStringW
GetLocaleInfoW
GlobalAlloc
GlobalLock
OpenProcess
CreateProcessW
LoadLibraryExW
FreeLibrary
EnumResourceNamesW
GlobalAddAtomW
CreateThread
GetSystemInfo
GlobalMemoryStatusEx
GetFileAttributesW
GetVersionExW
Sleep
GetSystemTimeAsFileTime
VirtualFree
GetTickCount
WaitForSingleObject
GetFullPathNameW
LocalFree
LocalAlloc
GetCommandLineW
ExpandEnvironmentStringsW
SetFileAttributesW
DeleteFileW
CloseHandle
LockResource
SetLastError
GetCurrentDirectoryW
GetLastError
SizeofResource
GetSystemDirectoryW
GetCurrentProcess
InterlockedIncrement
LoadResource
FindResourceW
GetConsoleCP
VirtualAlloc
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetProcAddress
GetModuleFileNameW
LoadLibraryW
GetModuleHandleW
InterlockedDecrement
TlsFree
GetCPInfo
GetEnvironmentStringsW
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
InterlockedExchange
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
FlushFileBuffers
GetTimeZoneInformation
GetProcessHeap
CreateFileA
CompareStringA
SetEnvironmentVariableA
GetACP
GetOEMCP
IsValidCodePage
GetComputerNameW
VirtualQuery

user32

LoadMenuW
GetClassNameW
EnableMenuItem
EnumChildWindows
CreatePopupMenu
LoadBitmapW
CreateDialogParamW
SetMenuInfo
GetMenuItemCount
SetMenuDefaultItem
CheckRadioButton
InsertMenuW
EqualRect
DeferWindowPos
BeginDeferWindowPos
SetWindowTextA
GetDlgItemTextW
DestroyMenu
EndDeferWindowPos
DrawFrameControl
CheckMenuItem
DispatchMessageW
GetActiveWindow
GetWindow
GetShellWindow
CloseClipboard
LoadImageW
EmptyClipboard
OpenClipboard
SetClipboardData
IsIconic
WaitForInputIdle
FindWindowW
FindWindowExW
GetWindowThreadProcessId
CreateIconFromResourceEx
SetPropW
GetCapture
SetWindowPos
GetPropW
ClientToScreen
DestroyWindow
ScreenToClient
FillRect
DrawIconEx
GetFocus
InvalidateRgn
SetFocus
UnionRect
GetDoubleClickTime
ScrollWindowEx
SetClassLongW
GetCursorPos
CheckDlgButton
FrameRect
IsDlgButtonChecked
RegisterClassW
IsWindowVisible
DestroyIcon
IntersectRect
SetTimer
PostMessageW
GetAncestor
GetDesktopWindow
GetSystemMetrics
UpdateWindow
EnableWindow
LoadStringW
SetCursor
DialogBoxIndirectParamW
InflateRect
SetWindowTextW
FlashWindowEx
OffsetRect
GetWindowPlacement
IsDialogMessageW
GetMenu
SetDlgItemInt
LoadAcceleratorsW
GetWindowDC
WindowFromPoint
GetUpdateRgn
GetKeyState
DialogBoxParamW
MessageBoxW
GetDC
ReleaseDC
EndPaint
GetWindowRect
SetCapture
DrawTextW
SetScrollInfo
SetWindowPlacement
TranslateAcceleratorW
GetDlgItemInt
SetActiveWindow
GetMessageW
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
KillTimer
IsZoomed
GetSubMenu
DeleteMenu
MessageBeep
IsWindowEnabled
GetMenuItemInfoW
InsertMenuItemW
PtInRect
GetClassLongW
GetParent
LoadCursorW
GetClientRect
BeginPaint
ChildWindowFromPoint
RegisterClassExW
InvalidateRect
GetWindowLongW
GetWindowTextW
GetDlgItem
SetWindowLongW
EndDialog
GetSysColor
ShowWindow
GetSysColorBrush
CreateWindowExW
ReleaseCapture
SetDlgItemTextW
SendMessageW
MapWindowPoints
DefWindowProcW
MoveWindow
CallWindowProcW
GetScrollInfo
GetIconInfo
LoadIconW
TranslateMessage
SetForegroundWindow

gdi32

Rectangle
SaveDC
SetROP2
RestoreDC
SelectClipRgn
RectInRegion
CreateRectRgn
GetTextMetricsW
GdiFlush
SetPixel
CreateFontW
GetPixel
MoveToEx
LineTo
Polygon
CreateCompatibleBitmap
Polyline
CreatePen
GetStockObject
GetBkColor
CreateSolidBrush
EndPage
StartPage
GetDeviceCaps
SetMapMode
StartDocW
EndDoc
BitBlt
DeleteDC
CreateDIBSection
SetBkColor
DeleteObject
CreateCompatibleDC
SetTextColor
CreateFontIndirectW
SetBkMode
CreateRectRgnIndirect
GetObjectW
SelectObject

comdlg32

PrintDlgW
ChooseColorW
FindTextW
GetOpenFileNameW
ChooseFontW
GetSaveFileNameW

advapi32

RegQueryValueExA
GetSecurityDescriptorLength
RegEnumValueW
ConvertStringSidToSidW
LsaFreeMemory
ConvertSidToStringSidW
GetLengthSid
RegOpenKeyExW
FreeSid
AllocateAndInitializeSid
LsaClose
DuplicateTokenEx
LookupAccountSidW
EqualSid
RegSetValueW
RegCreateKeyExW
RegEnumKeyW
GetTokenInformation
LsaEnumerateAccountRights
LsaOpenPolicy
MapGenericMask
RegSetValueExW
RegCloseKey
AdjustTokenPrivileges
RegDeleteValueW
LookupPrivilegeValueW
RegDeleteKeyW
RegOpenKeyW
RegQueryValueExW
RegCreateKeyW
OpenProcessToken
RegOpenKeyExA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
CommandLineToArgvW
DragQueryFileW
SHGetMalloc
ShellExecuteW
SHChangeNotify
SHBrowseForFolderW
ShellExecuteExW
SHGetFileInfoW
SHAppBarMessage

ole32

CoCreateInstance
CoSetProxyBlanket
CoInitialize
OleInitialize
ReleaseStgMedium
RegisterDragDrop
CreateBindCtx

oleaut32

CreateErrorInfo
GetErrorInfo
SysStringByteLen
SysAllocStringLen
VariantTimeToSystemTime
SafeArrayGetUBound
SafeArrayUnaccessData
SafeArrayGetElement
VariantChangeType
VariantInit
SafeArrayDestroy
SafeArrayAccessData
VariantClear
SafeArrayGetLBound
SysAllocStringByteLen
SysStringLen
SysFreeString
SysAllocString
SetErrorInfo

shlwapi

SHAutoComplete

Sections

.text
Size: 846KB - Virtual size: 846KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/PsExec.exe
.exe windows:5 windows x86 arch:x86

a04dd9f5ee88d7774203e0a0cfa1b941

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

14:32:e4:ad:0e:d7:35:5e:37:df:24:21:cd:1a:8f:3b:b9:33:92:3f
Signer

Actual PE Digest

14:32:e4:ad:0e:d7:35:5e:37:df:24:21:cd:1a:8f:3b:b9:33:92:3f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Pstools\psexec\EXE\Release\psexec.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

netapi32

NetApiBufferFree
NetServerEnum

ws2_32

WSAStartup
gethostname
inet_ntoa
gethostbyname

mpr

WNetAddConnection2W
WNetCancelConnection2W

kernel32

GetModuleFileNameW
SetEvent
ConnectNamedPipe
GetFileAttributesW
DisconnectNamedPipe
ReadConsoleW
ReadFile
GetFileTime
WaitNamedPipeW
SetFileAttributesW
CopyFileW
WaitForMultipleObjects
SetConsoleTitleW
DuplicateHandle
GetCurrentProcessId
TransactNamedPipe
SetNamedPipeHandleState
GetVersion
CreateEventW
GetExitCodeProcess
ResumeThread
SetProcessAffinityMask
GetEnvironmentVariableW
GetFullPathNameW
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeA
SetFilePointer
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
LoadResource
GetCurrentProcess
MultiByteToWideChar
WaitForSingleObject
GetComputerNameW
GetSystemDirectoryW
DeleteFileW
FindResourceW
SizeofResource
LockResource
GetConsoleScreenBufferInfo
LoadLibraryExW
FormatMessageA
GetStdHandle
WriteFile
FreeLibrary
CreateFileW
CloseHandle
GetTickCount
SetEnvironmentVariableA
Sleep
SetLastError
GetLastError
GetCommandLineW
LocalAlloc
GetModuleHandleW
LocalFree
SetPriorityClass
LoadLibraryW
GetProcAddress
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize
GetLocaleInfoW
GetTimeZoneInformation
SetEndOfFile
GetProcessHeap
CompareStringA
CompareStringW
SetConsoleCtrlHandler
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
ExitThread
GetCurrentThreadId
CreateThread
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ExitProcess
DeleteCriticalSection
FatalAppExitA
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
GetModuleFileNameA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThread
SetHandleCount
GetFileType
GetStartupInfoA
WideCharToMultiByte
GetConsoleCP
RtlUnwind
CreateFileA
FlushFileBuffers
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetStringTypeW
LCMapStringA

user32

LoadCursorW
SetCursor
SetWindowTextW
SendMessageW
EndDialog
GetSysColorBrush
GetDlgItem
DialogBoxIndirectParamW
InflateRect

gdi32

GetDeviceCaps
SetMapMode
StartDocW
StartPage
EndPage
EndDoc

comdlg32

PrintDlgW

advapi32

InitializeAcl
CreateProcessAsUserW
OpenProcessToken
AdjustTokenPrivileges
LogonUserW
ImpersonateLoggedOnUser
RegConnectRegistryW
RevertToSelf
DeleteService
ControlService
OpenSCManagerW
OpenServiceW
StartServiceW
QueryServiceStatus
CreateServiceW
CloseServiceHandle
RegCreateKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
AllocateAndInitializeSid
GetTokenInformation
GetLengthSid
SetTokenInformation
GetSecurityInfo
GetAce
AddAce
AddAccessAllowedAce
SetSecurityInfo
FreeSid
LsaOpenPolicy
LsaEnumerateAccountRights
LookupPrivilegeValueW
LsaFreeMemory
LsaClose

Sections

.text
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/PsGetsid.exe
.exe windows:5 windows x86 arch:x86

a29a3eeb3909714dbdb858ef1c800f15

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

56:ab:69:90:d6:2b:c6:d9:68:3b:d4:ef:5b:ee:04:f3:21:eb:91:a3
Signer

Actual PE Digest

56:ab:69:90:d6:2b:c6:d9:68:3b:d4:ef:5b:ee:04:f3:21:eb:91:a3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Pstools\psgetsid\EXE\Release\psgetsid.pdb

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

netapi32

NetApiBufferFree
NetServerEnum

ws2_32

WSAStartup
gethostname
inet_ntoa
gethostbyname

mpr

WNetAddConnection2A
WNetCancelConnection2A

kernel32

FindResourceA
DeleteFileA
GetSystemDirectoryA
WaitForSingleObject
GetCurrentProcess
WideCharToMultiByte
GetModuleFileNameA
SetEvent
ConnectNamedPipe
lstrlenA
lstrcpyA
LoadResource
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SizeofResource
LockResource
GetConsoleScreenBufferInfo
LoadLibraryExA
CloseHandle
FormatMessageA
GetStdHandle
FreeLibrary
GetTickCount
Sleep
SetLastError
GetVersion
GetCommandLineA
GetFullPathNameA
GetComputerNameA
CreateFileA
GetLastError
WriteFile
ReadFile
GetProcAddress
GetCommandLineW
LocalAlloc
LoadLibraryA
LocalFree
GetModuleHandleA
EnumSystemLocalesA
SetEnvironmentVariableA
IsValidLocale
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
HeapSize
GetLocaleInfoW
GetTimeZoneInformation
SetEndOfFile
GetProcessHeap
CompareStringA
CompareStringW
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GetModuleHandleW
ExitProcess
ExitThread
GetCurrentThreadId
CreateThread
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThread
LCMapStringA
MultiByteToWideChar
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
FatalAppExitA
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
FlushFileBuffers
SetConsoleCtrlHandler
InterlockedExchange
InitializeCriticalSectionAndSpinCount
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings

user32

SetWindowTextA
LoadCursorA
EndDialog
InflateRect
SendMessageA
GetSysColorBrush
GetDlgItem
DialogBoxIndirectParamA
wsprintfA
SetCursor

gdi32

GetDeviceCaps
StartDocA
StartPage
EndPage
EndDoc
SetMapMode

comdlg32

PrintDlgA

advapi32

LogonUserA
LsaOpenPolicy
LsaNtStatusToWinError
LsaQueryInformationPolicy
LsaClose
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
ImpersonateLoggedOnUser
RegConnectRegistryA
RevertToSelf
DeleteService
ControlService
OpenSCManagerA
OpenServiceA
StartServiceA
QueryServiceStatus
CreateServiceA
CloseServiceHandle
LookupAccountSidA
LookupAccountNameA
RegCreateKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey

Sections

.text
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/PsInfo.exe
.exe windows:5 windows x86 arch:x86

b5b9a3c9f35a81554e2618a8297dca2e

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

59:14:c9:4c:1c:60:aa:23:d4:52:0f:d8:42:69:f2:77:5f:49:7e:34
Signer

Actual PE Digest

59:14:c9:4c:1c:60:aa:23:d4:52:0f:d8:42:69:f2:77:5f:49:7e:34

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Pstools\Psinfo\Exe\Release\Psinfo.pdb

Imports

pdh

PdhOpenQueryW
PdhAddCounterW
PdhCollectQueryData
PdhGetFormattedCounterValue
PdhCloseQuery

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

netapi32

NetServerEnum
NetApiBufferFree

ws2_32

inet_ntoa
WSAStartup
gethostbyname
gethostname

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

GetTickCount
CloseHandle
CreateFileW
FreeLibrary
WriteFile
GetStdHandle
FormatMessageA
LoadLibraryExW
GetConsoleScreenBufferInfo
LockResource
SizeofResource
LoadResource
FindResourceW
DeleteFileW
GetSystemDirectoryW
GetComputerNameW
WaitForSingleObject
MultiByteToWideChar
Sleep
GetVersion
GetModuleFileNameW
SetEvent
ConnectNamedPipe
ReadFile
GetDateFormatW
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
LCMapStringA
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
SetLastError
GetLastError
GetProcAddress
GetCommandLineW
LocalAlloc
LocalFree
LoadLibraryW
SetErrorMode
GetModuleHandleW
GetLogicalDrives
GetVolumeInformationW
GetDriveTypeW
GetDiskFreeSpaceExW
SetFilePointer
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize
GetLocaleInfoW
GetTimeZoneInformation
SetEndOfFile
GetProcessHeap
CompareStringA
CompareStringW
GetCurrentProcess
InterlockedExchange
SetConsoleCtrlHandler
FlushFileBuffers
CreateFileA
RtlUnwind
GetConsoleCP
WideCharToMultiByte
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
ExitThread
GetCurrentThreadId
CreateThread
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ExitProcess
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
FatalAppExitA
VirtualFree
VirtualAlloc
HeapCreate
HeapDestroy
GetModuleFileNameA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThread
SetHandleCount
GetFileType
GetStartupInfoA

user32

GetDlgItem
GetSysColorBrush
EndDialog
SetWindowTextW
LoadCursorW
SetCursor
InflateRect
SendMessageW
DialogBoxIndirectParamW

gdi32

SetMapMode
StartDocW
StartPage
EndPage
EndDoc
GetDeviceCaps

comdlg32

PrintDlgW

advapi32

ImpersonateLoggedOnUser
RegEnumKeyW
RegQueryInfoKeyW
RegOpenKeyW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
LogonUserW
RegConnectRegistryW
RevertToSelf
DeleteService
ControlService
OpenSCManagerW
OpenServiceW
StartServiceW
QueryServiceStatus
CreateServiceW
CloseServiceHandle
RegCreateKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance

oleaut32

SysAllocString
SysFreeString

Sections

.text
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/PsList.exe
.exe windows:5 windows x86 arch:x86

6f5f404a0f036f081074d4220baf3a50

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:3d:af:b6:94:c5:8f:f3:d9:7f:ba:b6:78:86:ef:c8:8b:98:ab:52
Signer

Actual PE Digest

6a:3d:af:b6:94:c5:8f:f3:d9:7f:ba:b6:78:86:ef:c8:8b:98:ab:52

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Pstools\pslist\Release\pslist.pdb

Imports

mpr

WNetAddConnection2A
WNetCancelConnection2A

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

netapi32

NetApiBufferFree
NetServerEnum

ws2_32

inet_ntoa
gethostbyname
WSAStartup
gethostname

kernel32

FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
SetConsoleCursorPosition
SetConsoleCtrlHandler
SetPriorityClass
GetCurrentProcess
GetComputerNameA
GetLastError
SetLastError
GetTickCount
CloseHandle
CreateFileA
FreeLibrary
WriteFile
FormatMessageA
LoadLibraryExA
LockResource
SizeofResource
LoadResource
GetDateFormatA
DeleteFileA
GetSystemDirectoryA
WaitForSingleObject
WideCharToMultiByte
GetVersion
GetModuleFileNameA
SetEvent
ConnectNamedPipe
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetTimeFormatA
Sleep
GetStdHandle
GetConsoleScreenBufferInfo
FillConsoleOutputCharacterA
GetProcAddress
lstrcpynA
LocalAlloc
GetCommandLineW
LoadLibraryA
LocalFree
GetModuleHandleA
IsBadStringPtrA
lstrlenA
IsValidLocale
HeapSize
SetFilePointer
SetEnvironmentVariableA
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
ReadFile
GetTimeZoneInformation
SetEndOfFile
GetProcessHeap
CompareStringA
CompareStringW
FindResourceA
HeapAlloc
HeapFree
RtlUnwind
GetModuleHandleW
ExitProcess
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ExitThread
ResumeThread
CreateThread
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThread
LCMapStringA
MultiByteToWideChar
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
DeleteCriticalSection
FatalAppExitA
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
GetStringTypeA
GetStringTypeW
InterlockedExchange
InitializeCriticalSectionAndSpinCount
GetConsoleCP
FlushFileBuffers
SetHandleCount

user32

SetWindowTextA
LoadCursorA
EndDialog
InflateRect
SendMessageA
GetSysColorBrush
GetDlgItem
DialogBoxIndirectParamA
wsprintfA
SetCursor

gdi32

SetMapMode
StartDocA
StartPage
EndPage
EndDoc
GetDeviceCaps

comdlg32

PrintDlgA

advapi32

StartServiceA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
LogonUserA
ImpersonateLoggedOnUser
RegConnectRegistryA
RevertToSelf
DeleteService
ControlService
OpenSCManagerA
OpenServiceA
QueryServiceStatus
CreateServiceA
CloseServiceHandle
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/PsLoggedon.exe
.exe windows:5 windows x86 arch:x86

db609bc4f5b49c2544ac641a6ec02fe2

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5b:eb:1d:b8:b6:5a:6a:ae:68:ec:b5:d0:4c:10:4f:b9:a0:80:9f:48
Signer

Actual PE Digest

5b:eb:1d:b8:b6:5a:6a:ae:68:ec:b5:d0:4c:10:4f:b9:a0:80:9f:48

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Pstools\psloggedon\Release\psloggedon.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

netapi32

NetApiBufferFree
NetServerEnum
NetSessionEnum

ws2_32

gethostbyname
gethostname
WSAStartup
inet_ntoa

mpr

WNetAddConnection2W
WNetCancelConnection2W

kernel32

WriteFile
GetStdHandle
FormatMessageA
LoadLibraryExW
GetConsoleScreenBufferInfo
LockResource
SizeofResource
LoadResource
FindResourceW
DeleteFileW
GetSystemDirectoryW
GetComputerNameW
WaitForSingleObject
MultiByteToWideChar
FreeLibrary
SystemTimeToFileTime
GetModuleFileNameW
SetEvent
ConnectNamedPipe
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
CreateFileW
CloseHandle
GetTickCount
Sleep
SetLastError
FileTimeToLocalFileTime
GetLastError
GetCurrentProcess
GetLocalTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
FormatMessageW
GetProcAddress
GetCommandLineW
LocalAlloc
LoadLibraryW
LocalFree
GetModuleHandleW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
SetEnvironmentVariableA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
HeapSize
GetLocaleInfoW
GetTimeZoneInformation
SetEndOfFile
GetProcessHeap
ReadFile
CompareStringA
CompareStringW
GetVersion
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
ExitThread
GetCurrentThreadId
CreateThread
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ExitProcess
DeleteCriticalSection
FatalAppExitA
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
GetModuleFileNameA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThread
WideCharToMultiByte
GetConsoleCP
FlushFileBuffers
SetHandleCount
GetFileType
GetStartupInfoA
RtlUnwind
CreateFileA
SetConsoleCtrlHandler
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter

user32

SetCursor
InflateRect
SendMessageW
LoadCursorW
SetWindowTextW
EndDialog
DialogBoxIndirectParamW
GetDlgItem
GetSysColorBrush

gdi32

SetMapMode
StartDocW
StartPage
EndPage
EndDoc
GetDeviceCaps

comdlg32

PrintDlgW

advapi32

QueryServiceStatus
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
LogonUserW
ImpersonateLoggedOnUser
RevertToSelf
DeleteService
ControlService
OpenSCManagerW
OpenServiceW
StartServiceW
CreateServiceW
CloseServiceHandle
LookupAccountNameW
RegConnectRegistryW
RegEnumKeyExW
AllocateAndInitializeSid
LookupAccountSidW
FreeSid
RegOpenKeyW
RegQueryInfoKeyW
RegCreateKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey

