Generated Invoice and Log sheet details[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

Generated Invoice and Log sheet details.rar
Size

6.5MB
MD5

5193d25ff788cc2cccb1d9984f2c0ea4
SHA1

e13474361e8c4496776c6f0f87c56bf1b673820a
SHA256

ebe21adcf65530e322c179b36f545ec2c333b29ea1487bc42da9c357010e7b6f
SHA512

dd0247abf44e1fa07cbed7e06c9917f55586861b179ac59480cf6f132e62244604981a1a1dfa4b21cc4314e694a2c9b70ffe13ada904c5a607953e6dde0d0040
SSDEEP

196608:A8EnISh3AORZ4jq6gneKwA3Nc99UaXOJ8ObRR42SMBIC3wZkrh:A8EnIcAQYhC3e9kbR5Svgwsh

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Generated Invoice and Log sheet details/api-ms-win-crt-heap-l1-1-0.dll
unpack001/Generated Invoice and Log sheet details/msvcp150.dll
unpack001/Generated Invoice and Log sheet details/tbbmalloc.dll

Files

Generated Invoice and Log sheet details.rar
.rar
Generated Invoice and Log sheet details/A Generated Invoice and Log sheet details.exe
.exe windows:6 windows x64 arch:x64

c45bd89bca4ea5ffcaae77a8592b0fb7

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-03-2023 18:43

Not After

14-03-2024 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a8:62:73:06:f9:7e:03:fc:ff:6a:2c:10:1a:fb:e9:88:f7:33:7d:c8:17:f6:18:07:4b:30:1c:e3:84:b0:b0:83
Signer

Actual PE Digest

a8:62:73:06:f9:7e:03:fc:ff:6a:2c:10:1a:fb:e9:88:f7:33:7d:c8:17:f6:18:07:4b:30:1c:e3:84:b0:b0:83

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\link.pdb

Imports

advapi32

EventWrite
EventRegister
EventUnregister
RegGetValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW

kernel32

FlushFileBuffers
CloseHandle
GetFileSize
FlushViewOfFile
UnmapViewOfFile
SetEndOfFile
LoadLibraryW
GetProcAddress
GetCurrentProcess
CreateFileMappingW
MapViewOfFileEx
SetFilePointer
DeleteFileW
GetTempPathW
GetFileInformationByHandle
WideCharToMultiByte
GetFullPathNameW
GetACP
lstrcmpiW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
GetCurrentThreadId
LeaveCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SleepConditionVariableSRW
VirtualFree
FreeLibrary
SwitchToThread
FormatMessageW
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeSListHead
InterlockedFlushSList
CreateThread
ResumeThread
WaitForSingleObject
ReadFile
InterlockedPopEntrySList
InterlockedPushEntrySList
CopyFileW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
LoadLibraryExW
GetEnvironmentVariableW
GetModuleHandleW
EncodePointer
DecodePointer
HeapAlloc
GetProcessHeap
HeapFree
GetUserDefaultUILanguage
FindFirstFileW
FindNextFileW
FindClose
CreateDirectoryW
VirtualQuery
GetSystemInfo
GetEnvironmentStringsW
SetProcessWorkingSetSize
GetCommandLineW
GetExitCodeProcess
CreateProcessW
GetModuleFileNameW
GetFileTime
RaiseFailFastException
SetErrorMode
SetConsoleCtrlHandler
GetCurrentDirectoryW
FreeEnvironmentStringsW
VirtualAlloc
SuspendThread
GetThreadContext
GetCPInfo
MultiByteToWideChar
GetFileType
GetConsoleMode
GetConsoleOutputCP
MapViewOfFile
GetConsoleScreenBufferInfo
SearchPathW
WaitForMultipleObjects
CreateMutexW
ReleaseMutex
CreateEventW
GetTickCount64
GetDriveTypeW
GetLastError
MoveFileExW
WriteFile
SetFilePointerEx
Sleep
GetFileSizeEx
ExitProcess
LoadResource
FindResourceExW
CreateFileW
WakeAllConditionVariable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
GetCurrentProcessId
GetSystemTimeAsFileTime
IsDebuggerPresent
SetFileTime
LoadLibraryExA
GetSystemTime
CreateFileMappingA
SystemTimeToFileTime
RaiseException
DebugBreak
GetFileInformationByHandleEx
AreFileApisANSI
IsDBCSLeadByte
LocalFree
SetLastError
FormatMessageA
GetFileAttributesExW
TlsFree
TlsGetValue
SleepEx
CreateSemaphoreW
HeapDestroy
TlsAlloc
HeapValidate
InitializeCriticalSection
ReleaseSemaphore
VirtualProtect
TlsSetValue
HeapCreate
LCMapStringEx

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy
_CxxThrowException
memset
memchr
memcmp
memmove
__std_terminate
__std_exception_copy
__std_exception_destroy
__current_exception_context
strchr
strstr
strrchr
_purecall
wcschr
__unDName
__unDNameEx
__C_specific_handler
wcsrchr
wcsstr
__current_exception

api-ms-win-crt-string-l1-1-0

strncmp
wcstok_s
iswspace
iswprint
_wcsnicmp
_stricmp
wcsnlen
iswdigit
wcsncmp
_wcsupr_s
_strnicmp
wcsncat_s
wcscspn
wcscat_s
wcsncpy_s
isprint
strncat_s
towlower
wcscmp
strncpy
isalnum
toupper
wcsncpy
wcspbrk
isxdigit
strcat_s
strcpy_s
strncpy_s
strcmp
_wcsicmp
iswascii
strlen
wcscpy_s
isdigit

api-ms-win-crt-stdio-l1-1-0

fputws
fputwc
fputs
__stdio_common_vswprintf
_wfdopen
_open_osfhandle
__stdio_common_vswprintf_s
setvbuf
getwchar
__p__commode
__stdio_common_vsprintf_s
__stdio_common_vswscanf
__acrt_iob_func
__stdio_common_vfprintf
fopen
ftell
fseek
fwrite
fclose
_wfsopen
fread
_set_fmode
fflush
__stdio_common_vsnprintf_s
__stdio_common_vfwprintf
__stdio_common_vsscanf
_isatty
fgetws
__stdio_common_vsnwprintf_s
_fileno
_filelength
_get_osfhandle

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_get_errno
__doserrno
_invalid_parameter_noinfo
_get_wpgmptr
_crt_atexit
_register_onexit_function
_set_new_handler
_errno
exit
terminate
_initialize_onexit_table
_beginthreadex
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___wargv
__p___argc
__p__wpgmptr
_exit
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
_set_invalid_parameter_handler

api-ms-win-crt-convert-l1-1-0

wcstol
atoi
_ultow_s
atol
_ui64tow_s
_itoa_s
_wtoi64
wcstoul
_wcstoui64
_ultoa_s
strtoul
_itow_s

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath_s
_wfullpath
_waccess
_wmakepath_s
_wremove
_wstat64
_wstat64i32

api-ms-win-crt-time-l1-1-0

_tzset
_wctime64
_time64
clock

api-ms-win-crt-environment-l1-1-0

_wgetcwd
_wdupenv_s
_wsearchenv_s
getenv
_wgetenv_s
_wputenv_s

api-ms-win-crt-utility-l1-1-0

qsort
qsort_s
bsearch

api-ms-win-crt-heap-l1-1-0

free
malloc
_set_new_mode
calloc

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
___lc_codepage_func
setlocale

api-ms-win-crt-conio-l1-1-0

_cputs
_putwch
__conio_common_vcprintf
__conio_common_vcwprintf
_cputws

api-ms-win-crt-math-l1-1-0

ceilf
__setusermatherr

psapi

GetProcessMemoryInfo

msvcp140

?_Xbad_alloc@std@@YAXXZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??Bios_base@std@@QEBA_NXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?id@?$ctype@G@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?width@ios_base@std@@QEBA_JXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?is@?$ctype@G@std@@QEBA_NFG@Z
?width@ios_base@std@@QEAA_J_J@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
_Xtime_get_ticks
_Mtx_current_owns
_Cnd_timedwait
_Query_perf_frequency
_Query_perf_counter
_Cnd_do_broadcast_at_thread_exit
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
_Cnd_unregister_at_thread_exit
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
_Thrd_hardware_concurrency
_Thrd_id
_Thrd_join
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_detach
?_Syserror_map@std@@YAPEBDH@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
_Cnd_init_in_situ
?_Winerror_map@std@@YAHH@Z
_Cnd_wait
_Mtx_init_in_situ
_Mtx_destroy_in_situ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
_Cnd_register_at_thread_exit
_Cnd_broadcast
_Cnd_signal
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
?_Xlength_error@std@@YAXPEBD@Z
_Cnd_destroy_in_situ

tbbmalloc

scalable_malloc
scalable_realloc
scalable_free

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 345KB - Virtual size: 345KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Generated Invoice and Log sheet details/api-ms-win-crt-filesystem-l1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:04:3a:75:e5:2f:9e:0b:29:98:1e:00:00:00:00:04:3a
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:25

Not After

01-09-2022 18:25

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:29:d3:29:19:c8:62:38:6a:b7:77:91:f7:e5:bb:b4:de:78:7b:29
Certificate