Sections

.text
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/PsService.exe
.exe windows:5 windows x86 arch:x86

bafb11fdb26d45b94cff5758c03ec8d6

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

82:91:bf:43:0e:d4:c5:9f:85:f5:6c:b3:47:27:91:94:63:af:23:fa
Signer

Actual PE Digest

82:91:bf:43:0e:d4:c5:9f:85:f5:6c:b3:47:27:91:94:63:af:23:fa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Pstools\psservice\Release\psservice.pdb

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

ws2_32

inet_ntoa
gethostbyname
gethostname
WSAStartup

netapi32

NetServerEnum
NetApiBufferFree

mpr

WNetAddConnection2A
WNetCancelConnection2A

kernel32

WideCharToMultiByte
GetVersion
GetModuleFileNameA
SetEvent
ConnectNamedPipe
lstrlenA
EnumSystemLocalesA
GetCurrentProcess
SizeofResource
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
WaitForSingleObject
GetComputerNameA
GetSystemDirectoryA
DeleteFileA
FindResourceA
GetLocaleInfoA
LoadResource
LockResource
GetConsoleScreenBufferInfo
LoadLibraryExA
FormatMessageA
GetStdHandle
WriteFile
FreeLibrary
CreateFileA
CloseHandle
GetTickCount
Sleep
SetLastError
GetLastError
GetProcAddress
GetCommandLineW
LocalAlloc
LoadLibraryA
LocalFree
GetModuleHandleA
IsValidLocale
SetFilePointer
SetStdHandle
WriteConsoleA
SetEnvironmentVariableA
GetConsoleOutputCP
WriteConsoleW
ReadFile
HeapSize
GetLocaleInfoW
GetTimeZoneInformation
SetEndOfFile
GetProcessHeap
CompareStringA
CompareStringW
GetUserDefaultLCID
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
ExitThread
GetCurrentThreadId
CreateThread
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GetModuleHandleW
ExitProcess
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThread
LCMapStringA
MultiByteToWideChar
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
FatalAppExitA
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
RtlUnwind
FlushFileBuffers
SetConsoleCtrlHandler
InterlockedExchange
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW

user32

SetWindowTextA
LoadCursorA
EndDialog
InflateRect
SendMessageA
GetSysColorBrush
GetDlgItem
DialogBoxIndirectParamA
wsprintfA
SetCursor

gdi32

SetMapMode
StartDocA
StartPage
EndPage
EndDoc
GetDeviceCaps

comdlg32

PrintDlgA

advapi32

GetSidIdentifierAuthority
EnumDependentServicesA
ChangeServiceConfigA
QueryServiceConfigA
QueryServiceObjectSecurity
GetSecurityDescriptorDacl
GetAce
LookupAccountSidA
MapGenericMask
EnumServicesStatusA
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
LogonUserA
ImpersonateLoggedOnUser
RegConnectRegistryA
RevertToSelf
DeleteService
ControlService
OpenSCManagerA
OpenServiceA
StartServiceA
QueryServiceStatus
CreateServiceA
CloseServiceHandle
RegCreateKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey

Sections

.text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/Pstools.chm
.chm
Windows Sysinternals Suite 2011.02.23/RamMap.exe
.exe windows:5 windows x86 arch:x86

9a2d387ba5e6a0c326cbef5df439adbd

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b8:48:f0:19:b5:c0:ff:fb:8b:fb:de:6c:38:24:a4:fc:70:c0:77:33
Signer

Actual PE Digest

b8:48:f0:19:b5:c0:ff:fb:8b:fb:de:6c:38:24:a4:fc:70:c0:77:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\rammap\Release\RamMap.pdb

Imports

comctl32

ImageList_DrawEx
InitCommonControlsEx
ImageList_Destroy
ord17
ImageList_Add
ImageList_Create
ImageList_ReplaceIcon
ImageList_SetBkColor

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

GetCurrentDirectoryW
CreateFileA
ReadFile
SetEndOfFile
VirtualQuery
FreeLibrary
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
InitializeCriticalSectionAndSpinCount
CreateFileW
GetModuleHandleA
LoadLibraryA
DebugBreak
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
LCMapStringW
GetModuleFileNameA
GetStdHandle
ExitProcess
VirtualAlloc
DeleteCriticalSection
VirtualFree
HeapCreate
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
WriteFile
LeaveCriticalSection
EnterCriticalSection
RaiseException
RtlUnwind
GetStartupInfoA
GetCommandLineA
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapAlloc
FindResourceW
LoadResource
CreateProcessW
GetCurrentProcess
WaitForSingleObject
GetProcessHeap
HeapFree
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
GlobalAddAtomW
GetVersion
FormatMessageW
DeviceIoControl
QueryDosDeviceW
OpenProcess
GetNumberFormatW
GetLocaleInfoW
InterlockedDecrement
InterlockedIncrement
LocalFree
LocalAlloc
LoadLibraryW
GetCommandLineW
ExpandEnvironmentStringsW
DeleteFileW
CloseHandle
LockResource
GetProcAddress
GetLastError
GetModuleFileNameW
GetFileAttributesW
SizeofResource
Sleep
GetModuleHandleW

user32

ReleaseDC
SetWindowPos
GetPropW
DefWindowProcW
SetCursor
DialogBoxIndirectParamW
EndDialog
GetSysColorBrush
SendMessageW
SetWindowTextW
CreateWindowExW
ShowWindow
GetDlgItem
InflateRect
GetUpdateRgn
SetCapture
DrawTextW
GetKeyState
GetCapture
IntersectRect
GetScrollInfo
ScrollWindowEx
SetScrollInfo
DestroyWindow
SetWindowPlacement
TranslateAcceleratorW
ScreenToClient
GetMessageW
PostQuitMessage
RegisterWindowMessageW
PostMessageW
IsZoomed
DialogBoxParamW
GetParent
SetFocus
GetClassLongW
TranslateMessage
LoadAcceleratorsW
ChildWindowFromPoint
IsDialogMessageW
RegisterClassExW
GetWindowPlacement
OffsetRect
UnionRect
GetClassNameW
SetWindowLongW
GetSysColor
EnumChildWindows
CreateDialogParamW
GetActiveWindow
DeferWindowPos
MessageBoxW
ReleaseCapture
BeginDeferWindowPos
SetDlgItemTextW
MapWindowPoints
EnableWindow
EndDeferWindowPos
DrawFrameControl
CallWindowProcW
MoveWindow
DispatchMessageW
GetWindowRect
LoadImageW
PtInRect
LoadIconW
GetWindowLongW
LoadStringW
GetSystemMetrics
UpdateWindow
EndPaint
FillRect
GetFocus
GetClientRect
BeginPaint
SetPropW
GetDC
DrawFocusRect
InvalidateRect
LoadCursorW

gdi32

BitBlt
GetTextMetricsW
SetBkColor
SelectClipRgn
CreateRectRgnIndirect
RectInRegion
GetBkColor
CreateRectRgn
Polyline
CreatePen
SetTextColor
CreateFontIndirectW
SetBkMode
GetObjectW
GetStockObject
DeleteDC
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
CreateSolidBrush
EndPage
StartPage
GetDeviceCaps
SetMapMode
StartDocW
EndDoc

comdlg32

FindTextW
GetSaveFileNameW
GetOpenFileNameW
PrintDlgW

advapi32

OpenServiceW
RegCloseKey
RegSetValueExW
RegCreateKeyW
RegQueryValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
CloseServiceHandle
RegOpenKeyExW
RegCreateKeyExW
ControlService
QueryServiceStatusEx
StartServiceW
OpenSCManagerW
RegOpenKeyW

shell32

CommandLineToArgvW
ShellExecuteW

ole32

CoInitialize
CoCreateInstance

oleaut32

VariantChangeType
VariantInit
VariantClear
SysAllocStringByteLen
SysFreeString
SysStringLen
SysAllocString

Sections

.text
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.myseg
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/RegDelNull.exe
.exe windows:4 windows x86 arch:x86

b1390b864aeb15bc9a19e8510570896f

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

d9:df:6f:9a:56:a0:7b:c4:38:c4:bd:22:44:7b:f3:5a:6e:1a:2d:33
Signer

Actual PE Digest

d9:df:6f:9a:56:a0:7b:c4:38:c4:bd:22:44:7b:f3:5a:6e:1a:2d:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
GetModuleFileNameA
SetFilePointer
FreeEnvironmentStringsA
SetStdHandle
LCMapStringW
LCMapStringA
LocalAlloc
LoadLibraryW
GetModuleHandleW
GetProcAddress
GetModuleFileNameW
GetVersion
SetLastError
ReadFile
GetCurrentProcess
GetLastError
CloseHandle
FormatMessageA
GetStdHandle
WriteFile
LocalFree
GetStringTypeA
GetStringTypeW
LoadLibraryA
UnhandledExceptionFilter
RtlUnwind
ExitProcess
TerminateProcess
HeapAlloc
HeapFree
FlushFileBuffers
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
MultiByteToWideChar
WideCharToMultiByte

user32

EndDialog
SendMessageW
LoadCursorW
SetCursor
InflateRect
GetDlgItem
GetSysColorBrush
SetWindowTextW
DialogBoxIndirectParamW

gdi32

SetMapMode
StartDocW
StartPage
EndPage
EndDoc
GetDeviceCaps

comdlg32

PrintDlgW

advapi32

SetSecurityDescriptorDacl
RegCreateKeyW
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegSetKeySecurity
InitializeSecurityDescriptor
GetTokenInformation
SetSecurityDescriptorOwner
SetEntriesInAclW
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/RootkitRevealer.chm
.chm
Windows Sysinternals Suite 2011.02.23/RootkitRevealer.exe
.exe windows:4 windows x86 arch:x86

c2971e27e558678b614d78284a46f77e

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

01:c2:d8:95:ba:79:32:68:57:54:49:ab:f3:e2:ce:96:01:b8:ed:fc
Signer

Actual PE Digest

01:c2:d8:95:ba:79:32:68:57:54:49:ab:f3:e2:ce:96:01:b8:ed:fc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
TerminateProcess
CreateProcessW
GetDriveTypeW
GetLogicalDrives
CreateThread
ResetEvent
OpenEventW
SetEvent
LoadLibraryW
CreateEventW
InitializeCriticalSection
GetFullPathNameW
GetSystemDirectoryW
WaitForMultipleObjects
GetTempPathW
GetCommandLineW
GetVersion
GetModuleFileNameW
FlushFileBuffers
LocalAlloc
SetConsoleCtrlHandler
SetEndOfFile
IsBadCodePtr
SetUnhandledExceptionFilter
SetStdHandle
GetStringTypeW
GetStringTypeA
GetVersionExA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetCPInfo
GetModuleFileNameA
ReadFile
GetFileType
GetStdHandle
SetHandleCount
GetCommandLineA
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
SystemTimeToFileTime
GetCurrentThread
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
LCMapStringW
LCMapStringA
FatalAppExitA
DeleteCriticalSection
ExitProcess
GetStartupInfoW
GetModuleHandleA
WideCharToMultiByte
RtlUnwind
HeapFree
HeapAlloc
HeapReAlloc
LoadLibraryA
FindFirstFileW
FindNextFileW
FindClose
CompareFileTime
FileTimeToLocalFileTime
SetEnvironmentVariableA
lstrlenW
CreateFileMappingW
MapViewOfFile
GetFileSize
UnmapViewOfFile
GetTickCount
VirtualProtect
IsBadReadPtr
GetCurrentDirectoryW
GetOEMCP
DeviceIoControl
SetFileAttributesW
DeleteFileW
CopyFileW
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
WriteFile
MultiByteToWideChar
DosDateTimeToFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GlobalAlloc
GlobalLock
GlobalUnlock
GetFileAttributesW
LocalFree
FormatMessageW
Sleep
HeapSize
DebugBreak
GetModuleHandleW
GetProcAddress
InterlockedExchange
SetLastError
CreateFileW
FindResourceW
LoadResource
SizeofResource
LockResource
GetCurrentProcess
CloseHandle
GetVersionExW
CreateFileA
SetFilePointer
GetLastError
CompareStringA
CompareStringW
GetACP
GetStartupInfoA
RaiseException

user32

EndPaint
BeginPaint
PtInRect
IsZoomed
CallWindowProcW
DrawFrameControl
CreateDialogParamW
UnionRect
OffsetRect
GetSystemMetrics
EndDeferWindowPos
EnumChildWindows
BeginDeferWindowPos
GetPropW
DeferWindowPos
GetClassNameW
SetWindowPlacement
UpdateWindow
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
ScreenToClient
DrawTextW
GetWindowTextW
wsprintfW
IsDialogMessageW
TranslateMessage
DispatchMessageW
DialogBoxIndirectParamW
GetWindowLongW
SetWindowLongW
SetFocus
GetMenu
CheckMenuItem
GetWindowPlacement
GetDlgItemTextW
SetTimer
EnableWindow
DialogBoxParamW
KillTimer
DefWindowProcW
MsgWaitForMultipleObjects
LoadIconW
SetWindowTextW
DestroyIcon
PostQuitMessage
SetDlgItemTextW
IsWindowEnabled
CheckDlgButton
IsDlgButtonChecked
RegisterClassExW
ShowWindow
MapWindowPoints
CreateWindowExW
SetCapture
ReleaseCapture
EndDialog
GetParent
GetWindowRect
MoveWindow
GetDlgItem
LoadCursorW
GetSysColorBrush
GetSysColor
ChildWindowFromPoint
InvalidateRect
SetCursor
OpenClipboard
EmptyClipboard
SendMessageW
SetClipboardData
CloseClipboard
LoadStringW
PostMessageW
MessageBoxW
InflateRect
SetPropW
GetClientRect

gdi32

EndDoc
GetStockObject
GetObjectW
EndPage
SetBkMode
SetTextColor
SelectObject
StartPage
StartDocW
SetMapMode
CreateFontIndirectW
GetDeviceCaps

comdlg32

GetSaveFileNameW
PrintDlgW

advapi32

RegQueryInfoKeyW
GetSecurityDescriptorLength
MakeAbsoluteSD
MakeSelfRelativeSD
RegOpenKeyExW
RegQueryValueW
RegConnectRegistryW
RegEnumKeyExW
RegCreateKeyExW
RegCreateKeyW
RegSetValueExW
RegCloseKey
RegDeleteKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExA
RegOpenKeyExA
RegQueryValueExW
RegGetKeySecurity
IsValidSecurityDescriptor
CloseServiceHandle
DeleteService
QueryServiceStatus
ControlService
OpenServiceW
OpenSCManagerW
StartServiceW
CreateServiceW
SetServiceStatus
RegEnumKeyW
RegDeleteValueW
FreeSid
EqualSid
GetTokenInformation
AllocateAndInitializeSid
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
RegEnumValueW

shell32

CommandLineToArgvW
ShellExecuteW
ExtractIconExW

ole32

CreateBindCtx

oleaut32

SetErrorInfo
GetErrorInfo
CreateErrorInfo
VariantChangeType
VariantInit
VariantClear
VariantTimeToSystemTime
SysAllocStringByteLen
SysAllocString
SysFreeString
SysStringLen

comctl32

ImageList_Create
ImageList_ReplaceIcon
PropertySheetW
ord17

mpr

WNetEnumResourceW
WNetOpenEnumW
WNetCloseEnum

Sections

.text
Size: 140KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/ShareEnum.exe
.exe windows:4 windows x86 arch:x86

8c990359c655b89fe20ef4fb7b5b756c

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

81:4f:c1:bf:b0:95:d2:4c:fc:10:5f:b7:18:e4:a6:96:c3:c2:7c:7a
Signer

Actual PE Digest

81:4f:c1:bf:b0:95:d2:4c:fc:10:5f:b7:18:e4:a6:96:c3:c2:7c:7a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17
ImageList_Create
ImageList_SetBkColor
ImageList_ReplaceIcon

kernel32

SetConsoleCtrlHandler
SetEndOfFile
LoadLibraryA
GetOEMCP
GetACP
SetFilePointer
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
ReadFile
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetVersionExA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetCPInfo
GetTimeZoneInformation
LCMapStringA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
HeapSize
TerminateProcess
GetCurrentThread
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetFileType
GetLocaleInfoW
CompareStringA
SetEnvironmentVariableA
lstrlenW
lstrlenA
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
WideCharToMultiByte
HeapAlloc
HeapReAlloc
RaiseException
LCMapStringW
GetStdHandle
SetHandleCount
MultiByteToWideChar
Sleep
FatalAppExitA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCommandLineW
GetComputerNameW
FormatMessageW
GetFileAttributesW
InterlockedIncrement
CreateThread
SetThreadPriority
ResumeThread
InterlockedDecrement
DeleteFileW
CreateFileW
WriteFile
GetCurrentProcessId
GetTickCount
GetProcessHeap
HeapFree
CompareStringW
GetModuleHandleW
SetLastError
GetLastError
LocalFree
LoadLibraryW
GetProcAddress
LocalAlloc
GetCurrentProcess
CloseHandle
GetVersion
ExitProcess
RtlUnwind

user32

SetClassLongW
UpdateWindow
EndDeferWindowPos
EnumChildWindows
BeginDeferWindowPos
GetWindowRect
EndPaint
DrawFrameControl
GetSystemMetrics
GetClientRect
BeginPaint
IsZoomed
MessageBoxW
SendMessageW
GetDlgItem
SetWindowLongW
PtInRect
EndDialog
DeferWindowPos
GetWindowLongW
GetClassNameW
InflateRect
DialogBoxIndirectParamW
LoadIconW
RegisterClassExW
ShowWindow
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
TranslateMessage
IsDialogMessageW
DispatchMessageW
PostQuitMessage
LoadMenuW
GetSubMenu
SetMenuDefaultItem
SetWindowTextW
DefWindowProcW
EnableWindow
IsWindowEnabled
GetDlgItemTextW
PostMessageW
DialogBoxParamW
CreateDialogParamW
GetSysColorBrush
ChildWindowFromPoint
InvalidateRect
wsprintfW
CreatePopupMenu
InsertMenuItemW
GetCursorPos
TrackPopupMenu
LoadCursorW
SetCursor
SetWindowPos
MoveWindow
GetSysColor
LoadImageW
GetParent
ScreenToClient

gdi32

GetDeviceCaps
SetMapMode
StartDocW
StartPage
EndPage
EndDoc
GetStockObject
GetObjectW
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

comdlg32

PrintDlgW
GetSaveFileNameW
GetOpenFileNameW

advapi32

SetSecurityDescriptorDacl
GetSidIdentifierAuthority
GetSidLengthRequired
GetSidSubAuthority
GetSidSubAuthorityCount
GetAclInformation
GetAce
LookupAccountSidW
AllocateAndInitializeSid
RegSetValueExW
RegCreateKeyW
RegQueryValueExW
RegCloseKey
MapGenericMask
MakeSelfRelativeSD
GetSecurityDescriptorLength
IsValidSecurityDescriptor
InitializeSecurityDescriptor
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
GetSecurityDescriptorDacl
IsValidSid
GetSecurityDescriptorOwner
SetSecurityDescriptorOwner
GetSecurityDescriptorGroup
SetSecurityDescriptorGroup
OpenProcessToken
GetTokenInformation
EqualSid
LookupAccountNameW
InitializeSid

shell32

ShellExecuteW
CommandLineToArgvW

oleaut32

SysStringLen
SysAllocStringByteLen
SysFreeString
SysAllocString
VarDateFromStr
VariantClear
VariantInit
GetErrorInfo
SetErrorInfo
VariantChangeType
CreateErrorInfo

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum

netapi32

NetGetDCName
NetShareSetInfo
NetShareEnum
NetWkstaUserGetInfo
NetShareGetInfo
NetApiBufferFree

ws2_32

setsockopt
WSAStartup
gethostname
recvfrom
WSAGetLastError
sendto
inet_addr
gethostbyaddr
WSASocketW
ntohl
gethostbyname

Sections

.text
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/ShellRunas.exe
.exe windows:4 windows x86 arch:x86

a19128c77d60d2b394dfa78b2e70b342

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c3:cc:e2:cc:c4:d6:e4:f0:ff:e7:49:0d:c2:b5:56:b0:21:59:a0:fe
Signer

Actual PE Digest

c3:cc:e2:cc:c4:d6:e4:f0:ff:e7:49:0d:c2:b5:56:b0:21:59:a0:fe

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\ShellRunas\Release\ShellRunas.pdb

Imports

msi

ord217
ord173

credui

CredUIParseUserNameW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

SetStdHandle
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
WriteConsoleA
GetConsoleCP
SetFilePointer
RtlUnwind
InitializeCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleOutputCP
GetCommandLineW
SetEnvironmentVariableW
GetCurrentProcess
GetProcAddress
Sleep
CloseHandle
GetLastError
CreateProcessW
GetShortPathNameW
GetModuleFileNameW
SearchPathW
GetComputerNameW
FormatMessageW
LoadLibraryW
LocalAlloc
LocalFree
GetModuleHandleW
WriteConsoleW
HeapSize
CreateFileA
FlushFileBuffers
GetConsoleMode
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
WideCharToMultiByte
LCMapStringA
HeapFree
HeapAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
MultiByteToWideChar

user32

CreateDialogParamW
DialogBoxIndirectParamW
InflateRect
GetSysColorBrush
SetCursor
DispatchMessageW
MessageBoxW
EnumWindows
SetDlgItemTextW
GetMessageW
TranslateMessage
PostQuitMessage
ChildWindowFromPoint
IsDialogMessageW
GetSysColor
RegisterClassExW
ShowWindow
LoadIconW
DefWindowProcW
InvalidateRect
SetWindowTextW
GetWindowThreadProcessId
SendMessageW
GetDlgItem
LoadCursorW
EndDialog

gdi32

SelectObject
GetStockObject
GetObjectW
SetTextColor
CreateFontIndirectW
StartPage
GetDeviceCaps
EndDoc
EndPage
StartDocW
SetMapMode
SetBkMode

comdlg32

PrintDlgW

advapi32

RegSetValueW
CreateProcessWithLogonW
RegCreateKeyExW
RegDeleteKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegCreateKeyW

shell32

ShellExecuteW
CommandLineToArgvW
SHGetMalloc
SHGetDesktopFolder

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/Tcpvcon.exe
.exe windows:5 windows x86 arch:x86

c510dea76f6096f5cfe2c672a3e799c1

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

77:31:21:69:14:9d:38:20:cf:41:d8:27:44:1c:7d:97:d4:58:32:b4
Signer

Actual PE Digest

77:31:21:69:14:9d:38:20:cf:41:d8:27:44:1c:7d:97:d4:58:32:b4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Tcpview\Release\Tcpvcon.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

ws2_32

socket
closesocket
gethostbyname
send
gethostname
recv
ntohl
htonl
htons
ntohs
getservbyport
gethostbyaddr
WSAGetLastError
connect
WSAStartup

iphlpapi

GetTcpTable
GetUdpTable
SetTcpEntry

comctl32

CreateToolbarEx
ord17
ImageList_ReplaceIcon
ImageList_Create
ord6

psapi

GetModuleFileNameExA

kernel32

CreateEventA
GetSystemDirectoryA
DeviceIoControl
GetModuleFileNameA
DuplicateHandle
GetVersion
GetCurrentProcessId
DeleteFileA
GetLocaleInfoA
InterlockedIncrement
InterlockedDecrement
HeapFree
GlobalLock
WaitForSingleObject
SetEvent
GetTickCount
GetProcessHeap
GetNumberFormatA
FormatMessageA
GetUserDefaultLangID
InitializeCriticalSection
GlobalAlloc
LeaveCriticalSection
TerminateProcess
GlobalUnlock
EnterCriticalSection
GlobalReAlloc
ExpandEnvironmentStringsA
GetStringTypeW
GetStringTypeA
SetStdHandle
WriteConsoleW
WriteConsoleA
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RaiseException
ReadProcessMemory
FlushFileBuffers
GetStartupInfoA
GetFileType
SetHandleCount
GetStdHandle
ExitProcess
Sleep
VirtualAlloc
DeleteCriticalSection
VirtualFree
HeapCreate
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
WriteFile
RtlUnwind
GetCommandLineA
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateThread
ResumeThread
ExitThread
HeapAlloc
SetEndOfFile
ReadFile
OpenProcess
LocalFree
LocalAlloc
LoadLibraryA
GetCommandLineW
CloseHandle
GetModuleHandleA
LockResource
GetProcAddress
SetLastError
GetLastError
SizeofResource
GetCurrentProcess
LoadResource
FindResourceA
CreateFileA
HeapSize
lstrlenA
GetConsoleOutputCP

user32

ScreenToClient
SetTimer
CloseClipboard
DestroyWindow
GetWindowRect
PostQuitMessage
TrackPopupMenu
IsIconic
FillRect
SetCapture
KillTimer
IsZoomed
DrawTextA
GetSubMenu
DrawIconEx
LoadStringA
GetFocus
LoadMenuA
LoadIconA
InvalidateRgn
GetClientRect
CreateMenu
SetFocus
GetDC
ChildWindowFromPoint
GetMenu
SetWindowLongA
InvalidateRect
GetWindowLongA
ClientToScreen
ReleaseDC
EnableMenuItem
EmptyClipboard
DefWindowProcA
GetSysColor
SetWindowPos
GetCursorPos
ShowWindow
DrawMenuBar
PostMessageA
OpenClipboard
ReleaseCapture
GetSystemMetrics
InsertMenuA
SetClipboardData
CallWindowProcA
SetMenuItemInfoA
DialogBoxParamA
DestroyIcon
SetDlgItemTextA
CheckMenuItem
MoveWindow
MessageBoxA
SetCursor
SendMessageA
InflateRect
GetDlgItem
EndDialog
GetSysColorBrush
SetWindowTextA
DialogBoxIndirectParamA
LoadCursorA
CreateWindowExA
GetParent

gdi32

StartDocA
SetMapMode
GetDeviceCaps
SetTextColor
CreateFontIndirectA
SetBkColor
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
GetBkColor
GetTextMetricsA
GetObjectA
GetStockObject
CreateSolidBrush
EndPage
StartPage
EndDoc

comdlg32

ChooseFontA
PrintDlgA
GetSaveFileNameA

advapi32

GetTokenInformation
RegQueryValueExA
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCreateKeyA
RegDeleteKeyA
RegSetValueExA
OpenProcessToken
EqualSid
AllocateAndInitializeSid
FreeSid
RegOpenKeyA
RegOpenKeyExA

shell32

ShellExecuteExA
SHGetFileInfoA
ShellExecuteA

oleaut32

VariantClear
SysAllocString
SysFreeString

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/Tcpview.exe
.exe windows:5 windows x86 arch:x86

9e5da0daacd01168e9e71474a1a6e556

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c8:ce:e2:cf:71:71:e8:ff:67:75:cf:97:21:a3:a3:e1:9f:44:7f:79
Signer

Actual PE Digest

c8:ce:e2:cf:71:71:e8:ff:67:75:cf:97:21:a3:a3:e1:9f:44:7f:79

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Tcpview\Release\Tcpview.pdb

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

ws2_32

gethostbyname
WSAGetLastError
socket
connect
send
recv
closesocket
WSAStartup
getservbyport
gethostname
gethostbyaddr
htons
htonl
ntohl
ntohs

iphlpapi

SetTcpEntry
GetTcpTable
GetUdpTable

comctl32

ImageList_Create
ord6
ord17
CreateToolbarEx
ImageList_ReplaceIcon

psapi

GetModuleFileNameExA

kernel32

ReadProcessMemory
CreateEventA
DeviceIoControl
GetCurrentProcessId
DuplicateHandle
GetCurrentProcess
CreateFileA
GetModuleFileNameA
GetLastError
GetNumberFormatA
GetLocaleInfoA
FormatMessageA
GetTickCount
TerminateProcess
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
GetUserDefaultLangID
LeaveCriticalSection
EnterCriticalSection
HeapFree
GetProcessHeap
GetVersion
InitializeCriticalSection
ExpandEnvironmentStringsA
GetConsoleCP
SetFilePointer
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
CloseHandle
SetHandleCount
HeapSize
GetStdHandle
WriteFile
ExitProcess
Sleep
HeapDestroy
HeapCreate
VirtualAlloc
VirtualFree
FatalAppExitA
DeleteCriticalSection
OpenProcess
LCMapStringA
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
GetCommandLineA
HeapReAlloc
ResumeThread
CreateThread
GetCurrentThreadId
ExitThread
HeapAlloc
RtlUnwind
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
lstrlenW
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
ResetEvent
GetVersionExA
GetSystemTimeAsFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
GetProcAddress
GetCommandLineW
LocalAlloc
LoadLibraryA
LocalFree
GetModuleHandleA
InterlockedDecrement
InterlockedIncrement
GetConsoleMode
GetStringTypeA
LoadLibraryW
SetEvent
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
LCMapStringW
WaitForSingleObject
IsValidLocale
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
GetLocaleInfoW
SetEndOfFile
ReadFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetFileType
GetStringTypeW

user32

GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
RegisterClassA
LoadMenuA
InsertMenuA
CreateMenu
GetSubMenu
SetMenuItemInfoA
DrawMenuBar
PostQuitMessage
LoadStringA
DialogBoxParamA
TrackPopupMenu
UpdateWindow
DestroyIcon
SetDlgItemTextA
GetParent
ChildWindowFromPoint
InvalidateRect
SetCapture
ReleaseCapture
SetWindowLongA
GetWindowLongA
GetCursorPos
GetClientRect
CreateWindowExA
SetFocus
CallWindowProcA
GetSysColor
LoadAcceleratorsA
LoadIconA
DrawIconEx
InvalidateRgn
SetWindowPos
GetMenu
CheckMenuItem
SetTimer
KillTimer
GetWindowRect
IsIconic
IsZoomed
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetFocus
GetDC
DrawTextA
ReleaseDC
GetSystemMetrics
MoveWindow
ShowWindow
ClientToScreen
ScreenToClient
PostMessageA
DestroyWindow
DefWindowProcA
MessageBoxA
DialogBoxIndirectParamA
GetDlgItem
GetSysColorBrush
EndDialog
SetWindowTextA
LoadCursorA
SetCursor
InflateRect
SendMessageA
FillRect
EnableMenuItem

gdi32

SetBkMode
GetDeviceCaps
SetMapMode
EndDoc
StartDocA
EndPage
StartPage
SetTextColor
SelectObject
CreateFontIndirectA
DeleteDC
CreateCompatibleDC
GetObjectA
GetStockObject
DeleteObject
CreateSolidBrush
GetBkColor
GetTextMetricsA
SetBkColor

comdlg32

PrintDlgA
ChooseFontA
GetSaveFileNameA

advapi32

RegOpenKeyA
AllocateAndInitializeSid
GetTokenInformation
FreeSid
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
ConvertSidToStringSidA
FlushTraceA
RegCreateKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey
EqualSid
RegOpenKeyExA

shell32

ShellExecuteA
SHGetFileInfoA
CommandLineToArgvW
ShellExecuteExA

ole32

CoCreateInstance
CoInitialize
CoSetProxyBlanket

oleaut32

SysStringLen
SysFreeString
VariantClear
VariantInit
VariantChangeType
SafeArrayGetElement
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
CreateErrorInfo
SafeArrayGetUBound
SafeArrayGetLBound
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
GetErrorInfo
SetErrorInfo
SysAllocString

Sections

.text
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/Vmmap.chm
.chm
Windows Sysinternals Suite 2011.02.23/Volumeid.exe
.exe windows:4 windows x86 arch:x86

c51be73105081640890f581847c006ec

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ed:91:bb:86:f6:bd:9d:98:04:40:57:86:5a:f1:55:01:98:49:11:75
Signer

Actual PE Digest

ed:91:bb:86:f6:bd:9d:98:04:40:57:86:5a:f1:55:01:98:49:11:75

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersion
LoadLibraryA
LocalAlloc
GetModuleHandleA
FlushFileBuffers
GetProcAddress
ReadFile
GetDriveTypeA
GetCPInfo
GetStringTypeW
GetStringTypeA
RtlUnwind
GetStartupInfoA
GetFileType
SetFilePointer
WriteFile
CreateFileA
GetLastError
GetVolumeInformationA
GetOEMCP
CloseHandle
GetStdHandle
SetHandleCount
GetVersionExA
DeviceIoControl
LocalFree
FormatMessageA
GetACP
ExitProcess
TerminateProcess
GetCurrentProcess
HeapAlloc
HeapFree
GetCommandLineA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle

user32

DialogBoxIndirectParamA
LoadCursorA
SetCursor
InflateRect
GetDlgItem
GetSysColorBrush
EndDialog
SetWindowTextA
SendMessageA

gdi32

SetMapMode
StartDocA
StartPage
EndPage
EndDoc
GetDeviceCaps

comdlg32

PrintDlgA

advapi32

RegQueryValueExA
RegCreateKeyA
RegSetValueExA
RegCloseKey

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Windows Sysinternals Suite 2011.02.23/WINOBJ.HLP
Windows Sysinternals Suite 2011.02.23/Winobj.exe
.exe windows:5 windows x86 arch:x86

b80af39df5c5e0cc858a01dcec9d1151

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

fa:57:f0:db:e9:fa:65:62:44:ca:66:4e:5b:00:0b:ff:15:3d:33:ea
Signer

Actual PE Digest

fa:57:f0:db:e9:fa:65:62:44:ca:66:4e:5b:00:0b:ff:15:3d:33:ea

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Winobj\Release\Winobj.pdb

Imports

comctl32

ImageList_Destroy
ord17
ord6
CreateToolbarEx
ImageList_Add
ImageList_GetImageCount
CreatePropertySheetPageA
PropertySheetA
ImageList_Create
ImageList_ReplaceIcon

uxtheme

SetWindowTheme

kernel32

GetModuleHandleA
CompareStringW
CompareStringA
FlushFileBuffers
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
InterlockedExchange
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
HeapSize
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetCurrentThread
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStdHandle
WriteFile
ExitProcess
Sleep
GetModuleHandleW
HeapDestroy
HeapCreate
FreeLibrary
FormatMessageA
GetVersion
GetCommandLineA
GetCurrentProcess
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameA
lstrlenA
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateFileA
GetLastError
CloseHandle
GetProcAddress
GetCommandLineW
LoadLibraryA
SetEnvironmentVariableA
LocalFree
LocalAlloc
HeapReAlloc
VirtualAlloc
VirtualFree
EnterCriticalSection
HeapAlloc
HeapFree
GetStartupInfoA
RaiseException
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA

user32

CreateWindowExA
GetClientRect
SendMessageA
InflateRect
SetCursor
LoadCursorA
SetWindowTextA
EndDialog
GetSysColorBrush
GetDlgItem
DialogBoxIndirectParamA
LoadIconA
SetWindowLongA
LoadAcceleratorsA
LoadMenuA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
RegisterClassA
GetMenu
GetSubMenu
InsertMenuA
SetMenuItemInfoA
DrawIconEx
WinHelpA
GetFocus
GetDC
InvertRect
ReleaseDC
PostQuitMessage
SetCapture
ReleaseCapture
DefWindowProcA
LoadStringA
TrackPopupMenu
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
UpdateWindow
DialogBoxParamA
MoveWindow
GetSysColor
ChildWindowFromPoint
InvalidateRect
GetWindowRect
IsIconic
IsZoomed
ScreenToClient
LoadBitmapA
PostMessageA
GetParent
SetDlgItemTextA
CheckDlgButton
ShowWindow
EnableWindow
MessageBoxA
wsprintfA
GetCursorPos
SetFocus
GetWindowLongA

gdi32

CreateBrushIndirect
GetStockObject
GetObjectA
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject
DeleteObject
GetDeviceCaps
SetMapMode
StartDocA
StartPage
EndPage
EndDoc

comdlg32

PrintDlgA

advapi32

AllocateAndInitializeSid
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegCreateKeyA
GetKernelObjectSecurity
SetKernelObjectSecurity
IsValidSecurityDescriptor
RegOpenKeyA
FreeSid
EqualSid
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation
MapGenericMask

shell32

ShellExecuteA

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 530KB - Virtual size: 530KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/ZoomIt.exe
.exe windows:5 windows x86 arch:x86

70fe523c82a8d4feb851930f09599a07

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:64:0f:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/01/2009, 01:58

Not After

20/03/2010, 02:08

Subject

CN=Microsoft Corporation,OU=AOC,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cf:6f:1d:c7:2e:82:c0:f3:bb:4e:57:57:74:b6:58:7b:2e:ca:b1:79
Signer

Actual PE Digest

cf:6f:1d:c7:2e:82:c0:f3:bb:4e:57:57:74:b6:58:7b:2e:ca:b1:79

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\ZoomIt\Release\ZoomIt.pdb

Imports

comctl32

ord17

winmm

PlaySoundA

gdiplus

GdipCloneImage
GdipDrawImageRectRect
GdipSetPixelOffsetMode
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipSaveImageToFile
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipGetImageEncodersSize

msimg32

AlphaBlend

kernel32

GetFileAttributesA
GetModuleFileNameA
MultiByteToWideChar
lstrcpynA
Beep
GetTickCount
SetThreadPriority
GetCurrentThread
MulDiv
GetVersion
Sleep
CreateEventA
LCMapStringA
SetFilePointer
InterlockedExchange
FreeLibrary
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
RtlUnwind
GetConsoleMode
GetConsoleCP
ExpandEnvironmentStringsA
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleW
HeapDestroy
HeapCreate
HeapReAlloc
VirtualAlloc
VirtualFree
EnterCriticalSection
FatalAppExitA
LeaveCriticalSection
DeleteCriticalSection
GetStartupInfoA
HeapFree
HeapAlloc
GetLastError
GetCommandLineA
CreateProcessA
DeleteFileA
WaitForSingleObject
GetExitCodeProcess
CloseHandle
FindResourceA
LoadResource
SizeofResource
LockResource
GetCurrentProcess
FormatMessageA
GetProcAddress
GetCommandLineW
LocalAlloc
LoadLibraryA
LocalFree
GetModuleHandleA
LCMapStringW
GetStringTypeA
SetEnvironmentVariableA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetLocaleInfoW
GetTimeZoneInformation
SetEndOfFile
GetProcessHeap
ReadFile
RaiseException
CompareStringA
CompareStringW
WideCharToMultiByte

user32

TranslateMessage
DispatchMessageA
GetKeyState
PostQuitMessage
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetRect
CreatePopupMenu
InsertMenuA
TranslateAcceleratorA
DestroyMenu
GetDesktopWindow
GetActiveWindow
GetParent
BringWindowToTop
SetFocus
SetForegroundWindow
SetActiveWindow
PostMessageA
GetSysColor
ChildWindowFromPoint
GetMessageA
FindWindowA
LoadAcceleratorsA
TrackPopupMenu
CreateDialogParamA
DialogBoxParamA
BeginPaint
GetWindowRect
MapWindowPoints
EndPaint
IsDlgButtonChecked
EnableWindow
GetDlgItemTextA
SetDlgItemTextA
CheckDlgButton
CreateWindowExA
ShowWindow
SetTimer
GetCursorPos
UpdateWindow
RegisterHotKey
KillTimer
DestroyWindow
GetClientRect
GetAsyncKeyState
IsWindowVisible
DefWindowProcA
GetMessageExtraInfo
GetClipCursor
ClipCursor
DrawTextA
InvalidateRect
UnregisterHotKey
SystemParametersInfoA
GetWindowLongA
SetWindowLongA
RedrawWindow
LoadIconA
GetDC
FillRect
ReleaseDC
EnumDisplaySettingsA
ChangeDisplaySettingsExA
FindWindowW
SetWindowPos
SetCursorPos
MessageBoxA
DialogBoxIndirectParamA
GetDlgItem
GetSysColorBrush
EndDialog
SetWindowTextA
LoadCursorA
SetCursor
InflateRect
SendMessageA
RegisterClassA

gdi32

EndDoc
MoveToEx
Ellipse
Rectangle
CreatePen
CreateFontIndirectA
SetTextColor
EndPage
GetObjectA
GetStockObject
SetROP2
CreateBitmap
CreateDCA
StretchBlt
SetStretchBltMode
StartPage
StartDocA
SetMapMode
CreateSolidBrush
GetDeviceCaps
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
BitBlt
Polygon
SetBkMode
LineTo

comdlg32

ChooseFontA
GetOpenFileNameA
PrintDlgA
GetSaveFileNameA

advapi32

RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyA
RegQueryValueExA
RegCloseKey

shell32

Shell_NotifyIconA
ShellExecuteA

ole32

CoInitialize

Sections

.text
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 304KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/accesschk.exe
.exe windows:5 windows x86 arch:x86

86f141fe505e78d1d64e655351eef5eb

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

26:e3:a7:71:e2:76:df:87:29:c2:26:53:20:cc:58:04:06:95:75:43
Signer

Actual PE Digest

26:e3:a7:71:e2:76:df:87:29:c2:26:53:20:cc:58:04:06:95:75:43

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Misc\accesschk\Exe\Release\accesschk.pdb