Issuer

CN=ESET Code Signing CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

19-07-2020 00:00

Not After

19-07-2023 00:00

Subject

CN=ESET\, spol. s r.o.,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7d:90:d1:7c:6b:36:ca:f6:8f:b9:b7:2f:65:68:b8:22:3d:30:2d:a8
Certificate

Issuer

CN=ESET Root Certificate Authority 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

17-07-2020 00:00

Not After

17-07-2030 00:00

Subject

CN=ESET Code Signing CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1f:d8:47:f9:7a:4d:60:55:54:9f:7c:d2:22:cf:46:53:9e:7b:34
Certificate

Issuer

CN=ESET Root Certificate Authority 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

15-07-2020 00:00

Not After

15-07-2045 00:00

Subject

CN=ESET Root Certificate Authority 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:79:73:ba:c8:77:a9:31:6b:52:06:18:77:49:4b:9f:1a:b2:6c:bc
Certificate

Issuer

CN=ESET Timestamping CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

18-07-2020 00:00

Not After

18-07-2023 00:00

Subject

CN=ESET Timestamp,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

76:79:fc:14:55:72:11:3a:f7:92:d1:f4:af:3c:4e:3a:8a:8a:6e:38
Certificate

Issuer

CN=ESET Root Certificate Authority 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

16-07-2020 00:00

Not After

16-07-2030 00:00

Subject

CN=ESET Timestamping CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:8b:9d:b9:62:86:e4:b7:e3:78:de:8c:c0:63:ba:68:14:d0:14:6b:4b:a0:1b:42:05:f6:c7:16:41:ce:c6:17
Signer

Actual PE Digest

78:8b:9d:b9:62:86:e4:b7:e3:78:de:8c:c0:63:ba:68:14:d0:14:6b:4b:a0:1b:42:05:f6:c7:16:41:ce:c6:17

Digest Algorithm

sha256

PE Digest Matches

true

78:8b:9d:b9:62:86:e4:b7:e3:78:de:8c:c0:63:ba:68:14:d0:14:6b:4b:a0:1b:42:05:f6:c7:16:41:ce:c6:17
Signer

Actual PE Digest

78:8b:9d:b9:62:86:e4:b7:e3:78:de:8c:c0:63:ba:68:14:d0:14:6b:4b:a0:1b:42:05:f6:c7:16:41:ce:c6:17

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-filesystem-l1-1-0.pdb

Exports

Exports

_access
_access_s
_chdir
_chdrive
_chmod
_findclose
_findfirst32
_findfirst32i64
_findfirst64
_findfirst64i32
_findnext32
_findnext32i64
_findnext64
_findnext64i32
_fstat32
_fstat32i64
_fstat64
_fstat64i32
_fullpath
_getdiskfree
_getdrive
_getdrives
_lock_file
_makepath
_makepath_s
_mkdir
_rmdir
_splitpath
_splitpath_s
_stat32
_stat32i64
_stat64
_stat64i32
_umask
_umask_s
_unlink
_unlock_file
_waccess
_waccess_s
_wchdir
_wchmod
_wfindfirst32
_wfindfirst32i64
_wfindfirst64
_wfindfirst64i32
_wfindnext32
_wfindnext32i64
_wfindnext64
_wfindnext64i32
_wfullpath
_wmakepath
_wmakepath_s
_wmkdir
_wremove
_wrename
_wrmdir
_wsplitpath
_wsplitpath_s
_wstat32
_wstat32i64
_wstat64
_wstat64i32
_wunlink
remove
rename

Sections

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Generated Invoice and Log sheet details/api-ms-win-crt-heap-l1-1-0.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-heap-l1-1-0.pdb

Exports

Exports

_aligned_free
_aligned_malloc
_aligned_msize
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_offset_recalloc
_aligned_realloc
_aligned_recalloc
_callnewh
_calloc_base
_expand
_free_base
_get_heap_handle
_heapchk
_heapmin
_heapwalk
_malloc_base
_msize
_query_new_handler
_query_new_mode
_realloc_base
_recalloc
_set_new_mode
calloc
free
malloc
realloc

Sections

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Generated Invoice and Log sheet details/api-ms-win-crt-locale-l1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:04:3a:75:e5:2f:9e:0b:29:98:1e:00:00:00:00:04:3a
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:25

Not After

01-09-2022 18:25

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:29:d3:29:19:c8:62:38:6a:b7:77:91:f7:e5:bb:b4:de:78:7b:29
Certificate

Issuer

CN=ESET Code Signing CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

19-07-2020 00:00

Not After

19-07-2023 00:00

Subject

CN=ESET\, spol. s r.o.,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7d:90:d1:7c:6b:36:ca:f6:8f:b9:b7:2f:65:68:b8:22:3d:30:2d:a8
Certificate

Issuer

CN=ESET Root Certificate Authority 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

17-07-2020 00:00

Not After

17-07-2030 00:00

Subject

CN=ESET Code Signing CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1f:d8:47:f9:7a:4d:60:55:54:9f:7c:d2:22:cf:46:53:9e:7b:34
Certificate

Issuer

CN=ESET Root Certificate Authority 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

15-07-2020 00:00

Not After

15-07-2045 00:00

Subject

CN=ESET Root Certificate Authority 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:79:73:ba:c8:77:a9:31:6b:52:06:18:77:49:4b:9f:1a:b2:6c:bc
Certificate

Issuer

CN=ESET Timestamping CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

18-07-2020 00:00

Not After

18-07-2023 00:00

Subject

CN=ESET Timestamp,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

76:79:fc:14:55:72:11:3a:f7:92:d1:f4:af:3c:4e:3a:8a:8a:6e:38
Certificate

Issuer

CN=ESET Root Certificate Authority 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

16-07-2020 00:00

Not After

16-07-2030 00:00

Subject

CN=ESET Timestamping CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:b8:48:d5:be:ff:d9:4e:25:79:3b:6b:29:c7:f3:9c:48:8b:d6:d9:f9:25:d2:42:3a:fa:19:f1:88:33:8d:27
Signer

Actual PE Digest

7b:b8:48:d5:be:ff:d9:4e:25:79:3b:6b:29:c7:f3:9c:48:8b:d6:d9:f9:25:d2:42:3a:fa:19:f1:88:33:8d:27

Digest Algorithm

sha256

PE Digest Matches

true

7b:b8:48:d5:be:ff:d9:4e:25:79:3b:6b:29:c7:f3:9c:48:8b:d6:d9:f9:25:d2:42:3a:fa:19:f1:88:33:8d:27
Signer

Actual PE Digest

7b:b8:48:d5:be:ff:d9:4e:25:79:3b:6b:29:c7:f3:9c:48:8b:d6:d9:f9:25:d2:42:3a:fa:19:f1:88:33:8d:27

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-locale-l1-1-0.pdb

Exports

Exports

___lc_codepage_func
___lc_collate_cp_func
___lc_locale_name_func
___mb_cur_max_func
___mb_cur_max_l_func
__initialize_lconv_for_unsigned_char
__pctype_func
__pwctype_func
_configthreadlocale
_create_locale
_free_locale
_get_current_locale
_getmbcp
_lock_locales
_setmbcp
_unlock_locales
_wcreate_locale
_wsetlocale
localeconv
setlocale

Sections

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Generated Invoice and Log sheet details/api-ms-win-crt-math-l1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:04:3a:75:e5:2f:9e:0b:29:98:1e:00:00:00:00:04:3a
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:25

Not After

01-09-2022 18:25

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:29:d3:29:19:c8:62:38:6a:b7:77:91:f7:e5:bb:b4:de:78:7b:29
Certificate

Issuer

CN=ESET Code Signing CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

19-07-2020 00:00

Not After

19-07-2023 00:00

Subject

CN=ESET\, spol. s r.o.,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7d:90:d1:7c:6b:36:ca:f6:8f:b9:b7:2f:65:68:b8:22:3d:30:2d:a8
Certificate

Issuer

CN=ESET Root Certificate Authority 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

17-07-2020 00:00

Not After

17-07-2030 00:00

Subject

CN=ESET Code Signing CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1f:d8:47:f9:7a:4d:60:55:54:9f:7c:d2:22:cf:46:53:9e:7b:34
Certificate

Issuer

CN=ESET Root Certificate Authority 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

15-07-2020 00:00

Not After

15-07-2045 00:00

Subject

CN=ESET Root Certificate Authority 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:79:73:ba:c8:77:a9:31:6b:52:06:18:77:49:4b:9f:1a:b2:6c:bc
Certificate

Issuer

CN=ESET Timestamping CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

18-07-2020 00:00

Not After

18-07-2023 00:00

Subject

CN=ESET Timestamp,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

76:79:fc:14:55:72:11:3a:f7:92:d1:f4:af:3c:4e:3a:8a:8a:6e:38
Certificate

Issuer

CN=ESET Root Certificate Authority 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

16-07-2020 00:00

Not After

16-07-2030 00:00

Subject

CN=ESET Timestamping CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

70:02:7c:10:4e:75:89:dd:d2:ee:33:7c:5c:81:ba:6b:04:93:16:39:0a:a0:02:3a:34:1e:3d:ec:6a:22:aa:16
Signer

Actual PE Digest

70:02:7c:10:4e:75:89:dd:d2:ee:33:7c:5c:81:ba:6b:04:93:16:39:0a:a0:02:3a:34:1e:3d:ec:6a:22:aa:16