Imports

netapi32

NetApiBufferFree
NetUserGetLocalGroups

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize
GetLocaleInfoA
GetLocaleInfoW
GetTimeZoneInformation
Thread32First
OpenThread
Thread32Next
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
CreateFileW
FindResourceW
LoadResource
SizeofResource
LockResource
GetFullPathNameW
GetVersion
GetModuleFileNameW
GetLastError
GetCurrentProcess
SetLastError
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
CloseHandle
GetSystemDirectoryW
ExpandEnvironmentStringsW
GetCurrentDirectoryW
DeleteFileW
SetEnvironmentVariableA
DeviceIoControl
FormatMessageW
GetProcAddress
GetCommandLineW
LocalAlloc
LoadLibraryW
LocalFree
GetModuleHandleW
CreateFileA
SetEndOfFile
GetProcessHeap
ReadFile
CompareStringA
CompareStringW
SetStdHandle
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FatalAppExitA
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
GetCurrentThread
RtlUnwind
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetFileType
GetStartupInfoA
LCMapStringA
MultiByteToWideChar
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryA
SetFilePointer
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID

user32

GetSysColorBrush
EndDialog
SetWindowTextW
GetDlgItem
SetCursor
InflateRect
SendMessageW
DialogBoxIndirectParamW
LoadCursorW

gdi32

GetDeviceCaps
SetMapMode
StartDocW
StartPage
EndDoc
EndPage

comdlg32

PrintDlgW

advapi32

GetKernelObjectSecurity
OpenSCManagerW
CloseServiceHandle
OpenServiceW
EnumServicesStatusW
QueryServiceObjectSecurity
GetSecurityInfo
DeleteAce
RegOpenKeyExW
RegGetKeySecurity
RegEnumKeyW
GetNamedSecurityInfoW
RegDeleteKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
ImpersonateLoggedOnUser
RevertToSelf
LsaOpenPolicy
LsaNtStatusToWinError
LsaEnumerateAccountsWithUserRight
LookupPrivilegeNameW
LsaEnumerateAccountRights
LsaFreeMemory
LsaClose
GetEffectiveRightsFromAclW
GetSecurityDescriptorSacl
IsWellKnownSid
GetSecurityDescriptorOwner
LookupAccountNameW
GetSecurityDescriptorDacl
GetLengthSid
CopySid
GetTokenInformation
EqualSid
IsValidSid
GetSidIdentifierAuthority
GetAce
LookupAccountSidW
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
RegCreateKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey

Sections

.text
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 119KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/adrestore.exe
.exe windows:4 windows x86 arch:x86

66a38e1024d19e37020ae76f47816fa4

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

96:fc:37:60:78:3b:25:ea:8e:28:12:5d:3a:d0:e5:35:2f:50:5f:c9
Signer

Actual PE Digest

96:fc:37:60:78:3b:25:ea:8e:28:12:5d:3a:d0:e5:35:2f:50:5f:c9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wldap32

ord145
ord14
ord88
ord73
ord155
ord118
ord13

activeds

ord9

kernel32

LocalFree
LoadLibraryA
LocalAlloc
GetModuleHandleA
GetEnvironmentStringsW
FreeEnvironmentStringsW
lstrlenW
RtlUnwind
UnhandledExceptionFilter
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
lstrcpyW
lstrcatW
OutputDebugStringW
GetCommandLineA
GetCommandLineW
FreeEnvironmentStringsA
GetEnvironmentStrings
ReadFile
GetProcAddress
GetModuleFileNameA
SetFilePointer
GetStringTypeA
CloseHandle
GetModuleFileNameW
GetCurrentProcess
SetStdHandle
TerminateProcess
GetStartupInfoA
GetFileType
HeapAlloc
HeapFree
GetVersion
ExitProcess
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
LCMapStringW
GetLastError
FlushFileBuffers
WriteFile
SetHandleCount
GetStdHandle
GetStringTypeW

user32

LoadCursorA
SetCursor
InflateRect
GetDlgItem
GetSysColorBrush
EndDialog
CharNextW
SendMessageA
DialogBoxIndirectParamA
SetWindowTextA

gdi32

SetMapMode
StartDocA
StartPage
EndPage
EndDoc
GetDeviceCaps

comdlg32

PrintDlgA

advapi32

RegCloseKey
RegSetValueExA
RegQueryValueExA
RegCreateKeyA

ole32

CoInitialize

oleaut32

VariantInit
VariantClear

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Windows Sysinternals Suite 2011.02.23/autoruns.chm
.chm
Windows Sysinternals Suite 2011.02.23/autoruns.exe
.exe windows:5 windows x86 arch:x86

ce2540e9e23b706fca139adcbd361d6d

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

35:70:1b:11:4b:76:63:be:ed:99:20:bb:3f:82:2e:c8:6f:5f:1e:4b
Signer

Actual PE Digest

35:70:1b:11:4b:76:63:be:ed:99:20:bb:3f:82:2e:c8:6f:5f:1e:4b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Autoruns\Release\autoruns.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

comctl32

ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_GetImageCount
ImageList_Remove
ImageList_Create
CreateToolbarEx
ord17
ImageList_Add
ImageList_Draw

kernel32

WritePrivateProfileSectionW
GetPrivateProfileSectionW
WideCharToMultiByte
FindClose
FindNextFileW
ExpandEnvironmentStringsA
LoadLibraryA
WriteConsoleA
GetTimeZoneInformation
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
InterlockedExchange
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleHandleA
GetModuleHandleW
HeapSize
GetStringTypeW
GetStringTypeA
LCMapStringW
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
HeapDestroy
HeapCreate
VirtualAlloc
VirtualFree
FatalAppExitA
GetFileSize
MultiByteToWideChar
GetCurrentThreadId
SetLastError
TlsFree
GetStartupInfoA
GetCommandLineA
CreateThread
ResumeThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
HeapReAlloc
HeapAlloc
RtlUnwind
GetProcessHeap
HeapFree
lstrlenA
FormatMessageW
GetVersion
MulDiv
lstrlenW
lstrcatW
GetTickCount
ReadFile
SetFilePointer
GetWindowsDirectoryW
WriteConsoleW
SetEndOfFile
CreateFileA
CompareStringA
CompareStringW
ExpandEnvironmentStringsW
SetEnvironmentVariableW
LoadLibraryW
GetProcAddress
GetLocaleInfoW
GetNumberFormatW
GetModuleFileNameW
TlsSetValue
CreateFileW
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
LocalFree
Process32NextW
GetCurrentProcess
GetLastError
CloseHandle
InterlockedIncrement
InterlockedDecrement
TlsGetValue
GetFileTime
LocalAlloc
FindFirstFileW
GetFileAttributesW
TlsAlloc
InitializeCriticalSection
CreateSemaphoreW
TerminateProcess
GetCommandLineW
SetErrorMode
LoadLibraryExW
FreeLibrary
ExitThread
WaitForSingleObject
ReleaseSemaphore
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
DeleteFileW
GetPrivateProfileStringW
WriteProfileStringW
WritePrivateProfileStringW
CreateDirectoryW
GetProfileStringW
SetFileAttributesW
MoveFileW
RemoveDirectoryW
CreateProcessW
EnterCriticalSection
GetCurrentThread
LeaveCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
DeleteCriticalSection
GetFullPathNameW
SetEnvironmentVariableA
LCMapStringA
GetConsoleOutputCP

user32

TranslateMessage
DispatchMessageW
DrawMenuBar
LoadStringW
DrawIconEx
GetWindowTextW
PostQuitMessage
InvalidateRgn
ReleaseCapture
TranslateAcceleratorW
IsDialogMessageW
GetMessageW
LoadAcceleratorsW
CreateDialogParamW
RegisterClassExW
LoadImageW
RegisterWindowMessageW
MapWindowPoints
GetDlgItemTextW
GetSysColorBrush
ChildWindowFromPoint
GetPropW
GetClassNameW
DeferWindowPos
BeginDeferWindowPos
EnumChildWindows
EndDeferWindowPos
OffsetRect
UnionRect
PtInRect
BeginPaint
DialogBoxIndirectParamW
InflateRect
DrawFrameControl
EndPaint
SetPropW
GetWindowLongW
SetWindowLongW
EnableWindow
EndDialog
TrackPopupMenu
EnableMenuItem
DeleteMenu
GetSubMenu
InsertMenuW
SetDlgItemTextW
EnumDisplaySettingsW
FindWindowW
WaitForInputIdle
GetWindowThreadProcessId
SetForegroundWindow
FindWindowExW
CreateIconIndirect
GetIconInfo
CloseClipboard
OpenClipboard
EmptyClipboard
SetClipboardData
GetMenu
CheckMenuItem
SetWindowTextW
DialogBoxParamW
SetWindowPos
GetWindowRect
IsIconic
IsZoomed
GetDlgItem
SetTimer
GetParent
GetCursorPos
CreateWindowExW
CallWindowProcW
GetSysColor
GetClientRect
GetSystemMetrics
IntersectRect
InvalidateRect
GetFocus
GetDC
DrawTextW
ReleaseDC
MoveWindow
ShowWindow
ClientToScreen
ScreenToClient
DestroyWindow
DefWindowProcW
PostMessageW
SetFocus
LoadCursorW
SetCursor
SendMessageW
LoadIconW
DestroyIcon
MessageBoxW
SetMenuItemInfoW

gdi32

GetDIBits
CreateDIBSection
SetMapMode
StartDocW
StartPage
EndPage
EndDoc
CreateSolidBrush
GetTextMetricsW
DeleteObject
GetStockObject
GetObjectW
CreateCompatibleDC
GetDeviceCaps
DeleteDC
CreateFontIndirectW
SetBkColor
ExtTextOutW
GetTextExtentPoint32W
SelectObject
SetTextColor
SetBkMode
GdiFlush

comdlg32

ChooseFontW
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW
FindTextW
PrintDlgW

advapi32

RegCreateKeyW
RegLoadKeyW
RegQueryValueExW
GetAce
SetSecurityInfo
AllocateAndInitializeSid
GetTokenInformation
EqualSid
FreeSid
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey
RegUnLoadKeyW
RegDeleteValueW
RegQueryInfoKeyW
LookupAccountSidW
LookupAccountNameW
RegQueryValueW
RegEnumKeyW
DeleteService
CloseServiceHandle
OpenServiceW
OpenSCManagerW
CryptReleaseContext
CryptDestroyHash
RevertToSelf
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegQueryValueExA
RegOpenKeyExA
ImpersonateLoggedOnUser
RegOpenKeyExW
RegGetKeySecurity
RegOpenKeyW
RegSetKeySecurity
RegDeleteKeyW
RegEnumValueW
RegSetValueExW
RegCreateKeyExW
GetSecurityInfo

shell32

SHGetMalloc
ShellExecuteExW
SHGetPathFromIDListW
SHGetFileInfoW
CommandLineToArgvW
SHBrowseForFolderW
ShellExecuteW

ole32

CoCreateInstance
CoInitialize
CoTaskMemFree
CoUninitialize

oleaut32

SysFreeString
SysAllocString
SysStringLen
SysAllocStringByteLen
SysStringByteLen
VariantInit
VariantClear
VariantChangeType
GetErrorInfo
SetErrorInfo
CreateErrorInfo

shlwapi

UrlUnescapeW
SHCreateStreamOnFileW

Sections

.text
Size: 475KB - Virtual size: 475KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/autorunsc.exe
.exe windows:5 windows x86 arch:x86

af33cf24606bea004c462b863cfd2523

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

af:e0:d8:f8:8f:7b:ec:99:fe:4b:13:81:77:40:65:9d:13:37:b1:18
Signer

Actual PE Digest

af:e0:d8:f8:8f:7b:ec:99:fe:4b:13:81:77:40:65:9d:13:37:b1:18

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Autoruns\Release\autorunsc.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

comctl32

ImageList_Add
ImageList_GetIcon
ImageList_ReplaceIcon

kernel32

GetFileAttributesW
FindFirstFileW
LocalAlloc
GetCommandLineW
GetPrivateProfileStringW
FreeLibrary
LoadLibraryExW
WritePrivateProfileSectionW
GetPrivateProfileSectionW
WritePrivateProfileStringW
MultiByteToWideChar
WideCharToMultiByte
FindClose
FindNextFileW
CompareStringW
CompareStringA
SetEndOfFile
CreateFileA
GetTimeZoneInformation
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
LoadLibraryA
InterlockedExchange
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
GetSystemTimeAsFileTime
GetCurrentProcessId
TlsAlloc
InitializeCriticalSection
SetErrorMode
ExitThread
EnterCriticalSection
GetFileSize
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetFullPathNameW
GetVersion
GetModuleHandleW
ReadFile
SetFilePointer
CreateFileW
LeaveCriticalSection
CreateProcessW
lstrlenW
GetStartupInfoA
FormatMessageA
GetStdHandle
WriteFile
GetWindowsDirectoryW
ExpandEnvironmentStringsW
SetEnvironmentVariableW
LoadLibraryW
GetProcAddress
GetLocaleInfoW
GetNumberFormatW
InterlockedDecrement
GetModuleFileNameW
TlsSetValue
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
LocalFree
GetCurrentProcess
GetLastError
CloseHandle
InterlockedIncrement
TlsGetValue
SetEnvironmentVariableA
GetFileType
SetHandleCount
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringA
HeapSize
FlushFileBuffers
GetConsoleMode
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentThread
GetCurrentThreadId
SetLastError
TlsFree
GetConsoleCP
GetStringTypeW
lstrlenA
HeapFree
GetProcessHeap
HeapAlloc
HeapReAlloc
RaiseException
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
FatalAppExitA
VirtualFree
VirtualAlloc
HeapCreate
HeapDestroy
Sleep
ExitProcess
GetModuleFileNameA
GetStringTypeA

user32

LoadCursorW
LoadIconW
DestroyIcon
SetCursor
SendMessageW
LoadStringW
DialogBoxIndirectParamW
GetSysColorBrush
EndDialog
InflateRect
DeleteMenu
InsertMenuW
CheckMenuItem
SetWindowTextW
GetSubMenu
TrackPopupMenu
GetMenu
EnableMenuItem
GetDlgItem
SetDlgItemTextW
ShowWindow

gdi32

DeleteObject
GetDeviceCaps
SetMapMode
StartDocW
StartPage
EndPage
EndDoc

comdlg32

PrintDlgW

advapi32

RegSetKeySecurity
OpenSCManagerW
OpenServiceW
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CloseServiceHandle
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegCreateKeyW
RegQueryInfoKeyW
RegEnumKeyW
RegQueryValueW
LookupAccountNameW
LookupAccountSidW
RegLoadKeyW
RegUnLoadKeyW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegEnumValueW
RegOpenKeyExW
ImpersonateLoggedOnUser
RevertToSelf
RegDeleteKeyW
RegOpenKeyW
RegGetKeySecurity
GetSecurityInfo
GetAce
SetSecurityInfo
AllocateAndInitializeSid
GetTokenInformation
EqualSid
FreeSid

shell32

SHGetFileInfoW
ShellExecuteW

ole32

CoUninitialize
CoTaskMemFree
CoInitialize
CoCreateInstance

oleaut32

VariantClear
VariantChangeType
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysStringLen
SysAllocString
SetErrorInfo
GetErrorInfo
CreateErrorInfo

shlwapi

UrlUnescapeW

Sections

.text
Size: 378KB - Virtual size: 377KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/ctrl2cap.amd.sys
.sys windows:5 windows x64 arch:x64

053a0aec95933cbf178d865941afc5bf

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

75:c1:a7:98:b8:75:89:43:35:c7:8c:dd:bf:05:cb:ff
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

02/02/2006, 00:00

Not After

04/04/2007, 23:59

Subject

CN=Sysinternals,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarters,O=Sysinternals,L=Austin,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

29:63:9d:13:86:b7:68:42:ef:cd:8a:89:c6:4d:8a:96:6e:39:42:f4
Signer

Actual PE Digest

29:63:9d:13:86:b7:68:42:ef:cd:8a:89:c6:4d:8a:96:6e:39:42:f4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

e:\src\ctrl2cap\sys\objfre_wnet_AMD64\amd64\ctrl2cap.pdb

Imports

ntoskrnl.exe

IoDeleteDevice
IoCreateDevice
IoAttachDeviceToDeviceStack
IoDetachDevice
IofCallDriver
PoCallDriver
PoStartNextPowerIrp
KeBugCheckEx

Sections

.text
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 512B - Virtual size: 441B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/ctrl2cap.exe
.exe windows:4 windows x86 arch:x86

30deec6579f48261855708cba9a37fd6

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e7:c3:fd:d1:6b:37:27:73:8d:f5:de:36:59:56:81:10:87:84:35:93
Signer

Actual PE Digest

e7:c3:fd:d1:6b:37:27:73:8d:f5:de:36:59:56:81:10:87:84:35:93

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
SetStdHandle
FlushFileBuffers
LCMapStringA
LocalFree
GetCPInfo
LCMapStringW
GetStringTypeA
GetStringTypeW
LocalAlloc
GetModuleHandleA
GetOEMCP
SetFilePointer
WriteFile
LoadLibraryA
GetProcAddress
GetCurrentProcess
GetVersion
GetSystemDirectoryA
CopyFileA
GetLastError
FormatMessageA
DeleteFileA
GetACP
ExitProcess
TerminateProcess
HeapAlloc
HeapFree
GetCommandLineA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
RtlUnwind
CloseHandle

user32

DialogBoxIndirectParamA
LoadCursorA
SetCursor
InflateRect
GetDlgItem
GetSysColorBrush
EndDialog
SetWindowTextA
SendMessageA

gdi32

StartDocA
GetDeviceCaps
SetMapMode
StartPage
EndPage
EndDoc

comdlg32

PrintDlgA

advapi32

RegOpenKeyA
RegCreateKeyA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegDeleteKeyA
AllocateAndInitializeSid
CheckTokenMembership
FreeSid

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Windows Sysinternals Suite 2011.02.23/ctrl2cap.nt4.sys
.sys windows:4 windows x86 arch:x86

f8e3459f539be62994d9e0b7ee4b6de7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntoskrnl.exe

IoCreateDevice
RtlInitUnicodeString
RtlFreeUnicodeString
IoDeleteDevice
IoAttachDevice
ZwDisplayString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
sprintf
IofCallDriver

Sections

.text
Size: 576B - Virtual size: 547B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 32B - Virtual size: 29B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 352B - Virtual size: 332B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 64B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/ctrl2cap.nt5.sys
.sys windows:5 windows x86 arch:x86

4e00a523e4d7d53a2dee34c0906284ee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntoskrnl.exe

IoDeleteDevice
IoCreateDevice
IoAttachDeviceToDeviceStack
IoDetachDevice
IofCallDriver
PoCallDriver
PoStartNextPowerIrp

Sections

.text
Size: 160B - Virtual size: 137B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 256B - Virtual size: 249B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 320B - Virtual size: 292B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 96B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/dbgview.chm
.chm
Windows Sysinternals Suite 2011.02.23/disk2vhd.exe
.exe windows:5 windows x86 arch:x86

7d67800d9eff9b9986f6a070e98da4cc

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f6:5d:ee:01:3b:ae:7f:ab:4c:d3:a7:56:22:1e:01:50:1d:97:9e:8c
Signer

Actual PE Digest

f6:5d:ee:01:3b:ae:7f:ab:4c:d3:a7:56:22:1e:01:50:1d:97:9e:8c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Disk2vhd\release\disk2vhd.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

vssapi

?CreateVssBackupComponents@@YGJPAPAVIVssBackupComponents@@@Z

comctl32

ord17

cabinet

ord20
ord23
ord22

kernel32

GetFullPathNameW
GetCommandLineW
CopyFileExW
GetDriveTypeW
FindResourceW
LoadResource
InterlockedIncrement
MoveFileExW
GetCurrentProcess
GetComputerNameW
LoadLibraryW
CopyFileW
SizeofResource
FormatMessageW
GetVersionExW
GetExitCodeProcess
GetFileAttributesW
GetStdHandle
GetCurrentDirectoryW
MoveFileW
LockResource
GetSystemInfo
GetVolumeNameForVolumeMountPointW
DeleteFileW
LocalFree
SetFileAttributesW
GetVolumeInformationW
ExpandEnvironmentStringsW
LocalAlloc
SleepEx
WaitForSingleObjectEx
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
ReleaseSemaphore
ReadFileEx
EnterCriticalSection
GetLocalTime
CreateSemaphoreW
DeleteCriticalSection
WriteFileEx
GetVolumePathNameW
ExpandEnvironmentStringsA
LoadLibraryA
GetStringTypeW
GetStringTypeA
GetDiskFreeSpaceExW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
MultiByteToWideChar
LCMapStringA
HeapSize
RtlUnwind
RaiseException
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSectionAndSpinCount
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetFileType
SetHandleCount
GetModuleFileNameA
HeapCreate
VirtualAlloc
VirtualFree
GetStartupInfoA
GetCommandLineA
GetSystemTimeAsFileTime
HeapReAlloc
CreateThread
GetCurrentThreadId
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
FindNextFileW
DeviceIoControl
CreateEventW
FindClose
GetDiskFreeSpaceW
GetProcAddress
SetLastError
GetLastError
GetOverlappedResult
CreateFileW
GetModuleHandleW
InterlockedDecrement
WaitForSingleObject
FindFirstFileW
CloseHandle
GetFileTime
GetModuleFileNameW
ReadFile
WideCharToMultiByte
SetFilePointer
WriteFile
GetLocaleInfoA
CreateFileA
lstrlenA
GetModuleHandleA
HeapFree
ExitProcess
Sleep
GetProcessHeap
SetEndOfFile
HeapAlloc

user32

SetCursor
TranslateAcceleratorW
ScreenToClient
GetWindowRect
GetMessageW
PostQuitMessage
PostMessageW
IsZoomed
GetParent
LoadCursorW
IsWindowEnabled
PtInRect
SetPropW
GetDC
TranslateMessage
LoadAcceleratorsW
ChildWindowFromPoint
IsDialogMessageW
LoadIconW
OffsetRect
InflateRect
InvalidateRect
GetWindowLongW
GetClassNameW
ReleaseDC
DialogBoxIndirectParamW
SetWindowLongW
EndDialog
GetSysColor
CheckDlgButton
EnumChildWindows
ShowWindow
GetSysColorBrush
IsDlgButtonChecked
CreateDialogParamW
GetActiveWindow
DeferWindowPos
MessageBoxW
BeginDeferWindowPos
RegisterClassW
GetSystemMetrics
GetDlgItemTextW
SetDlgItemTextW
SendMessageW
EnableWindow
SetWindowTextW
EndDeferWindowPos
DrawFrameControl
GetPropW
CallWindowProcW
DefWindowProcW
DispatchMessageW
GetDlgItem
UnionRect
GetClientRect

gdi32

StartPage
GetDeviceCaps
SetMapMode
StartDocW
EndDoc
SetTextColor
CreateFontIndirectW
SetBkMode
SelectObject
GetObjectW
GetStockObject
EndPage

comdlg32

PrintDlgW
GetSaveFileNameW

advapi32

RegQueryValueExA
RegCreateKeyW
RegSetValueExW
AdjustTokenPrivileges
RegFlushKey
RegDeleteValueW
LookupPrivilegeValueW
RegCreateKeyExW
OpenProcessToken
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyExA

shell32

CommandLineToArgvW
ShellExecuteExW

ole32

CoCreateInstance
CoInitialize
CoCreateGuid
CoUninitialize
CLSIDFromString

oleaut32

SysFreeString
SysStringLen
SysAllocStringByteLen
VariantClear
VariantInit
SystemTimeToVariantTime
VariantChangeType
SysAllocString

Sections

.text
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/diskext.exe
.exe windows:4 windows x86 arch:x86

b22dba3eb8d92bd6ce1baeda177318c8

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c9:b0:b0:68:c7:cc:40:3c:03:43:cb:d0:f9:cf:a4:48:e5:44:6d:22
Signer

Actual PE Digest

c9:b0:b0:68:c7:cc:40:3c:03:43:cb:d0:f9:cf:a4:48:e5:44:6d:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteConsoleW
GetConsoleOutputCP
LocalAlloc
GetLastError
HeapSize
FlushFileBuffers
GetModuleHandleA
GetVersion
LoadLibraryA
GetProcAddress
GetDriveTypeA
WriteConsoleA
CreateFileA
GetConsoleMode
GetConsoleCP
DeviceIoControl
CloseHandle
FormatMessageA
SetStdHandle
LocalFree
HeapFree
HeapAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
Sleep
GetLocaleInfoA
RtlUnwind
InitializeCriticalSection
SetFilePointer

user32

SendMessageA
DialogBoxIndirectParamA
GetDlgItem
GetSysColorBrush
EndDialog
SetWindowTextA
LoadCursorA
SetCursor
InflateRect

gdi32

SetMapMode
StartDocA
StartPage
EndPage
EndDoc
GetDeviceCaps

comdlg32

PrintDlgA

advapi32

RegQueryValueExA
RegSetValueExA
RegCloseKey
RegCreateKeyA

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/du.exe
.exe windows:5 windows x86 arch:x86

79cd983d895243c54cd1a0d60e7d5520

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a1:bf:f1:cf:3c:10:f3:1e:9d:04:8d:cc:47:3c:08:a1:5a:03:52:40
Signer

Actual PE Digest

a1:bf:f1:cf:3c:10:f3:1e:9d:04:8d:cc:47:3c:08:a1:5a:03:52:40

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Misc\du\Release\du.pdb

Imports

kernel32

GetProcAddress
LoadLibraryW
GetModuleHandleW
LocalFree
LocalAlloc
GetCommandLineW
SetEnvironmentVariableA
GetFullPathNameW
CompareStringA
CreateFileA
GetTimeZoneInformation
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
GetCurrentDirectoryW
GetLocaleInfoW
GetFileAttributesW
FindFirstFileW
FindNextFileW
CreateFileW
FindClose
CloseHandle
GetFileInformationByHandle
GetCompressedFileSizeW
FormatMessageW
InterlockedDecrement
CompareStringW
GetNumberFormatW
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapFree
GetProcessHeap
GetLastError
lstrlenW
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
Sleep
ExitProcess
FatalAppExitA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetCurrentThread
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
HeapSize
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
WriteFile
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleA
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
LCMapStringA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA

user32

SetWindowTextW
SetCursor
InflateRect
SendMessageW
EndDialog
GetSysColorBrush
GetDlgItem
DialogBoxIndirectParamW
LoadCursorW

gdi32

SetMapMode
StartDocW
StartPage
EndPage
EndDoc
GetDeviceCaps

comdlg32

PrintDlgW

advapi32

RegQueryValueExW
RegSetValueExW
RegCloseKey
RegCreateKeyW

oleaut32

SysFreeString
SysAllocString
SetErrorInfo
VariantInit
VariantClear
VariantChangeType
GetErrorInfo
CreateErrorInfo

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/efsdump.exe
.exe windows:4 windows x86 arch:x86

94c991fc087e6d6976569ef8614bce42

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

cc:61:2f:9b:93:b1:3d:ea:4e:4b:63:4b:28:15:78:b0:25:40:60:ba
Signer

Actual PE Digest

cc:61:2f:9b:93:b1:3d:ea:4e:4b:63:4b:28:15:78:b0:25:40:60:ba

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushFileBuffers
LoadLibraryA
WideCharToMultiByte
SetFilePointer
SetStdHandle
CloseHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetModuleHandleW
GetLastError
GetModuleFileNameA
LocalAlloc
LoadLibraryW
GetFullPathNameW
FindFirstFileW
FindNextFileW
FindClose
FormatMessageW
GetProcAddress
LocalFree
HeapAlloc
HeapFree
GetVersion
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
RtlUnwind
WriteFile
GetStringTypeW

user32

DialogBoxIndirectParamW
LoadCursorW
SetCursor
InflateRect
GetDlgItem
GetSysColorBrush
EndDialog
SetWindowTextW
SendMessageW

gdi32

StartDocW
GetDeviceCaps
SetMapMode
StartPage
EndPage
EndDoc

comdlg32

PrintDlgW

advapi32

RegQueryValueExW
RegSetValueExW
RegCloseKey
QueryUsersOnEncryptedFile
LookupAccountSidW
QueryRecoveryAgentsOnEncryptedFile
FreeEncryptionCertificateHashList
RegCreateKeyW

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Windows Sysinternals Suite 2011.02.23/handle.exe
.exe windows:5 windows x86 arch:x86

772feda8a5b0e1a20e6162a195239816

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ce:34:40:20:3c:87:f7:12:de:56:ae:00:6b:51:32:bc:83:ba:42:c8
Signer

Actual PE Digest

ce:34:40:20:3c:87:f7:12:de:56:ae:00:6b:51:32:bc:83:ba:42:c8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Handle\Release\handle.pdb

Imports

kernel32

DuplicateHandle
GetCurrentProcessId
DeleteFileA
GetSystemDirectoryA
GetConsoleScreenBufferInfo
GetStdHandle
WaitForSingleObject
CreateProcessA
GetCommandLineA
ExpandEnvironmentStringsA
GetFileAttributesA
lstrcpyA
GetVersion
CompareStringW
CompareStringA
GetTimeZoneInformation
ReadFile
GetProcessHeap
SetEndOfFile
GetLocaleInfoW
HeapSize
IsValidLocale
EnumSystemLocalesA
OpenProcess
GetDriveTypeA
DeviceIoControl
FormatMessageA
GetCommandLineW
LoadLibraryA
LocalAlloc
GetModuleHandleA
LocalFree
GetProcAddress
SetLastError
CreateFileA
FindResourceA
LoadResource
SizeofResource
LockResource
GetCurrentProcess
GetLastError
GetModuleFileNameA
CloseHandle
HeapAlloc
HeapFree
GetModuleHandleW
Sleep
ExitProcess
EnterCriticalSection
LeaveCriticalSection
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
WideCharToMultiByte
GetConsoleCP
RtlUnwind
DeleteCriticalSection
FatalAppExitA
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
GetCurrentThread
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
InitializeCriticalSectionAndSpinCount
LCMapStringA
MultiByteToWideChar
LCMapStringW
FlushFileBuffers
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
SetStdHandle
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
SetEnvironmentVariableA

user32

DialogBoxIndirectParamA
GetDlgItem
GetSysColorBrush
EndDialog
SetWindowTextA
LoadCursorA
SetCursor
InflateRect
SendMessageA

gdi32

SetMapMode
StartDocA
StartPage
EndPage
EndDoc
GetDeviceCaps

comdlg32

PrintDlgA

advapi32

LookupAccountSidA
RegQueryValueExA
RegCreateKeyA
RegSetValueExA
RegCloseKey
RegDeleteKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetTokenInformation

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 249KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/hex2dec.exe
.exe windows:4 windows x86 arch:x86

86cd32601e5478b1662abe3fb33c6620

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

45:af:49:6a:d8:80:9a:0d:bc:ff:e2:bf:46:8b:76:96:74:06:10:e3
Signer

Actual PE Digest

45:af:49:6a:d8:80:9a:0d:bc:ff:e2:bf:46:8b:76:96:74:06:10:e3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
GetOEMCP
GetProcAddress
LCMapStringW
SetStdHandle
FlushFileBuffers
ReadFile
LCMapStringA
GetCPInfo
GetLastError
WriteFile
GetModuleHandleA
LocalAlloc
LoadLibraryA
SetFilePointer
LocalFree
HeapAlloc
HeapFree
GetCommandLineA
GetVersion
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
RtlUnwind
CloseHandle

user32

DialogBoxIndirectParamA
LoadCursorA
SetCursor
InflateRect
GetDlgItem
GetSysColorBrush
EndDialog
SetWindowTextA
SendMessageA

gdi32

EndPage
GetDeviceCaps
SetMapMode
StartDocA
StartPage
EndDoc

comdlg32

PrintDlgA

advapi32

RegQueryValueExA
RegSetValueExA
RegCloseKey
RegCreateKeyA

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Windows Sysinternals Suite 2011.02.23/junction.exe
.exe windows:5 windows x86 arch:x86

3affd188264f59594a90b036270f340e

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

72:96:cb:3c:cf:4a:19:97:6d:61:01:7d:1b:ad:e8:cf:2e:da:d0:b2
Signer

Actual PE Digest

72:96:cb:3c:cf:4a:19:97:6d:61:01:7d:1b:ad:e8:cf:2e:da:d0:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Misc\junction\Release\junction.pdb

Imports

kernel32

FindFirstFileW
RemoveDirectoryW
CreateDirectoryW
GetVolumeInformationW
GetFullPathNameW
GetCurrentDirectoryW
CompareStringW
FindNextFileW
CreateFileA
GetTimeZoneInformation
GetLocaleInfoW
HeapSize
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FindClose
CreateFileW
GetLastError
GetFileAttributesW
DeviceIoControl
FormatMessageW
CloseHandle
GetCommandLineW
GetProcAddress
LocalAlloc
LoadLibraryW
LocalFree
CompareStringA
GetModuleHandleW
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
HeapReAlloc
Sleep
ExitProcess
DeleteCriticalSection
FatalAppExitA
VirtualFree
VirtualAlloc
HeapCreate
HeapDestroy
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetFileType
GetStartupInfoA
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
SetFilePointer
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetEnvironmentVariableA

user32

DialogBoxIndirectParamW
GetDlgItem
GetSysColorBrush
EndDialog
SetWindowTextW
LoadCursorW
SetCursor
InflateRect
SendMessageW

gdi32

SetMapMode
StartDocW
StartPage
EndPage
EndDoc
GetDeviceCaps

comdlg32

PrintDlgW

advapi32

RegQueryValueExW
RegSetValueExW
RegCloseKey
RegCreateKeyW

Sections

.text
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/ldmdump.exe
.exe windows:4 windows x86 arch:x86

62430f16891f2bbc3e224c30b3127f73

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

cd:66:fb:ce:39:19:bc:b9:14:88:64:7c:3a:e0:21:8f:f0:93:2c:ea
Signer

Actual PE Digest

cd:66:fb:ce:39:19:bc:b9:14:88:64:7c:3a:e0:21:8f:f0:93:2c:ea

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
LocalAlloc
GetModuleHandleA
LCMapStringA
SetStdHandle
CreateFileA
GetProcAddress
SetFilePointer
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
CloseHandle
DeviceIoControl
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatA
FlushFileBuffers
GetTimeFormatA
WriteFile
RtlUnwind
ReadFile
GetLastError
FormatMessageA
LocalFree
GetOEMCP
ExitProcess
TerminateProcess
GetCurrentProcess
HeapAlloc
HeapFree
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
LCMapStringW

user32

DialogBoxIndirectParamA
LoadCursorA
SetCursor
InflateRect
GetDlgItem
GetSysColorBrush
EndDialog
SetWindowTextA
SendMessageA

gdi32

SetMapMode
StartDocA
StartPage
EndPage
EndDoc
GetDeviceCaps

comdlg32

PrintDlgA

advapi32

RegCreateKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Windows Sysinternals Suite 2011.02.23/livekd.exe
.exe windows:5 windows x86 arch:x86

154c26269ec0c1511335d0ff00beaa29

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9d:fa:40:aa:31:c3:b7:99:14:65:73:d6:d8:0e:80:d7:be:50:7e:71
Signer

Actual PE Digest

9d:fa:40:aa:31:c3:b7:99:14:65:73:d6:d8:0e:80:d7:be:50:7e:71

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\livekd\Exe\Release\livekd.pdb

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

GetSystemInfo
FreeLibrary
LoadLibraryW
DeviceIoControl
WriteFile
GetModuleFileNameA
GetVersionExA
IsProcessorFeaturePresent
WaitForSingleObject
CreateProcessA
GetCommandLineA
ExpandEnvironmentStringsA
GetFileAttributesA
SetEndOfFile
SetFilePointerEx
GetSystemDirectoryA
SetEnvironmentVariableA
GetEnvironmentVariableA
GetCurrentDirectoryA
SetFileAttributesA
SetCurrentDirectoryA
GetEnvironmentStrings
GetStartupInfoA
SetConsoleCtrlHandler
GetEnvironmentVariableW
GetWindowsDirectoryA
GetFullPathNameA
GlobalMemoryStatusEx
HeapSize
GetTimeZoneInformation
GetProcessHeap
ReadFile
InterlockedExchange
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
DeleteFileA
TerminateProcess
MultiByteToWideChar
FormatMessageA
GetCommandLineW
LoadLibraryA
LocalAlloc
GetModuleHandleA
LocalFree
GetProcAddress
SetLastError
CreateFileA
FindResourceA
LoadResource
CompareStringW
SizeofResource
LockResource
GetCurrentProcess
GetLastError
CloseHandle
GetLocaleInfoW
CompareStringA
SearchPathA
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
GetCurrentThread
LCMapStringA
LCMapStringW
DeleteCriticalSection
FatalAppExitA
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
Sleep
ExitProcess
GetStdHandle
SetHandleCount
GetFileType
FlushFileBuffers
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetStdHandle
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetTimeFormatA

user32

DialogBoxIndirectParamA
GetDlgItem
GetSysColorBrush
EndDialog
SetWindowTextA
LoadCursorA
SetCursor
InflateRect
SendMessageA

gdi32

SetMapMode
StartDocA
StartPage
EndPage
EndDoc
GetDeviceCaps

comdlg32

PrintDlgA

advapi32

RegSetValueExA
RegOpenKeyA
AllocateAndInitializeSid
GetTokenInformation
EqualSid
FreeSid
RegQueryValueExA
RegCreateKeyA
RegCloseKey
RegDeleteKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

Sections

.text
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 310KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/logonsessions.exe
.exe windows:5 windows x86 arch:x86

26752a7e5bac44f6a48daade8c725c7d

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9f:77:30:15:d7:f8:46:d6:6a:18:9d:1e:1c:0d:97:5a:1a:81:37:d8
Signer

Actual PE Digest

9f:77:30:15:d7:f8:46:d6:6a:18:9d:1e:1c:0d:97:5a:1a:81:37:d8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Misc\Logonsessions\Release\logonsessions.pdb

Imports

secur32

LsaFreeReturnBuffer
LsaEnumerateLogonSessions
LsaGetLogonSessionData

kernel32

DeviceIoControl
Process32NextW
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
InterlockedDecrement
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemDirectoryW
InterlockedIncrement
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTimeZoneInformation
GetLocaleInfoW
ReadFile
GetProcessHeap
SetEndOfFile
CreateFileA
HeapSize
GetCommandLineW
LocalAlloc
LoadLibraryW
LocalFree
GetModuleHandleW
SetLastError
GetProcAddress
FindResourceW
CreateFileW
LoadResource
SizeofResource
LockResource
GetCurrentProcess
GetLastError
CloseHandle
lstrlenW
GetLocaleInfoA
EnumSystemLocalesA
TerminateProcess
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
LoadLibraryA
IsValidLocale
HeapAlloc
HeapFree
HeapReAlloc
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
DeleteCriticalSection
FatalAppExitA
VirtualFree
VirtualAlloc
HeapCreate
HeapDestroy
Sleep
ExitProcess
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
GetCurrentThread
RaiseException
GetModuleHandleA
SetHandleCount
GetFileType
GetStartupInfoA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetStdHandle
FlushFileBuffers
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
FreeLibrary

user32

EndDialog
SetWindowTextW
GetSysColorBrush
SetCursor
InflateRect
SendMessageW
GetDlgItem
DialogBoxIndirectParamW
LoadCursorW

gdi32

SetMapMode
StartDocW
StartPage
EndPage
EndDoc
GetDeviceCaps

comdlg32

PrintDlgW

advapi32

GetTokenInformation
RegQueryValueExW
RegCreateKeyW
RegSetValueExW
RegCloseKey
RegDeleteKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
ConvertSidToStringSidW

oleaut32

CreateErrorInfo
SystemTimeToVariantTime
SysAllocStringByteLen
VariantClear
VariantChangeType
VariantInit
SysFreeString
SysStringLen
SysAllocString
GetErrorInfo
SetErrorInfo

Sections

.text
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/movefile.exe
.exe windows:4 windows x86 arch:x86

00b6ca1f234c6bdbcfbff0daf0a566f2

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f0:8e:6d:22:ff:f3:66:4f:d2:3f:f7:83:0f:94:54:da:8a:cf:ef:19
Signer