Digest Algorithm

sha256

PE Digest Matches

true

70:02:7c:10:4e:75:89:dd:d2:ee:33:7c:5c:81:ba:6b:04:93:16:39:0a:a0:02:3a:34:1e:3d:ec:6a:22:aa:16
Signer

Actual PE Digest

70:02:7c:10:4e:75:89:dd:d2:ee:33:7c:5c:81:ba:6b:04:93:16:39:0a:a0:02:3a:34:1e:3d:ec:6a:22:aa:16

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-math-l1-1-0.pdb

Exports

Exports

_Cbuild
_Cmulcc
_Cmulcr
_FCbuild
_FCmulcc
_FCmulcr
_LCbuild
_LCmulcc
_LCmulcr
__setusermatherr
_cabs
_chgsign
_chgsignf
_copysign
_copysignf
_d_int
_dclass
_dexp
_dlog
_dnorm
_dpcomp
_dpoly
_dscale
_dsign
_dsin
_dtest
_dunscale
_except1
_fd_int
_fdclass
_fdexp
_fdlog
_fdnorm
_fdopen
_fdpcomp
_fdpoly
_fdscale
_fdsign
_fdsin
_fdtest
_fdunscale
_finite
_finitef
_fpclass
_fpclassf
_get_FMA3_enable
_hypot
_hypotf
_isnan
_isnanf
_j0
_j1
_jn
_ld_int
_ldclass
_ldexp
_ldlog
_ldpcomp
_ldpoly
_ldscale
_ldsign
_ldsin
_ldtest
_ldunscale
_logb
_logbf
_nextafter
_nextafterf
_scalb
_scalbf
_set_FMA3_enable
_y0
_y1
_yn
acos
acosf
acosh
acoshf
acoshl
asin
asinf
asinh
asinhf
asinhl
atan
atan2
atan2f
atanf
atanh
atanhf
atanhl
cabs
cabsf
cabsl
cacos
cacosf
cacosh
cacoshf
cacoshl
cacosl
carg
cargf
cargl
casin
casinf
casinh
casinhf
casinhl
casinl
catan
catanf
catanh
catanhf
catanhl
catanl
cbrt
cbrtf
cbrtl
ccos
ccosf
ccosh
ccoshf
ccoshl
ccosl
ceil
ceilf
cexp
cexpf
cexpl
cimag
cimagf
cimagl
clog
clog10
clog10f
clog10l
clogf
clogl
conj
conjf
conjl
copysign
copysignf
copysignl
cos
cosf
cosh
coshf
cpow
cpowf
cpowl
cproj
cprojf
cprojl
creal
crealf
creall
csin
csinf
csinh
csinhf
csinhl
csinl
csqrt
csqrtf
csqrtl
ctan
ctanf
ctanh
ctanhf
ctanhl
ctanl
erf
erfc
erfcf
erfcl
erff
erfl
exp
exp2
exp2f
exp2l
expf
expm1
expm1f
expm1l
fabs
fdim
fdimf
fdiml
floor
floorf
fma
fmaf
fmal
fmax
fmaxf
fmaxl
fmin
fminf
fminl
fmod
fmodf
frexp
hypot
ilogb
ilogbf
ilogbl
ldexp
lgamma
lgammaf
lgammal
llrint
llrintf
llrintl
llround
llroundf
llroundl
log
log10
log10f
log1p
log1pf
log1pl
log2
log2f
log2l
logb
logbf
logbl
logf
lrint
lrintf
lrintl
lround
lroundf
lroundl
modf
modff
nan
nanf
nanl
nearbyint
nearbyintf
nearbyintl
nextafter
nextafterf
nextafterl
nexttoward
nexttowardf
nexttowardl
norm
normf
norml
pow
powf
remainder
remainderf
remainderl
remquo
remquof
remquol
rint
rintf
rintl
round
roundf
roundl
scalbln
scalblnf
scalblnl
scalbn
scalbnf
scalbnl
sin
sinf
sinh
sinhf
sqrt
sqrtf
tan
tanf
tanh
tanhf
tgamma
tgammaf
tgammal
trunc
truncf
truncl

Sections

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Generated Invoice and Log sheet details/api-ms-win-crt-multibyte-l1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:04:3a:75:e5:2f:9e:0b:29:98:1e:00:00:00:00:04:3a
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:25

Not After

01-09-2022 18:25

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:29:d3:29:19:c8:62:38:6a:b7:77:91:f7:e5:bb:b4:de:78:7b:29
Certificate

Issuer

CN=ESET Code Signing CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

19-07-2020 00:00

Not After

19-07-2023 00:00

Subject

CN=ESET\, spol. s r.o.,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7d:90:d1:7c:6b:36:ca:f6:8f:b9:b7:2f:65:68:b8:22:3d:30:2d:a8
Certificate

Issuer

CN=ESET Root Certificate Authority 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

17-07-2020 00:00

Not After

17-07-2030 00:00

Subject

CN=ESET Code Signing CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1f:d8:47:f9:7a:4d:60:55:54:9f:7c:d2:22:cf:46:53:9e:7b:34
Certificate

Issuer

CN=ESET Root Certificate Authority 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

15-07-2020 00:00

Not After

15-07-2045 00:00

Subject

CN=ESET Root Certificate Authority 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:79:73:ba:c8:77:a9:31:6b:52:06:18:77:49:4b:9f:1a:b2:6c:bc
Certificate

Issuer

CN=ESET Timestamping CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

18-07-2020 00:00

Not After

18-07-2023 00:00

Subject

CN=ESET Timestamp,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

76:79:fc:14:55:72:11:3a:f7:92:d1:f4:af:3c:4e:3a:8a:8a:6e:38
Certificate

Issuer

CN=ESET Root Certificate Authority 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

16-07-2020 00:00

Not After

16-07-2030 00:00

Subject

CN=ESET Timestamping CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f0:ed:2e:0c:9a:dc:f5:43:8a:00:97:da:6e:40:ad:db:14:3f:66:10:dc:e7:14:9b:70:b0:bd:da:78:fa:5f:da
Signer

Actual PE Digest

f0:ed:2e:0c:9a:dc:f5:43:8a:00:97:da:6e:40:ad:db:14:3f:66:10:dc:e7:14:9b:70:b0:bd:da:78:fa:5f:da

Digest Algorithm

sha256

PE Digest Matches

true

f0:ed:2e:0c:9a:dc:f5:43:8a:00:97:da:6e:40:ad:db:14:3f:66:10:dc:e7:14:9b:70:b0:bd:da:78:fa:5f:da
Signer

Actual PE Digest

f0:ed:2e:0c:9a:dc:f5:43:8a:00:97:da:6e:40:ad:db:14:3f:66:10:dc:e7:14:9b:70:b0:bd:da:78:fa:5f:da

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-multibyte-l1-1-0.pdb

Exports

Exports

__p__mbcasemap
__p__mbctype
_ismbbalnum
_ismbbalnum_l
_ismbbalpha
_ismbbalpha_l
_ismbbblank
_ismbbblank_l
_ismbbgraph
_ismbbgraph_l
_ismbbkalnum
_ismbbkalnum_l
_ismbbkana
_ismbbkana_l
_ismbbkprint
_ismbbkprint_l
_ismbbkpunct
_ismbbkpunct_l
_ismbblead
_ismbblead_l
_ismbbprint
_ismbbprint_l
_ismbbpunct
_ismbbpunct_l
_ismbbtrail
_ismbbtrail_l
_ismbcalnum
_ismbcalnum_l
_ismbcalpha
_ismbcalpha_l
_ismbcblank
_ismbcblank_l
_ismbcdigit
_ismbcdigit_l
_ismbcgraph
_ismbcgraph_l
_ismbchira
_ismbchira_l
_ismbckata
_ismbckata_l
_ismbcl0
_ismbcl0_l
_ismbcl1
_ismbcl1_l
_ismbcl2
_ismbcl2_l
_ismbclegal
_ismbclegal_l
_ismbclower
_ismbclower_l
_ismbcprint
_ismbcprint_l
_ismbcpunct
_ismbcpunct_l
_ismbcspace
_ismbcspace_l
_ismbcsymbol
_ismbcsymbol_l
_ismbcupper
_ismbcupper_l
_ismbslead
_ismbslead_l
_ismbstrail
_ismbstrail_l
_mbbtombc
_mbbtombc_l
_mbbtype
_mbbtype_l
_mbcasemap
_mbccpy
_mbccpy_l
_mbccpy_s
_mbccpy_s_l
_mbcjistojms
_mbcjistojms_l
_mbcjmstojis
_mbcjmstojis_l
_mbclen
_mbclen_l
_mbctohira
_mbctohira_l
_mbctokata
_mbctokata_l
_mbctolower
_mbctolower_l
_mbctombb
_mbctombb_l
_mbctoupper
_mbctoupper_l
_mblen_l
_mbsbtype
_mbsbtype_l
_mbscat_s
_mbscat_s_l
_mbschr
_mbschr_l
_mbscmp
_mbscmp_l
_mbscoll
_mbscoll_l
_mbscpy_s
_mbscpy_s_l
_mbscspn
_mbscspn_l
_mbsdec
_mbsdec_l
_mbsdup
_mbsicmp
_mbsicmp_l
_mbsicoll
_mbsicoll_l
_mbsinc
_mbsinc_l
_mbslen
_mbslen_l
_mbslwr
_mbslwr_l
_mbslwr_s
_mbslwr_s_l
_mbsnbcat
_mbsnbcat_l
_mbsnbcat_s
_mbsnbcat_s_l
_mbsnbcmp
_mbsnbcmp_l
_mbsnbcnt
_mbsnbcnt_l
_mbsnbcoll
_mbsnbcoll_l
_mbsnbcpy
_mbsnbcpy_l
_mbsnbcpy_s
_mbsnbcpy_s_l
_mbsnbicmp
_mbsnbicmp_l
_mbsnbicoll
_mbsnbicoll_l
_mbsnbset
_mbsnbset_l
_mbsnbset_s
_mbsnbset_s_l
_mbsncat
_mbsncat_l
_mbsncat_s
_mbsncat_s_l
_mbsnccnt
_mbsnccnt_l
_mbsncmp
_mbsncmp_l
_mbsncoll
_mbsncoll_l
_mbsncpy
_mbsncpy_l
_mbsncpy_s
_mbsncpy_s_l
_mbsnextc
_mbsnextc_l
_mbsnicmp
_mbsnicmp_l
_mbsnicoll
_mbsnicoll_l
_mbsninc
_mbsninc_l
_mbsnlen
_mbsnlen_l
_mbsnset
_mbsnset_l
_mbsnset_s
_mbsnset_s_l
_mbspbrk
_mbspbrk_l
_mbsrchr
_mbsrchr_l
_mbsrev
_mbsrev_l
_mbsset
_mbsset_l
_mbsset_s
_mbsset_s_l
_mbsspn
_mbsspn_l
_mbsspnp
_mbsspnp_l
_mbsstr
_mbsstr_l
_mbstok
_mbstok_l
_mbstok_s
_mbstok_s_l
_mbstowcs_l
_mbstowcs_s_l
_mbstrlen
_mbstrlen_l
_mbstrnlen
_mbstrnlen_l
_mbsupr
_mbsupr_l
_mbsupr_s
_mbsupr_s_l
_mbtowc_l