Actual PE Digest

f0:8e:6d:22:ff:f3:66:4f:d2:3f:f7:83:0f:94:54:da:8a:cf:ef:19

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetStdHandle
FlushFileBuffers
MultiByteToWideChar
LocalAlloc
GetACP
GetModuleHandleA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetProcAddress
GetCPInfo
SetFilePointer
LoadLibraryA
LocalFree
MoveFileExA
GetOEMCP
GetLastError
HeapAlloc
HeapFree
GetCommandLineA
GetVersion
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
RtlUnwind
WriteFile
CloseHandle

user32

DialogBoxIndirectParamA
LoadCursorA
SetCursor
InflateRect
GetDlgItem
GetSysColorBrush
EndDialog
SetWindowTextA
SendMessageA

gdi32

EndDoc
GetDeviceCaps
SetMapMode
StartDocA
StartPage
EndPage

comdlg32

PrintDlgA

advapi32

RegQueryValueExA
RegSetValueExA
RegCloseKey
RegCreateKeyA

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Windows Sysinternals Suite 2011.02.23/ntfsinfo.exe
.exe windows:4 windows x86 arch:x86

ad192e4578fb7d605b78b24eb33204a7

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

48:7b:93:1e:28:f9:a2:73:dc:5b:89:59:c3:02:b2:6a:b9:53:89:ce
Signer

Actual PE Digest

48:7b:93:1e:28:f9:a2:73:dc:5b:89:59:c3:02:b2:6a:b9:53:89:ce

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
printf
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
_XcptFilter
_exit
wcslen
wcscpy
free
malloc
exit
sprintf

kernel32

LocalAlloc
LoadLibraryA
GetModuleHandleA
CreateFileA
GetLastError
CloseHandle
FindFirstFileA
FindClose
FormatMessageA
LocalFree
GetProcAddress

user32

LoadCursorA
SetCursor
InflateRect
GetDlgItem
GetSysColorBrush
EndDialog
SetWindowTextA
SendMessageA
DialogBoxIndirectParamA

gdi32

StartDocA
StartPage
EndDoc
GetDeviceCaps
SetMapMode
EndPage

advapi32

RegQueryValueExA
RegSetValueExA
RegCloseKey
RegCreateKeyA

comdlg32

PrintDlgA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Windows Sysinternals Suite 2011.02.23/pagedfrg.exe
.exe windows:4 windows x86 arch:x86

bd450e46d8e9a796db50878d454ea94a

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

21:c6:2d:44:65:d6:c5:c9:b3:b6:44:70:1c:8a:a3:6d:64:53:58:da
Signer

Actual PE Digest

21:c6:2d:44:65:d6:c5:c9:b3:b6:44:70:1c:8a:a3:6d:64:53:58:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryA
CreateEventA
GetVersion
LocalFree
LoadLibraryA
LocalAlloc
LCMapStringA
GetStringTypeW
GetStringTypeA
ReadFile
SetEndOfFile
GetOEMCP
GetACP
GetCPInfo
MultiByteToWideChar
SetFilePointer
FlushFileBuffers
SetStdHandle
RtlUnwind
GetFileType
DeleteFileA
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
TerminateProcess
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
WriteFile
ExitProcess
GetStartupInfoA
HeapAlloc
LCMapStringW
HeapFree
FindFirstFileA
FindNextFileA
FindClose
GetCurrentProcessId
OpenProcess
GetCommandLineA
DeviceIoControl
DuplicateHandle
CreateThread
TerminateThread
SetEvent
WaitForSingleObject
GetDriveTypeA
GetProcAddress
GetModuleHandleA
SetLastError
CreateFileA
FindResourceA
LoadResource
SizeofResource
LockResource
GetCurrentProcess
GetLastError
GetStdHandle
CloseHandle

user32

EndDialog
SendMessageA
SetWindowTextA
DialogBoxIndirectParamA
LoadIconA
RegisterClassExA
CreateDialogParamA
GetMessageA
TranslateMessage
DispatchMessageA
IsDialogMessageA
IsDlgButtonChecked
GetDlgItemTextA
WinHelpA
GetDlgItem
EnableWindow
SendDlgItemMessageA
InflateRect
CheckDlgButton
SetDlgItemTextA
LoadCursorA
GetWindowRect
GetClientRect
CreateWindowExA
SetWindowPos
ShowWindow
PostQuitMessage
GetSysColorBrush
GetSysColor
ChildWindowFromPoint
InvalidateRect
SetCursor
DefWindowProcA
PostMessageA
MessageBoxA

gdi32

SetMapMode
StartDocA
StartPage
EndPage
EndDoc
GetStockObject
GetObjectA
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject
GetDeviceCaps

comctl32

ord17

comdlg32

PrintDlgA

advapi32

RegQueryValueExA
RegSetValueExA
RegCloseKey
RegDeleteKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyA
RegCreateKeyA

shell32

ShellExecuteA

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/pagedfrg.hlp
Windows Sysinternals Suite 2011.02.23/pdh.dll
.dll windows:5 windows x86 arch:x86

63db478edeb55ea635f2a1b63cbe23b6

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c6:17:f5:37:fa:ba:03:4c:13:b6:4c:c0:5e:42:a6:5f:32:6e:69:c7
Signer

Actual PE Digest

c6:17:f5:37:fa:ba:03:4c:13:b6:4c:c0:5e:42:a6:5f:32:6e:69:c7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

msvcrt

mbstowcs
??2@YAPAXI@Z
??3@YAXPAX@Z
atof
atol
_ultoa
_wfopen
sprintf
rewind
fclose
fgets
_wsplitpath
wcsncmp
strstr
wcstol
swprintf
_ultow
wcsncpy
_CIpow
wcstoul
_ltoa
_ftol
floor
_except_handler3
setlocale
wcstombs
_ltow

kernel32

SetErrorMode
InterlockedIncrement
CreateThread
CreateMutexW
GetExitCodeThread
WaitForMultipleObjects
LockFile
SetEndOfFile
FlushViewOfFile
UnlockFile
WriteFile
lstrcpyA
GetWindowsDirectoryA
HeapFree
HeapAlloc
SetLastError
lstrlenW
lstrcpyW
lstrcmpW
lstrcatW
HeapReAlloc
lstrcmpiW
GetLastError
ReleaseMutex
lstrlenA
WaitForSingleObject
lstrcatA
HeapSize
FileTimeToLocalFileTime
SystemTimeToFileTime
GetUserDefaultLangID
InterlockedExchange
InterlockedCompareExchange
GetSystemTimeAsFileTime
CreateMutexA
CloseHandle
Sleep
FlushFileBuffers
InterlockedDecrement
SetEvent
CreateEventW
HeapDestroy
GetProcessHeap
HeapCreate
GetComputerNameW
DisableThreadLibraryCalls
GetVersionExW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
lstrcmpiA
GetFileSize
GetCurrentProcessId
lstrcpynW
lstrcmpA
lstrcpynA
ReadFile
SetFilePointer
FileTimeToSystemTime
SearchPathW

advapi32

CloseServiceHandle
RegCloseKey
ControlService
RegQueryValueExA
OpenSCManagerW
OpenServiceW
StartServiceA
RegQueryInfoKeyA
DeregisterEventSource
RegisterEventSourceW
RegConnectRegistryW
RegOpenKeyExW
RegQueryValueExW

comdlg32

GetOpenFileNameW

user32

SetWindowTextW
SetWindowTextA
SetCursor
SendDlgItemMessageW
SetWindowLongW
SendMessageA
GetWindowLongW
LoadCursorA
SetFocus
MessageBoxW
MessageBeep
CheckRadioButton
GetDlgItemTextW
ReleaseDC
GetDC
IsDlgButtonChecked
ShowWindow
IsWindowEnabled
CreateDialogParamW
DialogBoxParamW
SetWindowPos
GetWindowRect
GetParent
PostMessageW
SendMessageW
EndDialog
GetDlgCtrlID
GetDlgItem
EnableWindow
WinHelpA
LoadStringW
GetWindowTextW
GetFocus

ole32

CoInitializeEx
CoGetInterfaceAndReleaseStream
CoUninitialize
CoMarshalInterThreadInterfaceInStream
CoInitializeSecurity
CoCreateInstance

gdi32

GetTextExtentPoint32W

oleaut32

SafeArrayDestroy
SysFreeString
VariantClear
SafeArrayGetElement
SysAllocString
SafeArrayGetUBound
VariantInit
SafeArrayGetLBound

Exports

Exports

PdhAddCounterA
PdhAddCounterW
PdhBrowseCountersA
PdhBrowseCountersW
PdhCalculateCounterFromRawValue
PdhCloseLog
PdhCloseQuery
PdhCollectQueryData
PdhCollectQueryDataEx
PdhComputeCounterStatistics
PdhConnectMachineA
PdhConnectMachineW
PdhEnumMachinesA
PdhEnumMachinesW
PdhEnumObjectItemsA
PdhEnumObjectItemsW
PdhEnumObjectsA
PdhEnumObjectsW
PdhExpandCounterPathA
PdhExpandCounterPathW
PdhExpandWildCardPathA
PdhExpandWildCardPathW
PdhFormatFromRawValue
PdhGetCounterInfoA
PdhGetCounterInfoW
PdhGetCounterTimeBase
PdhGetDataSourceTimeRangeA
PdhGetDataSourceTimeRangeW
PdhGetDefaultPerfCounterA
PdhGetDefaultPerfCounterW
PdhGetDefaultPerfObjectA
PdhGetDefaultPerfObjectW
PdhGetDllVersion
PdhGetFormattedCounterArrayA
PdhGetFormattedCounterArrayW
PdhGetFormattedCounterValue
PdhGetLogFileSize
PdhGetRawCounterArrayA
PdhGetRawCounterArrayW
PdhGetRawCounterValue
PdhIsRealTimeQuery
PdhLogServiceCommandA
PdhLogServiceCommandW
PdhLogServiceControlA
PdhLogServiceControlW
PdhLookupPerfIndexByNameA
PdhLookupPerfIndexByNameW
PdhLookupPerfNameByIndexA
PdhLookupPerfNameByIndexW
PdhMakeCounterPathA
PdhMakeCounterPathW
PdhOpenLogA
PdhOpenLogW
PdhOpenQuery
PdhOpenQueryA
PdhOpenQueryW
PdhParseCounterPathA
PdhParseCounterPathW
PdhParseInstanceNameA
PdhParseInstanceNameW
PdhReadRawLogRecord
PdhRemoveCounter
PdhSelectDataSourceA
PdhSelectDataSourceW
PdhSetCounterScaleFactor
PdhSetDefaultRealTimeDataSource
PdhSetQueryTimeRange
PdhUpdateLogA
PdhUpdateLogFileCatalog
PdhUpdateLogW
PdhValidatePathA
PdhValidatePathW
PdhVbAddCounter
PdhVbCreateCounterPathList
PdhVbGetCounterPathElements
PdhVbGetCounterPathFromList
PdhVbGetDoubleCounterValue
PdhVbGetLogFileSize
PdhVbGetOneCounterPath
PdhVbIsGoodStatus
PdhVbOpenLog
PdhVbOpenQuery
PdhVbUpdateLog

Sections

.text
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/pendmoves.exe
.exe windows:4 windows x86 arch:x86

5a91fba10cbf977c4bc79b6c310ba433

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

53:ae:e5:b1:43:01:f0:0b:78:d8:5f:1e:10:a8:f7:b4:77:f6:8b:da
Signer

Actual PE Digest

53:ae:e5:b1:43:01:f0:0b:78:d8:5f:1e:10:a8:f7:b4:77:f6:8b:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
SetStdHandle
GetTimeFormatA
GetProcAddress
GetOEMCP
GetACP
GetModuleHandleA
LocalAlloc
LoadLibraryA
FileTimeToLocalFileTime
FileTimeToSystemTime
MultiByteToWideChar
GetDateFormatA
GetCPInfo
SetFilePointer
GetFileAttributesA
GetLastError
FormatMessageA
GetStdHandle
WriteFile
LocalFree
FlushFileBuffers
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
RtlUnwind
CloseHandle

user32

DialogBoxIndirectParamA
LoadCursorA
SetCursor
InflateRect
GetDlgItem
GetSysColorBrush
EndDialog
SetWindowTextA
SendMessageA

gdi32

SetMapMode
StartDocA
StartPage
EndPage
EndDoc
GetDeviceCaps

comdlg32

PrintDlgA

advapi32

RegCreateKeyA
RegSetValueExA
RegOpenKeyA
RegQueryInfoKeyA
RegCloseKey
RegQueryValueExA

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/pipelist.exe
.exe windows:4 windows x86 arch:x86

266fbb448c826115d3a974ad4a7e81a4

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:ef:e6:66:a8:23:7c:bd:22:8f:cf:15:97:41:2c:d7:10:55:12:9e
Signer

Actual PE Digest

30:ef:e6:66:a8:23:7c:bd:22:8f:cf:15:97:41:2c:d7:10:55:12:9e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
SetStdHandle
FlushFileBuffers
LCMapStringW
CreateFileA
GetCPInfo
SetFilePointer
MultiByteToWideChar
GetStringTypeA
LocalAlloc
LoadLibraryA
GetModuleHandleA
GetOEMCP
GetProcAddress
WriteFile
RtlUnwind
GetLastError
CloseHandle
FormatMessageA
GetACP
LocalFree
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetStringTypeW

user32

DialogBoxIndirectParamA
LoadCursorA
SetCursor
InflateRect
GetDlgItem
GetSysColorBrush
EndDialog
SetWindowTextA
SendMessageA

gdi32

SetMapMode
StartDocA
StartPage
EndPage
EndDoc
GetDeviceCaps

comdlg32

PrintDlgA

advapi32

RegQueryValueExA
RegSetValueExA
RegCloseKey
RegCreateKeyA

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Windows Sysinternals Suite 2011.02.23/portmon.exe
.exe windows:4 windows x86 arch:x86

318b0ededb6f2e0a03cd54fdae35e0d9

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

bf:b7:b3:e5:68:3d:49:32:9f:e8:91:c4:80:38:3c:06:08:e1:3f:85
Signer

Actual PE Digest

bf:b7:b3:e5:68:3d:49:32:9f:e8:91:c4:80:38:3c:06:08:e1:3f:85

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetAddConnection2A
WNetCancelConnection2A

ws2_32

inet_ntoa
closesocket
ioctlsocket
WSAGetLastError
accept
inet_addr
gethostbyaddr
connect
WSAStartup
socket
gethostbyname
htonl
htons
bind
getsockname
listen

comctl32

CreateToolbarEx
ord17

kernel32

EnterCriticalSection
LockResource
SizeofResource
LoadResource
FindResourceA
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
lstrlenA
GetTimeFormatA
DosDateTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrcatA
HeapFree
lstrcpyA
HeapAlloc
GetProcessHeap
WriteFileEx
CopyFileA
GetCurrentThreadId
QueryPerformanceCounter
FreeLibrary
GetProcAddress
LoadLibraryA
QueueUserAPC
SleepEx
GlobalMemoryStatus
FindClose
SearchPathA
FindFirstFileA
InitializeCriticalSection
GetFullPathNameA
GetCommandLineA
GetVersion
LeaveCriticalSection
GetModuleHandleA
InterlockedDecrement
SetFilePointer
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
DeleteCriticalSection
FlushFileBuffers
RtlUnwind
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsGetValue
TlsAlloc
ExitProcess
GetStartupInfoA
ExitThread
TlsSetValue
CreateThread
ResumeThread
FormatMessageA
LocalFree
DeleteFileA
GetCurrentDirectoryA
GetComputerNameA
TerminateThread
SetEvent
CreateEventA
WaitForMultipleObjects
OutputDebugStringA
DeviceIoControl
QueryPerformanceFrequency
WriteFile
ResetEvent
ReadFile
WaitForSingleObject
GetOverlappedResult
CreateFileA
CloseHandle
GetTickCount
GetLastError
SetLastError
InterlockedIncrement
SetStdHandle
LCMapStringA
LCMapStringW
SetEndOfFile
LocalAlloc

user32

EnumWindows
LoadAcceleratorsA
TranslateAcceleratorA
IsWindow
GetWindowTextA
UpdateWindow
RegisterClassA
LoadBitmapA
LoadStringA
WinHelpA
SetWindowPos
KillTimer
SendDlgItemMessageA
AttachThreadInput
AppendMenuA
DeleteMenu
DestroyMenu
GetMenu
EnableMenuItem
RemoveMenu
CreatePopupMenu
InsertMenuA
GetSubMenu
EnumDesktopWindows
SetCapture
SetWindowLongA
GetCursorPos
wsprintfA
EndDialog
SendMessageA
GetDlgItem
MessageBoxA
SetDlgItemTextA
GetClientRect
CreateWindowExA
CallWindowProcA
GetSysColor
DrawFocusRect
SetCursor
OemToCharA
GetWindowRect
IsIconic
IsZoomed
InvalidateRgn
SetForegroundWindow
RegisterWindowMessageA
CheckRadioButton
SetFocus
InflateRect
GetSysColorBrush
SetMenuItemBitmaps
DialogBoxIndirectParamA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetFocus
DrawTextA
GetSystemMetrics
MoveWindow
ClientToScreen
ScreenToClient
PostMessageA
DestroyWindow
GetDC
GetMenuCheckMarkDimensions
ReleaseDC
SetWindowTextA
DialogBoxParamA
CheckMenuItem
InvalidateRect
CheckDlgButton
GetDlgItemTextA
IsDlgButtonChecked
LoadIconA
LoadCursorA
RegisterClassExA
CreateDialogParamA
ShowWindow
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
SetTimer
PostQuitMessage
DefWindowProcA
ReleaseCapture

gdi32

CreateFontIndirectA
GetObjectA
SetBkColor
GetStockObject
SetAbortProc
GetTextExtentPoint32A
ExtTextOutA
DeleteObject
CreateSolidBrush
CreateCompatibleBitmap
SetMapMode
StartDocA
GetDeviceCaps
CreateFontA
GetTextMetricsA
GetTextExtentPointA
StartPage
TextOutA
EndPage
AbortDoc
EndDoc
SetTextColor
SetBkMode
SelectObject
StretchBlt
DeleteDC
CreateCompatibleDC

comdlg32

PrintDlgA
ChooseColorA
FindTextA
ChooseFontA
GetSaveFileNameA

advapi32

RegEnumValueA
RegCloseKey
RegOpenKeyA
RegSetValueExA
RegCreateKeyA
RegQueryValueExA
DeleteService
ControlService
OpenSCManagerA
OpenServiceA
StartServiceA
QueryServiceStatus
CreateServiceA
CloseServiceHandle

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHBrowseForFolderA
ShellExecuteExA

Sections

.text
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 554KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/procdump.exe
.exe windows:5 windows x86 arch:x86

3661111abf7ea2956b8d72d6f8ec66d1

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

35:ff:23:1d:6a:b6:84:d8:ca:0c:9f:34:44:39:c4:f3:74:af:d4:32
Signer

Actual PE Digest

35:ff:23:1d:6a:b6:84:d8:ca:0c:9f:34:44:39:c4:f3:74:af:d4:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Misc\procdump\Release\procdump.pdb

Imports

kernel32

WaitForSingleObject
SetEvent
OpenProcess
Sleep
SizeofResource
FormatMessageW
GetExitCodeProcess
GetTimeFormatW
GetFileAttributesW
TerminateProcess
GetModuleFileNameW
CreateFileW
InterlockedExchange
GetLastError
GetCurrentDirectoryW
Process32FirstW
OpenThread
GetProcessId
SetConsoleCtrlHandler
LockResource
CreateEventW
GetSystemInfo
WaitForMultipleObjects
Process32NextW
GetCurrentProcess
CreateToolhelp32Snapshot
WaitForDebugEvent
CloseHandle
DeleteFileW
GetSystemTime
ExpandEnvironmentStringsW
VirtualQueryEx
ReadProcessMemory
CreateFileA
ReadFile
GetProcessHeap
SetEndOfFile
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
SystemTimeToTzSpecificLocalTime
CreateProcessW
LoadResource
FindResourceW
DebugActiveProcessStop
GetDateFormatW
GetThreadContext
GetFullPathNameW
DebugActiveProcess
lstrcpyW
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryW
GetModuleHandleW
GetCommandLineW
IsBadStringPtrW
lstrlenW
ContinueDebugEvent
SetFilePointer
InitializeCriticalSectionAndSpinCount
HeapFree
HeapAlloc
ExitThread
ResumeThread
CreateThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
RaiseException
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
LCMapStringW
RtlUnwind
HeapSize
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetModuleHandleA

user32

SetWindowTextW
SendMessageW
GetSysColorBrush
EndDialog
IsHungAppWindow
EnumWindows
IsWindowVisible
GetWindowThreadProcessId
wsprintfW
SetCursor
DialogBoxIndirectParamW
LoadCursorW
InflateRect
GetDlgItem

gdi32

StartPage
GetDeviceCaps
SetMapMode
StartDocW
EndDoc
EndPage

comdlg32

PrintDlgW

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyW
OpenProcessToken
RegSetValueExW
RegCreateKeyW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

pdh

PdhOpenQueryW
PdhAddCounterW
PdhCollectQueryData
PdhGetFormattedCounterValue

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/procexp.chm
.chm
Windows Sysinternals Suite 2011.02.23/procexp.exe
.exe windows:5 windows x86 arch:x86

db50c83adc72091528a9c4feeadb78c7

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:dd:7d:b5:f8:04:cc:46:62:90:89:55:bc:07:2d:bf:04:79:9c:62
Signer

Actual PE Digest

10:dd:7d:b5:f8:04:cc:46:62:90:89:55:bc:07:2d:bf:04:79:9c:62

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\ProcExp\exe\Release\procexp.pdb

Imports

ws2_32

htonl
getservbyport
htons
ntohs
ntohl
WSAStartup
gethostbyaddr

mpr

WNetGetConnectionA

comctl32

CreateToolbarEx
CreatePropertySheetPageA
ord6
PropertySheetA
ord17
ImageList_Create
ImageList_ReplaceIcon
ImageList_DrawEx
ImageList_Destroy
InitCommonControlsEx

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

kernel32

CreateFileA
SetLastError
InterlockedIncrement
InterlockedDecrement
GetCommandLineW
CreateEventA
OpenEventA
GetTickCount
lstrcatA
HeapFree
lstrcpyA
HeapAlloc
GetProcessHeap
ReadProcessMemory
GetDateFormatA
lstrcmpA
lstrcmpiA
GetEnvironmentVariableA
MulDiv
CreateProcessA
ExpandEnvironmentStringsA
SearchPathA
GetFileAttributesA
GetNumberFormatA
lstrcpynA
GetSystemDirectoryA
GetProcessAffinityMask
Sleep
SetThreadAffinityMask
GetCurrentThread
DeleteFileA
GetCommandLineA
VirtualQueryEx
OpenProcess
SetFilePointer
ReadFile
QueryPerformanceFrequency
QueryPerformanceCounter
ResetEvent
LoadLibraryW
UnmapViewOfFile
IsBadReadPtr
MapViewOfFile
CreateFileMappingA
PulseEvent
GlobalMemoryStatus
WaitForMultipleObjects
SetErrorMode
GetCurrentProcessId
TerminateProcess
SetPriorityClass
FindClose
FindFirstFileA
FindResourceA
GlobalUnlock
GlobalAlloc
GlobalLock
GlobalReAlloc
SetProcessWorkingSetSize
GetLocaleInfoA
FormatMessageA
OutputDebugStringA
DeviceIoControl
GetDriveTypeA
GetCurrentDirectoryA
GetFileTime
GetExitCodeThread
DuplicateHandle
VirtualFree
VirtualAlloc
GetThreadContext
GetProcessWorkingSetSize
GetPriorityClass
MultiByteToWideChar
GlobalAddAtomA
GetSystemInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
SetHandleCount
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleW
FatalAppExitA
HeapDestroy
HeapCreate
GetStartupInfoA
ResumeThread
CreateThread
GetCurrentThreadId
ExitThread
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapReAlloc
lstrlenW
RaiseException
InterlockedExchange
LoadResource
SizeofResource
LockResource
GetCurrentProcess
IsBadStringPtrA
lstrlenA
InitializeCriticalSection
GetSystemTimeAsFileTime
DeleteCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTimeFormatA
EnterCriticalSection
LeaveCriticalSection
SetEvent
GetModuleHandleA
SetConsoleCtrlHandler
GetLocaleInfoW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WaitForSingleObject
TerminateThread
WideCharToMultiByte
CreateToolhelp32Snapshot
Module32First
CloseHandle
Module32Next
GetVersion
FreeLibrary
LoadLibraryA
GetProcAddress
GetLastError
LocalFree
LocalAlloc
GetModuleFileNameA
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
InitializeCriticalSectionAndSpinCount

user32

TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
RedrawWindow
ExitWindowsEx
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
DrawMenuBar
RemoveMenu
CreateMenu
RegisterWindowMessageA
GetDlgCtrlID
SendMessageTimeoutA
GetWindow
GetUserObjectSecurity
SetUserObjectSecurity
GetKeyState
CheckRadioButton
MsgWaitForMultipleObjects
PeekMessageA
ScrollWindowEx
SetScrollInfo
GetScrollInfo
IntersectRect
GetUpdateRgn
GetClassLongA
DrawIconEx
LoadMenuA
InsertMenuA
TrackPopupMenu
GetCapture
SetCapture
DrawEdge
wsprintfA
TranslateMessage
ShowWindowAsync
SetForegroundWindow
GetDesktopWindow
FindWindowExA
IsIconic
GetWindowDC
SetMenuItemInfoA
SetClassLongA
FillRect
EnumWindows
GetWindowThreadProcessId
GetWindowTextA
DeleteMenu
EnableWindow
CheckDlgButton
IsDlgButtonChecked
GetWindowPlacement
ModifyMenuA
CreatePopupMenu
TrackPopupMenuEx
AppendMenuA
GetMenu
GetSubMenu
GetMenuItemCount
GetMenuItemID
EnableMenuItem
DestroyIcon
FrameRect
GetDoubleClickTime
InvalidateRgn
MessageBoxA
SetFocus
SetTimer
WindowFromPoint
LoadStringA
LoadIconA
LoadImageA
IsDialogMessageA
DispatchMessageA
CreateDialogParamA
ReleaseCapture
GetDlgItemTextA
CheckMenuRadioItem
CheckMenuItem
GetMenuCheckMarkDimensions
PostQuitMessage
RegisterClassExA
RegisterClassA
FindWindowA
SetWindowPlacement
UpdateWindow
DialogBoxIndirectParamA
SetWindowTextA
InflateRect
DefDlgProcA
DefFrameProcA
DefMDIChildProcA
ClientToScreen
SystemParametersInfoA
CreateIconIndirect
MapWindowPoints
DestroyWindow
CreateWindowExA
IsWindowVisible
GetFocus
DrawTextA
GetDC
ReleaseDC
GetCursorPos
SetWindowPos
PostMessageA
SendMessageA
ShowWindow
IsZoomed
PtInRect
BeginPaint
EndPaint
DrawFrameControl
CallWindowProcA
CopyRect
SetWindowLongA
SetPropA
GetPropA
BeginDeferWindowPos
EnumChildWindows
EndDeferWindowPos
GetClientRect
GetSystemMetrics
OffsetRect
UnionRect
GetParent
GetClassNameA
GetWindowLongA
DeferWindowPos
ScreenToClient
DefWindowProcA
DialogBoxParamA
EndDialog
GetDlgItem
GetWindowRect
MoveWindow
SetDlgItemTextA
LoadCursorA
GetSysColorBrush
GetSysColor
ChildWindowFromPoint
InvalidateRect
SetCursor
KillTimer

gdi32

GetObjectA
CreateFontIndirectA
Ellipse
CreateCompatibleBitmap
LineTo
MoveToEx
GetTextMetricsA
Polyline
GetBkColor
SelectClipRgn
CreateRectRgnIndirect
RectInRegion
CreateRectRgn
SaveDC
SetROP2
CreatePen
Rectangle
SetTextAlign
SetBkMode
SetTextColor
SelectObject
ExtTextOutA
GetTextExtentPoint32A
CreateSolidBrush
GetDeviceCaps
SetMapMode
StartDocA
StartPage
EndPage
EndDoc
SetBkColor
BitBlt
CreateDIBSection
CreateCompatibleDC
DeleteDC
DeleteObject
GetStockObject
RestoreDC

comdlg32

ChooseFontA
GetOpenFileNameA
ChooseColorA
GetSaveFileNameA
FindTextA
PrintDlgA

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteExA
Shell_NotifyIconA
ShellExecuteA
SHGetFileInfoA

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CoSetProxyBlanket

oleaut32

SysFreeString
VariantClear
VariantInit
VariantChangeType
SafeArrayGetElement
SafeArrayDestroy
SysStringLen
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
SysAllocString
SafeArrayUnaccessData
GetErrorInfo
SetErrorInfo
CreateErrorInfo

Sections

.text
Size: 539KB - Virtual size: 539KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/procmon.chm
.chm
Windows Sysinternals Suite 2011.02.23/psfile.exe
.exe windows:4 windows x86 arch:x86

bcaee2d1f3ce48e6df654e8fc92f6e46

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

bb:e6:1e:63:56:9a:4b:f9:b0:6a:88:88:03:9b:c2:3e:b9:a2:1f:bd
Signer

Actual PE Digest

bb:e6:1e:63:56:9a:4b:f9:b0:6a:88:88:03:9b:c2:3e:b9:a2:1f:bd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

netapi32

NetFileGetInfo
NetFileEnum
NetFileClose

mpr

WNetAddConnection2W
WNetCancelConnection2W

kernel32

SetLastError
Sleep
GetTickCount
CloseHandle
FreeLibrary
WriteFile
GetStdHandle
FormatMessageA
LoadLibraryExW
GetComputerNameW
GetLastError
GetLocaleInfoA
MultiByteToWideChar
GetCurrentProcess
GetVersion
GetModuleFileNameW
LCMapStringW
LCMapStringA
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
LocalAlloc
LoadLibraryW
LocalFree
GetModuleHandleW
FreeEnvironmentStringsW
GetEnvironmentStrings
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize
ReadFile
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
GetProcAddress
GetModuleHandleA
ExitProcess
GetVersionExA
GetProcessHeap
DeleteCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
GetModuleFileNameA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetHandleCount
GetFileType
GetStartupInfoA
WideCharToMultiByte
GetConsoleCP
RtlUnwind
CreateFileA
FlushFileBuffers
LoadLibraryA
InitializeCriticalSection
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA

user32

SetCursor
LoadCursorW
SendMessageW
SetWindowTextW
EndDialog
GetSysColorBrush
InflateRect
GetDlgItem
DialogBoxIndirectParamW

gdi32

SetMapMode
StartDocW
StartPage
EndPage
EndDoc
GetDeviceCaps

comdlg32

PrintDlgW

advapi32

RegCreateKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/pskill.exe
.exe windows:5 windows x86 arch:x86

581bbb78c43ca05f50cb74db6ef4e6aa

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:64:0f:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/01/2009, 01:58

Not After

20/03/2010, 02:08

Subject

CN=Microsoft Corporation,OU=AOC,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

11:bd:3d:fc:16:a1:85:2e:49:da:96:f4:ee:ff:8c:58:8f:9a:50:8b
Signer

Actual PE Digest

11:bd:3d:fc:16:a1:85:2e:49:da:96:f4:ee:ff:8c:58:8f:9a:50:8b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Pstools\pskill\EXE\Release\pskill.pdb

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

netapi32

NetApiBufferFree
NetServerEnum

ws2_32

WSAStartup
gethostname
inet_ntoa
gethostbyname

mpr

WNetAddConnection2A
WNetCancelConnection2A

kernel32

FreeLibrary
WriteFile
GetStdHandle
FormatMessageA
LoadLibraryExA
LockResource
SizeofResource
LoadResource
FindResourceA
DeleteFileA
GetSystemDirectoryA
GetComputerNameA
WaitForSingleObject
GetCurrentProcess
WideCharToMultiByte
GetVersion
CreateFileA
SetEvent
ConnectNamedPipe
ReadFile
GetFullPathNameA
GetCommandLineA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
GetTickCount
Sleep
SetLastError
GetCommandLineW
LocalAlloc
LocalFree
LoadLibraryA
GetLastError
OpenProcess
TerminateProcess
CloseHandle
GetModuleHandleA
GetProcAddress
EnumSystemLocalesA
IsValidLocale
SetFilePointer
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize
SetEnvironmentVariableA
GetLocaleInfoW
GetTimeZoneInformation
SetEndOfFile
GetProcessHeap
CompareStringA
CompareStringW
GetModuleFileNameA
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
ExitThread
GetCurrentThreadId
CreateThread
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GetModuleHandleW
ExitProcess
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
FatalAppExitA
VirtualAlloc
HeapReAlloc
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LCMapStringA
MultiByteToWideChar
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
RtlUnwind
FlushFileBuffers
SetConsoleCtrlHandler
InterlockedExchange
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW

user32

LoadCursorA
SetCursor
SetWindowTextA
SendMessageA
EndDialog
GetSysColorBrush
GetDlgItem
DialogBoxIndirectParamA
InflateRect

gdi32

SetMapMode
StartDocA
StartPage
EndPage
EndDoc
GetDeviceCaps

comdlg32

PrintDlgA

advapi32

RevertToSelf
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
LogonUserA
ImpersonateLoggedOnUser
RegConnectRegistryA
DeleteService
ControlService
OpenSCManagerA
OpenServiceA
StartServiceA
QueryServiceStatus
CreateServiceA
CloseServiceHandle
RegCreateKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey

Sections

.text
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 456KB - Virtual size: 456KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/psloglist.exe
.exe windows:5 windows x86 arch:x86

fdd454d119a63499b070a81a331060e5

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

23:03:07:18:57:c3:a6:45:e3:ce:a5:2a:d0:39:d2:6a:ba:c0:18:33
Signer

Actual PE Digest

23:03:07:18:57:c3:a6:45:e3:ce:a5:2a:d0:39:d2:6a:ba:c0:18:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Pstools\psloglist\Release\psloglist.pdb

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

netapi32

NetApiBufferFree
NetServerEnum

ws2_32

WSAStartup
gethostname
inet_ntoa
gethostbyname

mpr

WNetAddConnection2A
WNetCancelConnection2A

kernel32

GetCommandLineW
GetProcAddress
SetLastError
Sleep
GetTickCount
CloseHandle
CreateFileA
FreeLibrary
WriteFile
GetStdHandle
GetConsoleScreenBufferInfo
LockResource
SizeofResource
LoadResource
FindResourceA
LoadLibraryA
WideCharToMultiByte
GetModuleFileNameA
SetEvent
ConnectNamedPipe
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
GetModuleHandleA
GetVersion
GetComputerNameA
CreateEventA
SystemTimeToFileTime
FindFirstFileA
GetSystemTimeAsFileTime
FindClose
GetLastError
GetCurrentProcess
DuplicateHandle
WaitForSingleObject
FileTimeToSystemTime
GetTimeFormatA
GetDateFormatA
FormatMessageA
LocalAlloc
LocalFree
FileTimeToLocalFileTime
CompareFileTime
LoadLibraryExA
ExpandEnvironmentStringsA
SetEnvironmentVariableA
GetSystemDirectoryA
IsValidLocale
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
HeapSize
GetLocaleInfoW
ReadFile
GetTimeZoneInformation
SetEndOfFile
GetProcessHeap
CompareStringA
CompareStringW
DeleteFileA
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
HeapReAlloc
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GetModuleHandleW
ExitProcess
HeapFree
ExitThread
GetCurrentThreadId
CreateThread
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
FatalAppExitA
VirtualFree
VirtualAlloc
HeapCreate
HeapDestroy
RtlUnwind
LCMapStringA
MultiByteToWideChar
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
FlushFileBuffers
SetConsoleCtrlHandler
InterlockedExchange
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA

user32

LoadCursorA
SetCursor
SetWindowTextA
SendMessageA
EndDialog
GetSysColorBrush
GetDlgItem
DialogBoxIndirectParamA
InflateRect

gdi32

SetMapMode
StartDocA
StartPage
EndPage
EndDoc
GetDeviceCaps

comdlg32

PrintDlgA

advapi32

RegCreateKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
LogonUserA
ImpersonateLoggedOnUser
RegConnectRegistryA
RevertToSelf
DeleteService
ControlService
OpenSCManagerA
OpenServiceA
StartServiceA
QueryServiceStatus
CreateServiceA
CloseServiceHandle
RegSetValueExA
OpenBackupEventLogA
OpenEventLogA
BackupEventLogA
CloseEventLog
NotifyChangeEventLog
ReadEventLogA
LookupAccountSidA
RegEnumKeyA
ClearEventLogA
RegOpenKeyA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/pspasswd.exe
.exe windows:4 windows x86 arch:x86

b901a4e8c09cd7a9b7cb7d2daa286ce5

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

53:5c:e0:18:cf:e6:31:cd:87:8e:17:96:b2:29:df:eb:0f:4f:bd:68
Signer

Actual PE Digest

53:5c:e0:18:cf:e6:31:cd:87:8e:17:96:b2:29:df:eb:0f:4f:bd:68

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

netapi32

NetApiBufferFree
NetServerEnum
NetUserSetInfo
NetUserGetInfo

mpr

WNetAddConnection2W
WNetCancelConnection2W

kernel32

Sleep
GetTickCount
CloseHandle
CreateFileW
FreeLibrary
WriteFile
GetStdHandle
FormatMessageA
LoadLibraryExW
GetComputerNameW
SetLastError
GetLocaleInfoA
GetVersion
GetModuleFileNameW
GetFullPathNameW
GetCommandLineW
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetLastError
LocalAlloc
LoadLibraryW
LocalFree
GetModuleHandleW
MultiByteToWideChar
GetCommandLineA
GetEnvironmentStringsW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize
SetEndOfFile
ReadFile
GetCurrentProcess
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
GetProcAddress
GetModuleHandleA
ExitProcess
GetVersionExA
GetProcessHeap
DeleteCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
GetModuleFileNameA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetHandleCount
GetFileType
GetStartupInfoA
WideCharToMultiByte
GetConsoleCP
RtlUnwind
CreateFileA
FlushFileBuffers
LoadLibraryA
InitializeCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW

user32

LoadCursorW
SetCursor
InflateRect
SetWindowTextW
EndDialog
GetSysColorBrush
SendMessageW
DialogBoxIndirectParamW
GetDlgItem

gdi32

SetMapMode
StartDocW
StartPage
EndPage
EndDoc
GetDeviceCaps

comdlg32

PrintDlgW

advapi32

RegCreateKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/psshutdown.exe
.exe windows:4 windows x86 arch:x86

02069cdeb9ebc09da43e4d2cd0d07e53

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:ec:9b:c0:6a:85:05:30:07:0b:d5:6b:7a:e5:d2:7a:bb:ba:65:e2
Signer

Actual PE Digest

6a:ec:9b:c0:6a:85:05:30:07:0b:d5:6b:7a:e5:d2:7a:bb:ba:65:e2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

netapi32

NetApiBufferFree
NetServerEnum

ws2_32

gethostbyname
gethostname
WSAStartup
inet_ntoa

mpr

WNetCancelConnection2A
WNetAddConnection2A

kernel32

CreateFileA
FreeLibrary
WriteFile
GetStdHandle
FormatMessageA
LoadLibraryExA
LockResource
SizeofResource
LoadResource
FindResourceA
DeleteFileA
GetSystemDirectoryA
GetComputerNameA
TerminateThread
WaitForSingleObject
GetCurrentProcess
WideCharToMultiByte
CloseHandle
GetModuleHandleA
ReadFile
GetLocalTime
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTickCount
Sleep
SetLastError
GetLastError
LocalAlloc
GetVersion
LocalFree
GetEnvironmentStrings
FreeEnvironmentStringsA
LoadLibraryA
GetProcAddress
SetFilePointer
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize
SetEndOfFile
GetModuleFileNameA
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
ExitThread
GetCurrentThreadId
CreateThread
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
ExitProcess
GetCommandLineA
GetVersionExA
GetProcessHeap
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA
MultiByteToWideChar
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
RtlUnwind
FlushFileBuffers
InitializeCriticalSection

user32

EndDialog
SetWindowTextA
LoadCursorA
SetCursor
GetSysColorBrush
SendMessageA
ExitWindowsEx
GetDlgItem
DialogBoxIndirectParamA
InflateRect

gdi32

SetMapMode
StartDocA
StartPage
EndPage
EndDoc
GetDeviceCaps

comdlg32

PrintDlgA

advapi32

LookupPrivilegeValueA
GetTokenInformation
LookupAccountSidA
OpenProcessToken
AdjustTokenPrivileges
DeleteService
ControlService
OpenSCManagerA
OpenServiceA
StartServiceA
QueryServiceStatus
CreateServiceA
CloseServiceHandle
RegCreateKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/pssuspend.exe
.exe windows:4 windows x86 arch:x86

ce3946baee4ca946ca42e16c1c6defea

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:e0:f1:bb:dd:17:25:4d:e9:cb:77:18:c7:f3:b5:b1:5a:f1:49:b7
Signer

Actual PE Digest

6a:e0:f1:bb:dd:17:25:4d:e9:cb:77:18:c7:f3:b5:b1:5a:f1:49:b7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostbyname
inet_ntoa
WSAStartup
gethostname

mpr

WNetAddConnection2A
WNetCancelConnection2A

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

kernel32

LoadLibraryA
LocalAlloc
SetLastError
GetTickCount
CreateFileA
FreeLibrary
WriteFile
GetStdHandle
FormatMessageA
LoadLibraryExA
LockResource
SizeofResource
LoadResource
FindResourceA
DeleteFileA
GetSystemDirectoryA
GetComputerNameA
TerminateThread
LocalFree
GetCurrentProcess
GetProcAddress
GetModuleFileNameA
ReadFile
GetFullPathNameA
GetCommandLineA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
Sleep
OpenProcess
GetLastError
GetVersion
CloseHandle
WaitForSingleObject
GetModuleHandleA
FreeEnvironmentStringsW
GetEnvironmentStrings
SetFilePointer
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize
SetEndOfFile
WideCharToMultiByte
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
ExitThread
GetCurrentThreadId
CreateThread
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
ExitProcess
GetVersionExA
GetProcessHeap
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LCMapStringA
MultiByteToWideChar
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
RtlUnwind
FlushFileBuffers
InitializeCriticalSection
FreeEnvironmentStringsA

user32

EndDialog
SetWindowTextA
LoadCursorA
SetCursor
InflateRect
GetSysColorBrush
GetDlgItem
DialogBoxIndirectParamA
SendMessageA

gdi32

SetMapMode
StartDocA
StartPage
EndPage
EndDoc
GetDeviceCaps

comdlg32

PrintDlgA

advapi32

DeleteService
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
ControlService
OpenSCManagerA
OpenServiceA
StartServiceA
QueryServiceStatus
CreateServiceA
CloseServiceHandle
RegCreateKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/psversion.txt
Windows Sysinternals Suite 2011.02.23/readme.txt
Windows Sysinternals Suite 2011.02.23/regjump.exe
.exe windows:4 windows x86 arch:x86

2d50cddb751176a0626607a64334a6c0

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ff:a0:a3:77:18:14:36:28:1f:4e:63:83:56:13:d0:dd:70:58:b7:f1
Signer