Sections

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Generated Invoice and Log sheet details/api-ms-win-crt-time-l1-1-0.dll
.dll .ps1 windows:10 windows x64 arch:x64 polyglot

Code Sign

33:00:00:04:3a:75:e5:2f:9e:0b:29:98:1e:00:00:00:00:04:3a
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:25

Not After

01-09-2022 18:25

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:29:d3:29:19:c8:62:38:6a:b7:77:91:f7:e5:bb:b4:de:78:7b:29
Certificate

Issuer

CN=ESET Code Signing CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

19-07-2020 00:00

Not After

19-07-2023 00:00

Subject

CN=ESET\, spol. s r.o.,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7d:90:d1:7c:6b:36:ca:f6:8f:b9:b7:2f:65:68:b8:22:3d:30:2d:a8
Certificate

Issuer

CN=ESET Root Certificate Authority 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

17-07-2020 00:00

Not After

17-07-2030 00:00

Subject

CN=ESET Code Signing CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1f:d8:47:f9:7a:4d:60:55:54:9f:7c:d2:22:cf:46:53:9e:7b:34
Certificate

Issuer

CN=ESET Root Certificate Authority 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

15-07-2020 00:00

Not After

15-07-2045 00:00

Subject

CN=ESET Root Certificate Authority 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:79:73:ba:c8:77:a9:31:6b:52:06:18:77:49:4b:9f:1a:b2:6c:bc
Certificate

Issuer

CN=ESET Timestamping CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

18-07-2020 00:00

Not After

18-07-2023 00:00

Subject

CN=ESET Timestamp,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

76:79:fc:14:55:72:11:3a:f7:92:d1:f4:af:3c:4e:3a:8a:8a:6e:38
Certificate

Issuer

CN=ESET Root Certificate Authority 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

16-07-2020 00:00

Not After

16-07-2030 00:00

Subject

CN=ESET Timestamping CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8f:31:fb:6b:b1:c3:d4:83:15:19:d5:d3:10:83:68:b2:2c:01:60:9c:e8:3c:7c:b0:56:f6:c0:98:12:57:a8:50
Signer

Actual PE Digest

8f:31:fb:6b:b1:c3:d4:83:15:19:d5:d3:10:83:68:b2:2c:01:60:9c:e8:3c:7c:b0:56:f6:c0:98:12:57:a8:50

Digest Algorithm

sha256

PE Digest Matches

true

8f:31:fb:6b:b1:c3:d4:83:15:19:d5:d3:10:83:68:b2:2c:01:60:9c:e8:3c:7c:b0:56:f6:c0:98:12:57:a8:50
Signer

Actual PE Digest

8f:31:fb:6b:b1:c3:d4:83:15:19:d5:d3:10:83:68:b2:2c:01:60:9c:e8:3c:7c:b0:56:f6:c0:98:12:57:a8:50

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-time-l1-1-0.pdb

Exports

Exports

_Getdays
_Getmonths
_Gettnames
_Strftime
_W_Getdays
_W_Getmonths
_W_Gettnames
_Wcsftime
__daylight
__dstbias
__timezone
__tzname
_ctime32
_ctime32_s
_ctime64
_ctime64_s
_difftime32
_difftime64
_ftime32
_ftime32_s
_ftime64
_ftime64_s
_futime32
_futime64
_get_daylight
_get_dstbias
_get_timezone
_get_tzname
_getsystime
_gmtime32
_gmtime32_s
_gmtime64
_gmtime64_s
_localtime32
_localtime32_s
_localtime64
_localtime64_s
_mkgmtime32
_mkgmtime64
_mktime32
_mktime64
_setsystime
_strdate
_strdate_s
_strftime_l
_strtime
_strtime_s
_time32
_time64
_timespec32_get
_timespec64_get
_tzset
_utime32
_utime64
_wasctime
_wasctime_s
_wcsftime_l
_wctime32
_wctime32_s
_wctime64
_wctime64_s
_wstrdate
_wstrdate_s
_wstrtime
_wstrtime_s
_wutime32
_wutime64
asctime
asctime_s
clock
strftime
wcsftime

Sections

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Generated Invoice and Log sheet details/api-ms-win-crt-utility-l1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:04:39:f6:1f:7a:67:6d:a0:00:af:00:00:00:00:04:39
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:25

Not After

01-09-2022 18:25

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:29:d3:29:19:c8:62:38:6a:b7:77:91:f7:e5:bb:b4:de:78:7b:29
Certificate

Issuer

CN=ESET Code Signing CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

19-07-2020 00:00

Not After

19-07-2023 00:00

Subject

CN=ESET\, spol. s r.o.,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7d:90:d1:7c:6b:36:ca:f6:8f:b9:b7:2f:65:68:b8:22:3d:30:2d:a8
Certificate

Issuer

CN=ESET Root Certificate Authority 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

17-07-2020 00:00

Not After

17-07-2030 00:00

Subject

CN=ESET Code Signing CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1f:d8:47:f9:7a:4d:60:55:54:9f:7c:d2:22:cf:46:53:9e:7b:34
Certificate

Issuer

CN=ESET Root Certificate Authority 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

15-07-2020 00:00

Not After

15-07-2045 00:00

Subject

CN=ESET Root Certificate Authority 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:79:73:ba:c8:77:a9:31:6b:52:06:18:77:49:4b:9f:1a:b2:6c:bc
Certificate

Issuer

CN=ESET Timestamping CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

18-07-2020 00:00

Not After

18-07-2023 00:00

Subject

CN=ESET Timestamp,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

76:79:fc:14:55:72:11:3a:f7:92:d1:f4:af:3c:4e:3a:8a:8a:6e:38
Certificate

Issuer

CN=ESET Root Certificate Authority 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

16-07-2020 00:00

Not After

16-07-2030 00:00

Subject

CN=ESET Timestamping CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

64:85:25:27:60:bc:45:6a:97:41:1f:f7:d0:00:47:00:41:a2:b3:bf:4f:1d:2f:21:1b:36:6d:25:c2:63:51:f1
Signer

Actual PE Digest

64:85:25:27:60:bc:45:6a:97:41:1f:f7:d0:00:47:00:41:a2:b3:bf:4f:1d:2f:21:1b:36:6d:25:c2:63:51:f1

Digest Algorithm

sha256

PE Digest Matches

true

64:85:25:27:60:bc:45:6a:97:41:1f:f7:d0:00:47:00:41:a2:b3:bf:4f:1d:2f:21:1b:36:6d:25:c2:63:51:f1
Signer

Actual PE Digest

64:85:25:27:60:bc:45:6a:97:41:1f:f7:d0:00:47:00:41:a2:b3:bf:4f:1d:2f:21:1b:36:6d:25:c2:63:51:f1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-utility-l1-1-0.pdb

Exports

Exports

_abs64
_byteswap_uint64
_byteswap_ulong
_byteswap_ushort
_lfind
_lfind_s
_lrotl
_lrotr
_lsearch
_lsearch_s
_rotl
_rotl64
_rotr
_rotr64
_swab
abs
bsearch
bsearch_s
div
imaxabs
imaxdiv
labs
ldiv
llabs
lldiv
qsort
qsort_s
rand
rand_s
srand