Actual PE Digest

ff:a0:a3:77:18:14:36:28:1f:4e:63:83:56:13:d0:dd:70:58:b7:f1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteExA

kernel32

FlushFileBuffers
SetFilePointer
GetLastError
GetStringTypeW
GetStringTypeA
WriteFile
GetCPInfo
LoadLibraryA
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
GetACP
GetOEMCP
GetProcAddress
GetModuleHandleA
RtlUnwind
LocalAlloc
HeapReAlloc
VirtualAlloc
LocalFree
OpenProcess
Sleep
SetStdHandle
GetEnvironmentStringsW
CloseHandle
HeapAlloc
HeapFree
GetCommandLineA
GetVersion
ExitProcess
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
TerminateProcess
GetCurrentProcess
HeapDestroy
HeapCreate
VirtualFree

user32

LoadCursorA
SetCursor
InflateRect
GetDlgItem
GetSysColorBrush
EndDialog
SetWindowTextA
DialogBoxIndirectParamA
EnumDisplaySettingsA
FindWindowA
WaitForInputIdle
GetWindowThreadProcessId
ShowWindow
SetForegroundWindow
FindWindowExA
SetFocus
SendMessageA

gdi32

SetMapMode
StartDocA
StartPage
EndPage
EndDoc
GetDeviceCaps

comdlg32

PrintDlgA

advapi32

RegQueryValueExA
RegSetValueExA
RegOpenKeyA
RegCloseKey
RegCreateKeyA

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/sdelete.exe
.exe windows:4 windows x86 arch:x86

f8dd17cd22c15cf622ea86852c467c6b

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3f:8d:e9:a2:1b:20:47:da:a7:65:64:4b:ab:8d:fe:a6:4b:91:09:38
Signer

Actual PE Digest

3f:8d:e9:a2:1b:20:47:da:a7:65:64:4b:ab:8d:fe:a6:4b:91:09:38

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDiskFreeSpaceA
RemoveDirectoryA
FindClose
FindNextFileA
FindFirstFileA
DeviceIoControl
ExpandEnvironmentStringsA
GetProcAddress
GetModuleHandleA
GetVersion
GetCurrentDirectoryA
GetFullPathNameA
WaitForSingleObject
WriteFile
CompareStringW
CompareStringA
SetStdHandle
GetStringTypeW
GetStringTypeA
RtlUnwind
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
CreateFileA
GetLastError
CloseHandle
DeleteFileA
VirtualAlloc
LoadLibraryA
SetFilePointer
SetEnvironmentVariableA
GetModuleFileNameA
VirtualFree
MoveFileA
FormatMessageA
LocalAlloc
LocalFree
GetTimeZoneInformation
GetSystemTime
GetLocalTime
ExitProcess
TerminateProcess
GetCurrentProcess
HeapAlloc
HeapFree
GetCommandLineA
GetCPInfo
GetACP
GetOEMCP
FlushFileBuffers
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
HeapReAlloc
UnhandledExceptionFilter

user32

GetSysColorBrush
LoadCursorA
SetCursor
InflateRect
GetDlgItem
SendMessageA
EndDialog
SetWindowTextA
DialogBoxIndirectParamA

gdi32

SetMapMode
StartDocA
StartPage
EndPage
EndDoc
GetDeviceCaps

comdlg32

PrintDlgA

advapi32

RegQueryValueExA
RegSetValueExA
RegCloseKey
RegCreateKeyA

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/sigcheck.exe
.exe windows:5 windows x86 arch:x86

451980ac60bb68035f963ec11e5106e3

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f9:33:c8:af:e5:6c:c7:1b:6e:cb:65:79:68:f2:1a:83:b3:4e:8d:3b
Signer

Actual PE Digest

f9:33:c8:af:e5:6c:c7:1b:6e:cb:65:79:68:f2:1a:83:b3:4e:8d:3b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Misc\sigcheck\Release\sigcheck.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

FreeLibrary
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceW
LoadLibraryExW
GetFileInformationByHandle
CreateFileW
ReadFile
FindClose
FindNextFileW
FindFirstFileW
GetFileAttributesW
GetModuleFileNameW
InterlockedDecrement
FileTimeToLocalFileTime
GetCurrentDirectoryW
GetLastError
GetFullPathNameW
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
CompareStringA
CreateFileA
GetTimeZoneInformation
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
HeapSize
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
GetCurrentProcess
CreateFileMappingW
MapViewOfFile
GetFileSize
CloseHandle
UnmapViewOfFile
GetProcAddress
GetCommandLineW
LocalAlloc
LoadLibraryW
LocalFree
GetModuleHandleW
SetEnvironmentVariableA
GetProcessHeap
lstrlenW
FormatMessageW
EnterCriticalSection
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
HeapAlloc
HeapFree
GetModuleHandleA
LeaveCriticalSection
RtlUnwind
DeleteCriticalSection
FatalAppExitA
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
RaiseException
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
InterlockedExchange
LoadLibraryA
SetFilePointer
LCMapStringA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID

user32

SetWindowTextW
SetCursor
InflateRect
SendMessageW
EndDialog
GetSysColorBrush
GetDlgItem
DialogBoxIndirectParamW
LoadCursorW

gdi32

SetMapMode
StartDocW
StartPage
EndPage
EndDoc
GetDeviceCaps

comdlg32

PrintDlgW

advapi32

CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegCreateKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
CryptAcquireContextW

oleaut32

SysFreeString
SysAllocString
VariantChangeType
GetErrorInfo
VariantInit
SetErrorInfo
CreateErrorInfo
VariantClear

Sections

.text
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/streams.exe
.exe windows:4 windows x86 arch:x86

e068200622901cf23a22e2b77cfb548c

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6c:d3:cc:fd:d1:aa:0e:8c:59:58:04:20:58:80:09:5b:b8:ed:45:c5
Signer

Actual PE Digest

6c:d3:cc:fd:d1:aa:0e:8c:59:58:04:20:58:80:09:5b:b8:ed:45:c5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
HeapSize
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetProcAddress
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindNextFileW
CreateFileW
FindClose
CloseHandle
DeleteFileW
GetCurrentProcess
GetLastError
FormatMessageW
LocalAlloc
LoadLibraryW
LocalFree
GetModuleHandleW
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
ExitProcess
GetVersionExA
GetProcessHeap
DeleteCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetFileType
GetStartupInfoA
Sleep
LoadLibraryA
InitializeCriticalSection
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
SetFilePointer
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

user32

DialogBoxIndirectParamW
GetDlgItem
GetSysColorBrush
EndDialog
SetWindowTextW
LoadCursorW
SetCursor
InflateRect
SendMessageW

gdi32

SetMapMode
StartDocW
StartPage
EndPage
EndDoc
GetDeviceCaps

comdlg32

PrintDlgW

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
OpenProcessToken

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/strings.exe
.exe windows:5 windows x86 arch:x86

62cbe6407326d5453381bb4b4cb15c89

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:64:0f:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/01/2009, 01:58

Not After

20/03/2010, 02:08

Subject

CN=Microsoft Corporation,OU=AOC,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

fb:2c:d8:24:dd:14:23:7d:6c:cb:ad:7a:74:f9:98:57:36:eb:e3:a3
Signer

Actual PE Digest

fb:2c:d8:24:dd:14:23:7d:6c:cb:ad:7a:74:f9:98:57:36:eb:e3:a3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Misc\strings\Release\strings.pdb

Imports

kernel32

FindNextFileA
FindFirstFileA
GetCurrentDirectoryA
GetFullPathNameA
CompareStringW
CompareStringA
FindClose
HeapSize
GetTimeZoneInformation
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InterlockedExchange
CreateFileA
GetLastError
ReadFile
SetFilePointer
CloseHandle
FormatMessageA
GetCurrentProcess
GetCommandLineW
GetProcAddress
LocalAlloc
LoadLibraryA
LocalFree
GetLocaleInfoW
GetModuleHandleA
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
FatalAppExitA
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetConsoleCtrlHandler
FreeLibrary
SetEnvironmentVariableA

user32

DialogBoxIndirectParamA
GetDlgItem
GetSysColorBrush
EndDialog
SetWindowTextA
LoadCursorA
SetCursor
InflateRect
SendMessageA

gdi32

SetMapMode
StartDocA
StartPage
EndPage
EndDoc
GetDeviceCaps

comdlg32

PrintDlgA

advapi32

RegQueryValueExA
RegSetValueExA
RegCloseKey
RegCreateKeyA

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/sync.exe
.exe windows:4 windows x86 arch:x86

9003944e49ef2848ccf4a2bfcade2941

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

53:eb:7e:4b:20:50:0b:a1:bc:54:b9:ed:e5:10:fa:f1:70:60:50:45
Signer

Actual PE Digest

53:eb:7e:4b:20:50:0b:a1:bc:54:b9:ed:e5:10:fa:f1:70:60:50:45

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
LoadLibraryA
LocalAlloc
GetModuleHandleA
GetStringTypeA
LCMapStringW
SetErrorMode
MultiByteToWideChar
Sleep
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
SetStdHandle
RtlUnwind
GetLogicalDrives
GetDriveTypeA
CreateFileA
FlushFileBuffers
CloseHandle
LCMapStringA
GetLastError
GetEnvironmentStringsW
GetEnvironmentStrings
GetFileAttributesA
DeviceIoControl
LocalFree
FormatMessageA
GetProcAddress
ExitProcess
TerminateProcess
GetCurrentProcess
HeapAlloc
HeapFree
GetCommandLineA
GetVersion
WriteFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetStringTypeW

user32

wsprintfA
LoadCursorA
SetCursor
InflateRect
GetDlgItem
GetSysColorBrush
EndDialog
SetWindowTextA
SendMessageA
DialogBoxIndirectParamA

gdi32

SetMapMode
StartDocA
StartPage
EndPage
EndDoc
GetDeviceCaps

comdlg32

PrintDlgA

advapi32

RegQueryValueExA
RegCreateKeyA
RegSetValueExA
RegCloseKey

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/tcpview.chm
.chm
Windows Sysinternals Suite 2011.02.23/vmmap.exe
.exe windows:5 windows x86 arch:x86

bd3fcab3d12387fc9ac13b368ad8e1fa

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:33:3f:39:1c:d0:7d:46:31:10:1f:ee:fe:ed:73:88:13:dd:d4:53
Signer

Actual PE Digest

51:33:3f:39:1c:d0:7d:46:31:10:1f:ee:fe:ed:73:88:13:dd:d4:53

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Vmmap\Release\vmmap.pdb

Imports

gdiplus

GdipDeleteGraphics
GdiplusStartup
GdipDeleteBrush
GdipFillRectangleI
GdipSetCompositingQuality
GdipCreateFromHDC
GdipCreateSolidFill

shlwapi

SHAutoComplete

comctl32

ImageList_DrawEx
ImageList_ReplaceIcon
ImageList_Create
ImageList_Destroy
InitCommonControlsEx
ord17
ImageList_SetBkColor

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

LockResource
GetSystemTimeAsFileTime
OpenProcess
GetEnvironmentVariableW
FindFirstFileW
SetEnvironmentVariableW
FindClose
QueryPerformanceCounter
SetEvent
ConnectNamedPipe
CreateNamedPipeW
FormatMessageW
ReadFile
GetOverlappedResult
CreateEventW
WaitForMultipleObjects
QueryPerformanceFrequency
ResumeThread
GlobalAddAtomW
GetThreadContext
GetNativeSystemInfo
IsBadReadPtr
Thread32First
GetTimeFormatW
TerminateProcess
FileTimeToSystemTime
Thread32Next
GlobalFree
Process32FirstW
OpenThread
QueryDosDeviceW
SetProcessWorkingSetSize
Process32NextW
FileTimeToLocalFileTime
GetVersion
GetCurrentProcessId
GetTempPathA
SuspendThread
CreateThread
VirtualQueryEx
DebugBreak
WriteProcessMemory
VirtualProtectEx
SetLastError
VirtualAllocEx
GetNumberFormatW
GetModuleHandleA
ExpandEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringA
SetStdHandle
SetHandleCount
GetStringTypeW
GetStringTypeA
LCMapStringW
GetConsoleMode
GetConsoleCP
GetModuleFileNameA
GetStdHandle
WriteFile
VirtualFree
HeapCreate
ExitProcess
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RaiseException
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetFileType
PeekNamedPipe
GetFileInformationByHandle
GetCurrentThreadId
ExitThread
HeapReAlloc
HeapAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcessHeap
HeapFree
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
ReadProcessMemory
SizeofResource
LoadResource
FindResourceW
DeleteCriticalSection
GetSystemInfo
CreateFileMappingW
EnterCriticalSection
GetLocaleInfoA
VirtualAlloc
CreateFileW
LeaveCriticalSection
InitializeCriticalSection
GetTickCount
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
SetFilePointer
GetFileSize
GlobalUnlock
CompareStringW
GetLocaleInfoW
GlobalAlloc
GlobalLock
LocalFree
LocalAlloc
GetCommandLineW
Module32NextW
CreateToolhelp32Snapshot
Module32FirstW
SetCurrentDirectoryW
LoadLibraryW
FreeLibrary
InterlockedIncrement
ExpandEnvironmentStringsW
DeleteFileW
CloseHandle
GetProcAddress
GetCurrentDirectoryW
GetLastError
GetModuleFileNameW
GetFileAttributesW
Sleep
GetModuleHandleW
WaitForSingleObject
GetCurrentProcess
InterlockedDecrement
CreateProcessW
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
GetTimeZoneInformation
CreateFileA
CompareStringA
SetEnvironmentVariableA
LoadLibraryA

user32

KillTimer
IsZoomed
GetSubMenu
DrawIconEx
SetForegroundWindow
IsWindowEnabled
GetMenuItemInfoW
TranslateMessage
LoadAcceleratorsW
ChildWindowFromPoint
GetMenu
IsDialogMessageW
GetWindowPlacement
CheckMenuRadioItem
UnionRect
GetWindowTextW
GetClassNameW
EnableMenuItem
GetMenuState
GetDesktopWindow
CheckDlgButton
EnumChildWindows
IsDlgButtonChecked
CreateDialogParamW
DrawMenuBar
GetActiveWindow
InsertMenuW
SetWindowTextA
DestroyIcon
DrawFrameControl
SetMenuItemInfoW
CheckMenuItem
MoveWindow
DispatchMessageW
EndPaint
GetUpdateRgn
GetFocus
BeginPaint
PostMessageW
IsIconic
RegisterWindowMessageW
PostQuitMessage
GetMessageW
SetActiveWindow
SetTimer
DestroyAcceleratorTable
TranslateAcceleratorW
SetWindowPlacement
DestroyWindow
GetDC
IntersectRect
InvalidateRect
ReleaseDC
ScrollWindowEx
SetScrollInfo
CallWindowProcW
DialogBoxParamW
GetParent
SetFocus
SetPropW
MessageBoxW
GetDlgItemTextW
SetDlgItemTextW
EnableWindow
GetPropW
ScreenToClient
SetCapture
GetCapture
RegisterClassExW
OffsetRect
SetWindowLongW
SetWindowPos
CreateWindowExW
DeferWindowPos
ReleaseCapture
BeginDeferWindowPos
EndDeferWindowPos
DefWindowProcW
FillRect
DrawTextW
DrawFocusRect
GetScrollInfo
MapWindowPoints
CloseClipboard
GetWindowRect
LoadImageW
GetClientRect
PtInRect
LoadIconW
GetWindowLongW
EmptyClipboard
GetSysColor
LoadStringW
OpenClipboard
GetSystemMetrics
UpdateWindow
SetClipboardData
SetCursor
DialogBoxIndirectParamW
LoadCursorW
InflateRect
GetDlgItem
EndDialog
GetSysColorBrush
SendMessageW
SetWindowTextW
ShowWindow
GetClassLongW
GetKeyState

gdi32

RectInRegion
GetBkColor
CreateRectRgn
CreateFontIndirectW
CombineRgn
CreateRectRgnIndirect
CreateFontW
GetObjectW
GetTextMetricsW
SelectClipRgn
Polyline
MoveToEx
BitBlt
LineTo
SetTextColor
DeleteDC
Polygon
EndDoc
StartDocW
DeleteObject
SetBkMode
GetDeviceCaps
FrameRgn
SetBkColor
StartPage
EndPage
CreateSolidBrush
GetStockObject
CreatePen
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
SetMapMode

comdlg32

PrintDlgW
GetOpenFileNameW
ChooseFontW
FindTextW
GetSaveFileNameW

advapi32

RegQueryValueExA
EnumServicesStatusExW
AdjustTokenPrivileges
LookupAccountSidW
LookupPrivilegeValueW
OpenSCManagerW
CloseServiceHandle
RegOpenKeyW
RegOpenKeyExW
FreeSid
AllocateAndInitializeSid
EqualSid
RegSetValueW
RegCreateKeyExW
GetTokenInformation
OpenProcessToken
RegCloseKey
RegQueryValueExW
RegCreateKeyW
RegSetValueExW
RegOpenKeyExA

shell32

SHGetPathFromIDListW
ShellExecuteExW
CommandLineToArgvW
ShellExecuteW
SHGetFileInfoW
SHChangeNotify
SHGetMalloc
SHGetSpecialFolderLocation
SHBrowseForFolderW

ole32

CoTaskMemFree
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
SysAllocString
SysStringLen
SysAllocStringByteLen
VariantClear
VariantInit
VariantChangeType

Sections

.text
Size: 289KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 662KB - Virtual size: 661KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows Sysinternals Suite 2011.02.23/whois.exe
.exe windows:4 windows x86 arch:x86

a5ad285d6992ccb9c3fa95c3126360e1

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ce:f7:96:86:cf:61:72:1a:84:28:84:da:43:d2:d5:60:2a:fa:f0:19
Signer

Actual PE Digest

ce:f7:96:86:cf:61:72:1a:84:28:84:da:43:d2:d5:60:2a:fa:f0:19

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

closesocket
WSAGetLastError
WSAStartup
inet_addr
gethostbyaddr
WSACleanup
gethostbyname
htons
socket
connect
send
recv

kernel32

MultiByteToWideChar
LocalFree
WriteFile
GetStdHandle
FormatMessageA
LoadLibraryA
LocalAlloc
GetModuleHandleA
GetCPInfo
GetStringTypeW
RtlUnwind
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
GetACP
GetOEMCP
GetProcAddress
SetStdHandle
FlushFileBuffers
SetFilePointer
GetStringTypeA
FreeEnvironmentStringsA
GetModuleFileNameA
ReadFile
LCMapStringA
CloseHandle
LCMapStringW
GetLastError
HeapReAlloc
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapFree
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
UnhandledExceptionFilter

user32

GetDlgItem
SendMessageA
LoadCursorA
SetCursor
InflateRect
DialogBoxIndirectParamA
GetSysColorBrush
EndDialog
SetWindowTextA

gdi32

SetMapMode
StartDocA
StartPage
EndPage
EndDoc
GetDeviceCaps

comdlg32

PrintDlgA

advapi32

RegQueryValueExA
RegCreateKeyA
RegSetValueExA
RegCloseKey

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc22a526c18358f987f144e2ac31d338

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:05:a2:30:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

2f:d4:4e:d4:2b:d9:7a:7d:c3:b0:f9:7b:8c:27:d5:6c:23:f4:3b:b4Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

netapi32

rpcrt4

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

activeds

wldap32

Sections

.text Size: 316KB - Virtual size: 315KB

.rdata Size: 63KB - Virtual size: 63KB

.data Size: 41KB - Virtual size: 49KB

.rsrc Size: 41KB - Virtual size: 40KB

d140f11cc65811212afe98adaa36a53a

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:0f:78:4d:00:00:00:00:00:03Certificate

Extended Key Usages

Key Usages

61:14:2c:a7:00:00:00:00:00:06Certificate

Extended Key Usages

Key Usages

61:14:2c:a7:00:00:00:00:00:06Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

e6:6b:93:35:a4:b0:80:6a:fb:98:bd:67:94:dc:81:9d:e7:2b:78:88Signer

Headers

File Characteristics

PDB Paths

Imports

comctl32

ws2_32

rpcrt4

psapi

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

shlwapi

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:05:a2:30:00:00:00:00:00:08
Certificate

2f:d4:4e:d4:2b:d9:7a:7d:c3:b0:f9:7b:8c:27:d5:6c:23:f4:3b:b4
Signer

.text
Size: 316KB - Virtual size: 315KB

.rdata
Size: 63KB - Virtual size: 63KB

.data
Size: 41KB - Virtual size: 49KB

.rsrc
Size: 41KB - Virtual size: 40KB

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:0f:78:4d:00:00:00:00:00:03
Certificate

61:14:2c:a7:00:00:00:00:00:06
Certificate

61:14:2c:a7:00:00:00:00:00:06
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

e6:6b:93:35:a4:b0:80:6a:fb:98:bd:67:94:dc:81:9d:e7:2b:78:88
Signer

.text
Size: 280KB - Virtual size: 279KB

.rdata
Size: 64KB - Virtual size: 62KB

.data
Size: 84KB - Virtual size: 1.9MB

.rsrc
Size: 584KB - Virtual size: 580KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

61:46:9e:cb:00:04:00:00:00:65
Certificate

bc:e2:6e:0f:15:48:9a:32:45:f6:3b:ef:ad:6d:fc:65:37:59:76:36
Signer

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 108KB - Virtual size: 110KB

.rsrc
Size: 12KB - Virtual size: 11KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:06:94:2d:00:00:00:00:00:09
Certificate

22:c5:06:e6:82:45:b3:7d:93:5e:a2:89:1e:3c:bd:fa:6a:61:fc:f6
Signer

.text
Size: 108KB - Virtual size: 107KB

.rdata
Size: 23KB - Virtual size: 22KB