Sections

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Generated Invoice and Log sheet details/d3dx9_43_core.dll
Generated Invoice and Log sheet details/dpcmi.dll
.dll windows:6 windows x64 arch:x64

af0027f7ba9dcd83af910098c1359146

Code Sign

33:00:00:03:4d:4e:91:a6:1a:28:b0:78:8f:00:00:00:00:03:4d
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-03-2023 18:43

Not After

14-03-2024 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

85:3b:a4:84:b5:15:45:23:9f:35:c2:e2:8d:67:af:60:cd:88:45:36:54:ef:59:63:52:be:f5:7a:b0:11:32:0d
Signer

Actual PE Digest

85:3b:a4:84:b5:15:45:23:9f:35:c2:e2:8d:67:af:60:cd:88:45:36:54:ef:59:63:52:be:f5:7a:b0:11:32:0d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\dpcmi.pdb

Imports

ole32

CoTaskMemFree

kernel32

FindClose
WriteConsoleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle

Exports

Exports

Get

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Generated Invoice and Log sheet details/msobj140.dll
.dll windows:6 windows x64 arch:x64

75a51bccbe8ad1e19ce5e542fe0061a4

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-03-2023 18:43

Not After

14-03-2024 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

58:1c:7a:73:9e:cc:66:3b:03:be:ae:a2:7a:d6:bb:e0:7c:40:26:56:78:20:91:9e:93:1b:ce:98:a6:48:6d:d1
Signer

Actual PE Digest

58:1c:7a:73:9e:cc:66:3b:03:be:ae:a2:7a:d6:bb:e0:7c:40:26:56:78:20:91:9e:93:1b:ce:98:a6:48:6d:d1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\msobj140.pdb

Imports

kernel32

SetLastError
WideCharToMultiByte
MultiByteToWideChar
UnmapViewOfFile
CreateFileW
GetFileSize
CreateFileMappingW
MapViewOfFile
CloseHandle
VirtualFree
VirtualAlloc
GetSystemInfo
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
RtlCaptureContext
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime

vcruntime140

memset
__std_type_info_destroy_list
__C_specific_handler
__unDName
strrchr
strchr
_purecall
memcmp
memcpy

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc

api-ms-win-crt-string-l1-1-0

wcscpy_s
_stricmp
strcpy_s
strlen
strncmp
strncpy_s
strcmp
wcsncpy_s
_strnicmp

api-ms-win-crt-filesystem-l1-1-0

_splitpath_s

api-ms-win-crt-stdio-l1-1-0

_open
_wopen
__stdio_common_vsscanf
_tell
_write
_wsopen
_read
_close
_lseek

api-ms-win-crt-convert-l1-1-0

strtoul
atoi

api-ms-win-crt-utility-l1-1-0

bsearch

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initterm_e
_initialize_onexit_table
_initterm
_execute_onexit_table
_cexit
_seh_filter_dll
_initialize_narrow_environment

tbbmalloc

scalable_free
scalable_malloc

Exports

Exports

?FCreate2@ObjectCode@objf@@SA_NAEAV?$RefPtr@VObjectCode@objf@@@@KPEBD1KK@Z
?FCreate2W@ObjectCode@objf@@SA_NAEAV?$RefPtr@VObjectCode@objf@@@@KPEBG1KK@Z
?FCreate@Image@objf@@SA_NAEAV?$RefPtr@UImage@objf@@@@KPEBD@Z
?FCreate@Image@objf@@SA_NAEAV?$RefPtr@UImage@objf@@@@PEAEJK@Z
?FCreate@Library@objf@@SA_NAEAV?$RefPtr@ULibrary@objf@@@@KPEBD@Z
?FCreate@ObjectCode@objf@@SA_NAEAV?$RefPtr@VObjectCode@objf@@@@KPEBD1@Z
?FCreateFromBytes@ObjectCode@objf@@SA_NAEAV?$RefPtr@VObjectCode@objf@@@@KPEAEKPEBD2KK@Z
?FCreateFromBytesW@ObjectCode@objf@@SA_NAEAV?$RefPtr@VObjectCode@objf@@@@KPEAEKPEBG2KK@Z
?FCreateReader@IDebugSSectionReader@@SA_NPEAE_KPEAPEAV1@K@Z
?FCreateReader@IDebugSSectionReader@@SA_NPEAE_KPEAPEAV1@KPEAW4DSR_EC@@@Z
?FCreateW@Image@objf@@SA_NAEAV?$RefPtr@UImage@objf@@@@KPEBG@Z
?FCreateW@Library@objf@@SA_NAEAV?$RefPtr@ULibrary@objf@@@@KPEBG@Z
?FCreateW@ObjectCode@objf@@SA_NAEAV?$RefPtr@VObjectCode@objf@@@@KPEBG1@Z
?FCreateWriter@IDebugSSectionWriter@@SA_N_NPEAPEAV1@K0@Z
?get@FunctionSymbols@@SA_NAEAV?$RefPtr@VSection@objf@@@@PEAPEAU1@@Z
?get@FunctionSymbols@@SA_NPEBDPEAVObjectCode@objf@@PEAPEAU1@@Z
ESVGet
ESVNext
ESVRelease
ESVReset
FSGetEnumLocals
FSGetEnumParams
FSGetFrameInfo
FSRelease
FuncSymsGet
OCRelease
ObjectCodeGet
ObjectCodeGetW
SVName
SVOffBP
SVRelease
SVTypeIndex

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Generated Invoice and Log sheet details/mspdb140.dll
.dll windows:6 windows x64 arch:x64

9b07f79d2a1b2b5ea6651bb56f03bea4

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-03-2023 18:43

Not After

14-03-2024 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:af:8d:32:57:e3:35:b4:a7:d7:b4:83:38:8c:b8:ed:02:cc:3a:c3:27:ed:44:1f:fb:17:a1:ab:30:6e:7b:8a
Signer

Actual PE Digest

48:af:8d:32:57:e3:35:b4:a7:d7:b4:83:38:8c:b8:ed:02:cc:3a:c3:27:ed:44:1f:fb:17:a1:ab:30:6e:7b:8a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\mspdb140.pdb

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
CryptHashData
CryptGetHashParam
CryptAcquireContextW
CryptCreateHash
CryptDestroyHash
CryptReleaseContext
OpenProcessToken
GetTokenInformation
LookupAccountSidW

kernel32

HeapAlloc
MultiByteToWideChar
HeapFree
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetFullPathNameW
ExpandEnvironmentStringsW
FreeLibrary
LoadLibraryExW
GetProcAddress
GetLastError
WideCharToMultiByte
LCMapStringW
HeapCreate
HeapDestroy
GetSystemInfo
DisableThreadLibraryCalls
CloseHandle
GetCurrentProcess
GetCurrentProcessId
GetCommandLineW
GetModuleFileNameW
CreateProcessW
CreateMutexW
WaitForSingleObject
ReleaseMutex
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
__std_exception_destroy
__std_exception_copy
memcpy
wcsstr
wcschr
strstr
strchr
_purecall
__unDName
wcsrchr
_CxxThrowException
memcmp
memmove
memset
strrchr

api-ms-win-crt-heap-l1-1-0

free
calloc
_callnewh
malloc

api-ms-win-crt-string-l1-1-0

strnlen
iswdigit
towupper
isxdigit
isdigit
wcsncmp
strncmp
iswascii
wcsncpy_s
wcscpy_s
strncpy_s
strcpy_s
iswxdigit
_wcsdup
_wcsicmp
_stricmp
strcat_s
_wcsnicmp
wcscat_s
toupper

api-ms-win-crt-utility-l1-1-0

bsearch
qsort

api-ms-win-crt-multibyte-l1-1-0

_mbsicmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s
_wfsopen
fclose
__stdio_common_vsprintf_s
fread
fseek
ftell
__stdio_common_vsnwprintf_s
__stdio_common_vsnprintf_s

api-ms-win-crt-convert-l1-1-0

_ultoa_s
_ultow_s
wcstoul
strtoul

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath_s
_wmakepath_s
_wfullpath

api-ms-win-crt-environment-l1-1-0

_wdupenv_s

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_invalid_parameter_noinfo
_errno

rpcrt4

NdrServerCall2
RpcBindingFree
RpcStringBindingComposeW
RpcBindingSetAuthInfoExW
RpcStringFreeW
NdrClientCall2
RpcBindingFromStringBindingW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

vcruntime140_1

__CxxFrameHandler4

Exports

Exports

??0ConstTypeTiIter@@QEAA@PEBUTYPTYPE@@@Z
??0SymTiIter@@QEAA@PEAUSYMTYPE@@@Z
??0TypeTiIter@@QEAA@PEAUTYPTYPE@@@Z
?CloseAllTimeoutPDB@PDB@@SAHXZ
?ExportValidateImplementation@PDB@@SAHK@Z
?ExportValidateInterface@PDB@@SAHK@Z
?FCreateSrcHash@SrcHash@@SA_NAEAPEAU1@W4HID@1@@Z
?FOpen@MREngine@@SAHPEAPEAU1@PEAUMreToPdb@@HH@Z
?FOpen@MREngine@@SAHPEAPEAU1@PEAUPDB@@PEAUNameMap@@HH@Z
?FOpen@MREngine@@SAHPEAPEAU1@PEBDAEAJQEADHH@Z
?FOpenW@MREngine@@SAHPEAPEAU1@PEBGAEAJPEAG_KHH@Z
?Open2W@PDB@@SAHPEBGPEBDPEAJPEAG_KPEAPEAU1@@Z
?OpenEx2W@PDB@@SAHPEBGPEBDJPEAJPEAG_KPEAPEAU1@@Z
?OpenInStream@PDB@@SAHPEAUIStream@@PEBDPEAJPEAG_KPEAPEAU1@@Z
?OpenNgenPdb@PDB@@SAHPEBG0PEAJPEAG_KPEAPEAU1@@Z
?OpenValidate4@PDB@@SAHPEBGPEBDPEBU_GUID@@KKPEAJPEAG_KPEAPEAU1@@Z
?OpenValidate5@PDB@@SAHPEBG0PEAXP6AP6AHXZ1W4POVC@@@ZPEAJPEAG_KPEAPEAU1@@Z
?OpenValidate6@PDB@@SAHPEBG0PEBDPEAXP6AP6AHXZ2W4POVC@@@ZPEAJPEAG_KPEAPEAU1@@Z
?OpenValidate7@PDB@@SAHPEBG0PEBDHPEAXP6AP6AHXZ2W4POVC@@@ZPEAJPEAG_KPEAPEAU1@@Z
?QueryImplementationVersionStatic@PDB@@SAKXZ
?QueryInterfaceVersionStatic@PDB@@SAKXZ
?RPC@PDB@@SAHXZ
?SetErrorHandlerAPI@PDB@@SAHP6APEAUIPDBError@@PEAU1@@Z@Z
?SetPDBCloseTimeout@PDB@@SAH_K@Z
?SetServerFastFailMode@PDB@@SAHXZ
?fConvertSymRecStToSz@@YAHPEAEJ0PEAJ@Z
?fConvertSymRecStToSz@@YAHPEAUSYMTYPE@@0@Z
?fConvertSymRecStToSzInPlace@@YAHPEAEJ@Z
?fConvertSymRecStToSzWithSig@@YAHPEAEJ0PEAJ@Z
?fConvertTypeRecStToSz@@YAHPEAUTYPTYPE@@@Z
?fConvertTypeRecsStToSz@@YAHPEAE0PEAJ@Z
?fCreate@WidenTi@@SAHAEAPEAU1@IH@Z
?fGetSymName@@YAHPEAUSYMTYPE@@PEAPEAD@Z
?fGetSymName@@YAHPEBUSYMTYPE@@PEAPEBD@Z
?fGetSymRecTypName@@YAHPEAUSYMTYPE@@PEAPEAD@Z
?fGetSymRecTypName@@YAHPEBUSYMTYPE@@PEAPEBD@Z
?fNameFromSym@@YA_NPEAUSYMTYPE@@PEAGPEAK@Z
?fNameFromSym@@YA_NPEBUSYMTYPE@@PEAGPEAK@Z
?fNameFromType@@YA_NPEAUTYPTYPE@@PEAGPEAK@Z
?fNameFromType@@YA_NPEBUTYPTYPE@@PEAGPEAK@Z
?next@ConstTypeTiIter@@QEAAHXZ
?next@SymTiIter@@QEAAHXZ
?next@TypeTiIter@@QEAAHXZ
?nextField@ConstTypeTiIter@@QEAAHXZ
?nextField@TypeTiIter@@QEAAHXZ
?open@Bsc@@SAHPEADPEAPEAU1@@Z
?open@Bsc@@SAHPEAUPDB@@PEAPEAU1@@Z
?open@NameMap@@SAHPEAUPDB@@HPEAPEAU1@@Z
?openW@Bsc@@SAHPEBGPEAPEAU1@@Z
?pbEndRecordSansPad@ConstTypeTiIter@@QEBAPEBEXZ
?pbEndRecordSansPad@TypeTiIter@@QEAAPEAEXZ
DBIAddLinkInfo
DBIAddLinkInfoW
DBIAddPublic
DBIAddPublic2
DBIAddSec
DBIAddThunkMap
DBIClearSegmentMap
DBIClose
DBIDeleteMod
DBIDumpMods
DBIDumpSecContribs
DBIDumpSecMap
DBIDumpTMCache
DBIFAddSourceMappingItem
DBIFSetPfnDumpTMCache
DBIFSetPfnNotePdbUsed
DBIFSetPfnNoteTypeMismatch
DBIFSetPfnTmdTypeFilter
DBIFStripped
DBIFindTypeServers
DBIGetEnumContrib
DBIGetEnumContrib2
DBIOpenDbg
DBIOpenGlobals
DBIOpenMod
DBIOpenModW
DBIOpenPublics
DBIQueryDbgHeader
DBIQueryDbgTypes
DBIQueryFileInfo
DBIQueryImplementationVersion
DBIQueryInterfaceVersion
DBIQueryItsmForTi
DBIQueryLazyTypes
DBIQueryLinkInfo
DBIQueryModFromAddr
DBIQueryModFromAddr2
DBIQueryNextItsm
DBIQueryNextMod
DBIQuerySecMap
DBIQuerySupportsEC
DBIQueryTypeServer
DBIRemoveDataForRva
DBIRemovePublic
DBISetLazyTypes
DBISetMachineType
DBIUpdateGlobalDataAddr
DbgAppend
DbgClear
DbgClose
DbgFind
DbgQueryNext
DbgQuerySize
DbgReplaceNext
DbgReset
DbgSkip
EnumContribGet
EnumContribGetCrcs
EnumContribNext
EnumContribRelease
EnumContribReset
GSIClose
GSIHashSym
GSINearestSym
GSINextSym
GSIOffForSym
GSISymForOff
MREBagFAddDep
MREBagFClose
MRECmpClassIsBoring
MRECmpFCloseCompiland
MRECmpFOpenCompiland
MRECmpFPushFile
MRECmpPmrefilePopFile
MREDrvFFilesOutOfDate
MREDrvFRefreshFileSysInfo
MREDrvFRelease
MREDrvFSuccessfulCompile
MREDrvFUpdateTargetFile
MREDrvOneTimeInit
MREDrvYnmFileOutOfDate
MREFClose
MREFDelete
MREFOpen
MREFOpenByName
MREFOpenEx
MREFOpenW
MREFileFOpenBag
MREQueryMreCmp
MREQueryMreDrv
MREQueryMreUtil
ModAddCoffTypeSectionChecksum
ModAddLines
ModAddLinesW
ModAddPublic
ModAddPublic2
ModAddSecContrib
ModAddSecContribEx
ModAddSymbols
ModAddSymbols2
ModAddTypes
ModClose
ModGetEnumILLines
ModGetLastErrorCode
ModGetPvClient
ModIsTypeServed
ModMergeTypes
ModQueryCBFile
ModQueryCBName
ModQueryCVRecordForTi
ModQueryCoffSymRVAs
ModQueryCrossScopeExports
ModQueryCrossScopeImports
ModQueryDBI
ModQueryFile
ModQueryFirstCodeSecContrib
ModQueryFuncMDTokenMap
ModQueryIDs
ModQueryILLineFlags
ModQueryILLines
ModQueryImod
ModQueryImplementationVersion
ModQueryInlineeLines
ModQueryInlineeMDTokenMap
ModQueryInterfaceVersion
ModQueryLines
ModQueryLines2
ModQueryMergedAssemblyInput
ModQueryName
ModQueryPbCVRecordForTi
ModQueryPdbFile
ModQuerySecContrib
ModQuerySrcFile
ModQuerySrcLineForUDT
ModQuerySupportsEC
ModQuerySymbols
ModQueryTiForUDT
ModQueryTpi
ModQueryTypeMDTokenMap
ModQueryTypes
ModRemoveGlobalRefs
ModReplaceLines
ModSetPvClient
ModTranslateFileId
NameMapOpen
PDBClose
PDBCommit
PDBCopyTo
PDBCopyToW
PDBCopyToW2
PDBCreateDBI
PDBEnablePrefetching
PDBExportValidateImplementation
PDBExportValidateInterface
PDBFLazy
PDBFMinimal
PDBFPortablePDB
PDBFRepro
PDBIsSZPDB
PDBOpen2W
PDBOpenDBI
PDBOpenDBIEx
PDBOpenEx2W
PDBOpenIpi
PDBOpenNgenPdb
PDBOpenStream
PDBOpenStreamEx
PDBOpenTpi
PDBOpenValidate4
PDBOpenValidate5
PDBOpenValidate6
PDBOpenValidate7
PDBQueryAge
PDBQueryImplementationVersion
PDBQueryImplementationVersionStatic
PDBQueryInterfaceVersion
PDBQueryInterfaceVersionStatic
PDBQueryLastError
PDBQueryLastErrorExW
PDBQueryPDBName
PDBQueryPDBNameExW
PDBQuerySignature
PDBQuerySignature2
PDBRPC
PDBRPC_PDB_UpdateSignature
PDBRegisterPDBMapping
PDBResetGUID
PDBSetServerFastFailMode
SigForPbCb
StreamAppend
StreamDelete
StreamQueryCb
StreamRead
StreamRelease
StreamReplace
StreamTruncate
StreamWrite
SzCanonFilename
TruncStFromSz
TypesAreTypesEqual
TypesClose
TypesCommit
TypesIsTypeServed
TypesQueryCVRecordForTiEx
TypesQueryCb
TypesQueryImplementationVersion
TypesQueryInterfaceVersion
TypesQueryPbCVRecordForTiEx
TypesQueryTIsForCVRecords
TypesQueryTiForCVRecordEx
TypesQueryTiForUDTEx
TypesQueryTiMacEx
TypesQueryTiMinEx
TypesSupportQueryTiForUDT
TypesfIs16bitTypePool

Sections

.text
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Generated Invoice and Log sheet details/mspdbcore.dll
.dll windows:6 windows x64 arch:x64

2deb4e8f75689f3eb0260da913b01cc2

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-03-2023 18:43

Not After

14-03-2024 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c9:a5:d9:55:4b:78:f3:c1:7f:e9:17:46:49:7a:66:c3:0e:f1:3e:f8:d6:d1:32:5d:57:02:92:1c:e3:fe:31:de
Signer

Actual PE Digest

c9:a5:d9:55:4b:78:f3:c1:7f:e9:17:46:49:7a:66:c3:0e:f1:3e:f8:d6:d1:32:5d:57:02:92:1c:e3:fe:31:de

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\mspdbcore.pdb

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
CryptHashData
CryptGetHashParam
CryptAcquireContextW
CryptCreateHash
CryptDestroyHash
CryptReleaseContext

kernel32

SetLastError
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetFullPathNameW
ExpandEnvironmentStringsW
FreeLibrary
LoadLibraryExW
GetProcAddress
GetLastError
WideCharToMultiByte
LCMapStringW
VirtualFree
VirtualAlloc
InitializeSRWLock
AcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockExclusive
ReleaseSRWLockShared
GetFileType
GetConsoleMode
CreateMutexW
CloseHandle
CreateEventW
SetEvent
WaitForSingleObject
CreateFileW
GetFileSize
CreateFileMappingW
UnmapViewOfFile
GetFileAttributesW
SetFileAttributesW
GetSystemTimeAsFileTime
CreateThread
CreateWaitableTimerW
SetWaitableTimer
ResetEvent
TerminateThread
CreateFileMappingA
MapViewOfFileEx
SignalObjectAndWait
GetCurrentThreadId
ReleaseMutex
GetSystemTime
SystemTimeToFileTime
SetFilePointer
ReadFile
GetFileAttributesExW
GetFileInformationByHandle
GetFileSizeEx
GetCurrentProcessId
GetFileInformationByHandleEx
WriteFile
DeviceIoControl
SetEndOfFile
DeleteFileW
SetFilePointerEx
GetSystemInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
WaitForSingleObjectEx
GetModuleHandleW
QueryPerformanceCounter
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
RaiseException
VirtualProtect
VirtualQuery
LoadLibraryExA

vcruntime140

__std_exception_copy
_purecall
strchr
wcsstr
wcsrchr
__std_exception_destroy
memmove
wcschr
strstr
__C_specific_handler
__unDName
strrchr
memcmp
__std_type_info_destroy_list
memcpy
memset
_CxxThrowException

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-heap-l1-1-0

calloc
_aligned_malloc
_aligned_free
free
malloc
_callnewh

api-ms-win-crt-string-l1-1-0

strcmp
strcat_s
strlen
_memicmp_l
strncmp
strcpy_s
strncpy_s
wcsncpy_s
wcsncat_s
_stricmp
_wcsicmp
wcsncmp
iswascii
strnlen
iswxdigit
isxdigit
towupper
iswdigit
_wcsdup
_wcsnicmp
wcscat_s
wcscpy_s
toupper
isdigit
_strnicmp

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath_s
_wfullpath
_wmakepath_s

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsnwprintf_s
ftell
fseek
__stdio_common_vfprintf
__acrt_iob_func
fread
__stdio_common_vswscanf
fflush
fclose
_wfsopen
__stdio_common_vfwprintf
_get_osfhandle
_fileno
__stdio_common_vsprintf_s
fwrite
__stdio_common_vswprintf_s

api-ms-win-crt-environment-l1-1-0

_wdupenv_s

api-ms-win-crt-runtime-l1-1-0

_errno
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit

api-ms-win-crt-utility-l1-1-0

bsearch
qsort

api-ms-win-crt-locale-l1-1-0

_create_locale

api-ms-win-crt-multibyte-l1-1-0

_mbsicmp
_mbscmp

api-ms-win-crt-conio-l1-1-0

__conio_common_vcwprintf

api-ms-win-crt-time-l1-1-0

_time64
_wutime64

api-ms-win-crt-convert-l1-1-0

_ultoa_s
strtoul
_ultow_s
wcstoul

msvcp140_atomic_wait

__std_submit_threadpool_work
__std_close_threadpool_work
__std_create_threadpool_work
__std_bulk_submit_threadpool_work
__std_parallel_algorithms_hw_threads
__std_wait_for_threadpool_work_callbacks

msvcp140

_Mtx_init_in_situ
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_lock
_Mtx_destroy_in_situ

tbbmalloc

scalable_free
scalable_malloc

rpcrt4

UuidCreate

Exports

Exports

??0ConstTypeTiIter@@QEAA@PEBUTYPTYPE@@@Z
??0SymTiIter@@QEAA@PEAUSYMTYPE@@@Z
??0TypeTiIter@@QEAA@PEAUTYPTYPE@@@Z
?CloseAllTimeoutPDB@PDB@@SAHXZ
?ExportValidateImplementation@PDB@@SAHK@Z
?ExportValidateInterface@PDB@@SAHK@Z
?FCreateSrcHash@SrcHash@@SA_NAEAPEAU1@W4HID@1@@Z
?FOpen@MREngine@@SAHPEAPEAU1@PEAUMreToPdb@@HH@Z
?FOpen@MREngine@@SAHPEAPEAU1@PEAUPDB@@PEAUNameMap@@HH@Z
?FOpen@MREngine@@SAHPEAPEAU1@PEBDAEAJQEADHH@Z
?FOpenW@MREngine@@SAHPEAPEAU1@PEBGAEAJPEAG_KHH@Z
?Open2W@PDB@@SAHPEBGPEBDPEAJPEAG_KPEAPEAU1@@Z
?OpenEx2W@PDB@@SAHPEBGPEBDJPEAJPEAG_KPEAPEAU1@@Z
?OpenInStream@PDB@@SAHPEAUIStream@@PEBDPEAJPEAG_KPEAPEAU1@@Z
?OpenNgenPdb@PDB@@SAHPEBG0PEAJPEAG_KPEAPEAU1@@Z
?OpenValidate4@PDB@@SAHPEBGPEBDPEBU_GUID@@KKPEAJPEAG_KPEAPEAU1@@Z
?OpenValidate5@PDB@@SAHPEBG0PEAXP6AP6AHXZ1W4POVC@@@ZPEAJPEAG_KPEAPEAU1@@Z
?OpenValidate6@PDB@@SAHPEBG0PEBDPEAXP6AP6AHXZ2W4POVC@@@ZPEAJPEAG_KPEAPEAU1@@Z
?OpenValidate7@PDB@@SAHPEBG0PEBDHPEAXP6AP6AHXZ2W4POVC@@@ZPEAJPEAG_KPEAPEAU1@@Z
?QueryImplementationVersionStatic@PDB@@SAKXZ
?QueryInterfaceVersionStatic@PDB@@SAKXZ
?RPC@PDB@@SAHXZ
?SetErrorHandlerAPI@PDB@@SAHP6APEAUIPDBError@@PEAU1@@Z@Z
?SetPDBCloseTimeout@PDB@@SAH_K@Z
?SetServerFastFailMode@PDB@@SAHXZ
?ShutDownTimeoutManager@PDB@@SAHXZ
?fConvertSymRecStToSz@@YAHPEAEJ0PEAJ@Z
?fConvertSymRecStToSz@@YAHPEAUSYMTYPE@@0@Z
?fConvertSymRecStToSzInPlace@@YAHPEAEJ@Z
?fConvertSymRecStToSzWithSig@@YAHPEAEJ0PEAJ@Z
?fConvertTypeRecStToSz@@YAHPEAUTYPTYPE@@@Z
?fConvertTypeRecsStToSz@@YAHPEAE0PEAJ@Z
?fCreate@WidenTi@@SAHAEAPEAU1@IH@Z
?fGetSymName@@YAHPEAUSYMTYPE@@PEAPEAD@Z
?fGetSymName@@YAHPEBUSYMTYPE@@PEAPEBD@Z
?fGetSymRecTypName@@YAHPEAUSYMTYPE@@PEAPEAD@Z
?fGetSymRecTypName@@YAHPEBUSYMTYPE@@PEAPEBD@Z
?fNameFromSym@@YA_NPEAUSYMTYPE@@PEAGPEAK@Z
?fNameFromSym@@YA_NPEBUSYMTYPE@@PEAGPEAK@Z
?fNameFromType@@YA_NPEAUTYPTYPE@@PEAGPEAK@Z
?fNameFromType@@YA_NPEBUTYPTYPE@@PEAGPEAK@Z
?next@ConstTypeTiIter@@QEAAHXZ
?next@SymTiIter@@QEAAHXZ
?next@TypeTiIter@@QEAAHXZ
?nextField@ConstTypeTiIter@@QEAAHXZ
?nextField@TypeTiIter@@QEAAHXZ
?open@Bsc@@SAHPEADPEAPEAU1@@Z
?open@Bsc@@SAHPEAUPDB@@PEAPEAU1@@Z
?open@NameMap@@SAHPEAUPDB@@HPEAPEAU1@@Z
?open@StreamImage@@SAHPEAUStream@@JPEAPEAU1@@Z
?openW@Bsc@@SAHPEBGPEAPEAU1@@Z
?pbEndRecordSansPad@ConstTypeTiIter@@QEBAPEBEXZ
?pbEndRecordSansPad@TypeTiIter@@QEAAPEAEXZ
DBIAddLinkInfo
DBIAddLinkInfoW
DBIAddPublic
DBIAddPublic2
DBIAddSec
DBIAddThunkMap
DBIClearSegmentMap
DBIClose
DBIDeleteMod
DBIDumpMods
DBIDumpSecContribs
DBIDumpSecMap
DBIDumpTMCache
DBIFAddSourceMappingItem
DBIFSetPfnDumpTMCache
DBIFSetPfnNotePdbUsed
DBIFSetPfnNoteTypeMismatch
DBIFSetPfnTmdTypeFilter
DBIFStripped
DBIFindTypeServers
DBIGetEnumContrib
DBIGetEnumContrib2
DBIOpenDbg
DBIOpenGlobals
DBIOpenMod
DBIOpenModW
DBIOpenPublics
DBIQueryDbgHeader
DBIQueryDbgTypes
DBIQueryFileInfo
DBIQueryImplementationVersion
DBIQueryInterfaceVersion
DBIQueryItsmForTi
DBIQueryLazyTypes
DBIQueryLinkInfo
DBIQueryModFromAddr
DBIQueryModFromAddr2
DBIQueryNextItsm
DBIQueryNextMod
DBIQuerySecMap
DBIQuerySupportsEC
DBIQueryTypeServer
DBIRemoveDataForRva
DBIRemovePublic
DBISetLazyTypes
DBISetMachineType
DBIUpdateGlobalDataAddr
DbgAppend
DbgClear
DbgClose
DbgFind
DbgQueryNext
DbgQuerySize
DbgReplaceNext
DbgReset
DbgSkip
EnumContribGet
EnumContribGetCrcs
EnumContribNext
EnumContribRelease
EnumContribReset
GSIClose
GSIHashSym
GSINearestSym
GSINextSym
GSIOffForSym
GSISymForOff
MREBagFAddDep
MREBagFClose
MRECmpClassIsBoring
MRECmpFCloseCompiland
MRECmpFOpenCompiland
MRECmpFPushFile
MRECmpPmrefilePopFile
MREDrvFFilesOutOfDate
MREDrvFRefreshFileSysInfo
MREDrvFRelease
MREDrvFSuccessfulCompile
MREDrvFUpdateTargetFile
MREDrvOneTimeInit
MREDrvYnmFileOutOfDate
MREFClose
MREFDelete
MREFOpen
MREFOpenByName
MREFOpenEx
MREFOpenW
MREFileFOpenBag
MREQueryMreCmp
MREQueryMreDrv
MREQueryMreUtil
MSFOpenExW
MSFOpenW
ModAddCoffTypeSectionChecksum
ModAddLines
ModAddLinesW
ModAddPublic
ModAddPublic2
ModAddSecContrib
ModAddSecContribEx
ModAddSymbols
ModAddSymbols2
ModAddTypes
ModClose
ModGetEnumILLines
ModGetLastErrorCode
ModGetPvClient
ModIsTypeServed
ModMergeTypes
ModQueryCBFile
ModQueryCBName
ModQueryCVRecordForTi
ModQueryCoffSymRVAs
ModQueryCrossScopeExports
ModQueryCrossScopeImports
ModQueryDBI
ModQueryFile
ModQueryFirstCodeSecContrib
ModQueryFuncMDTokenMap
ModQueryIDs
ModQueryILLineFlags
ModQueryILLines
ModQueryImod
ModQueryImplementationVersion
ModQueryInlineeLines
ModQueryInlineeMDTokenMap
ModQueryInterfaceVersion
ModQueryLines
ModQueryLines2
ModQueryMergedAssemblyInput
ModQueryName
ModQueryPbCVRecordForTi
ModQueryPdbFile
ModQuerySecContrib
ModQuerySrcFile
ModQuerySrcLineForUDT
ModQuerySupportsEC
ModQuerySymbols
ModQueryTiForUDT
ModQueryTpi
ModQueryTypeMDTokenMap
ModQueryTypes
ModRemoveGlobalRefs
ModReplaceLines
ModSetPvClient
ModTranslateFileId
NameMapOpen
PDBClose
PDBCommit
PDBCopyTo
PDBCopyToW
PDBCopyToW2
PDBCreateDBI
PDBEnablePrefetching
PDBExportValidateImplementation
PDBExportValidateInterface
PDBFLazy
PDBFMinimal
PDBFPortablePDB
PDBFRepro
PDBIsSZPDB
PDBOpen2W
PDBOpenDBI
PDBOpenDBIEx
PDBOpenEx2W
PDBOpenIpi
PDBOpenNgenPdb
PDBOpenStream
PDBOpenStreamEx
PDBOpenTpi
PDBOpenValidate4
PDBOpenValidate5
PDBOpenValidate6
PDBOpenValidate7
PDBQueryAge
PDBQueryImplementationVersion
PDBQueryImplementationVersionStatic
PDBQueryInterfaceVersion
PDBQueryInterfaceVersionStatic
PDBQueryLastError
PDBQueryLastErrorExW
PDBQueryPDBName
PDBQueryPDBNameExW
PDBQuerySignature
PDBQuerySignature2
PDBRPC
PDBRPC_PDB_UpdateSignature
PDBRegisterPDBMapping
PDBResetGUID
PDBSetServerFastFailMode
SigForPbCb
StreamAppend
StreamDelete
StreamImageBase
StreamImageNoteRead
StreamImageNoteWrite
StreamImageOpen
StreamImageRelease
StreamImageSize
StreamImageWriteBack
StreamQueryCb
StreamRead
StreamRelease
StreamReplace
StreamTruncate
StreamWrite
SzCanonFilename
TruncStFromSz
TypesAreTypesEqual
TypesClose
TypesCommit
TypesIsTypeServed
TypesQueryCVRecordForTiEx
TypesQueryCb
TypesQueryImplementationVersion
TypesQueryInterfaceVersion
TypesQueryPbCVRecordForTiEx
TypesQueryTIsForCVRecords
TypesQueryTiForCVRecordEx
TypesQueryTiForUDTEx
TypesQueryTiMacEx
TypesQueryTiMinEx
TypesSupportQueryTiForUDT
TypesfIs16bitTypePool

Sections

.text
Size: 577KB - Virtual size: 576KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 128.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Generated Invoice and Log sheet details/mspdbst.dll
.dll windows:6 windows x64 arch:x64

8a29b973361e3b3677b9285dbf671cda

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-03-2023 18:43

Not After

14-03-2024 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

74:f9:cb:84:b9:49:2f:f5:1c:81:9e:9d:a4:0e:63:af:0e:a0:59:fe:29:7c:84:83:64:d9:6e:4a:41:10:dc:b4
Signer

Actual PE Digest

74:f9:cb:84:b9:49:2f:f5:1c:81:9e:9d:a4:0e:63:af:0e:a0:59:fe:29:7c:84:83:64:d9:6e:4a:41:10:dc:b4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\mspdbst.pdb

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
CryptHashData
CryptGetHashParam
CryptAcquireContextW
CryptCreateHash
CryptDestroyHash
CryptReleaseContext

kernel32

SetLastError
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetFullPathNameW
ExpandEnvironmentStringsW
FreeLibrary
LoadLibraryExW
GetProcAddress
GetLastError
WideCharToMultiByte
LCMapStringW
VirtualFree
VirtualAlloc
InitializeSRWLock
AcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockExclusive
ReleaseSRWLockShared
GetFileType
GetConsoleMode
CreateFileW
GetFileSize
CreateFileMappingW
CloseHandle
UnmapViewOfFile
GetFileAttributesW
SetFileAttributesW
CreateFileMappingA
MapViewOfFileEx
GetSystemTimeAsFileTime
GetSystemTime
SystemTimeToFileTime
SetFilePointer
ReadFile
GetFileAttributesExW
GetFileInformationByHandle
GetFileSizeEx
GetCurrentProcessId
WriteFile
DeviceIoControl
SetEndOfFile
DeleteFileW
SetFilePointerEx
GetSystemInfo
IsDebuggerPresent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentThreadId
DisableThreadLibraryCalls
InitializeSListHead
LoadLibraryExA
VirtualQuery
VirtualProtect
RaiseException

vcruntime140

wcsrchr
strchr
wcsstr
__std_exception_destroy
wcschr
__std_exception_copy
strstr
__C_specific_handler
__unDName
strrchr
memmove
memcmp
__std_type_info_destroy_list
memset
_CxxThrowException
_purecall
memcpy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-heap-l1-1-0

calloc
malloc
_aligned_malloc
free
_aligned_free
_callnewh

api-ms-win-crt-string-l1-1-0

strcmp
toupper
wcsncpy_s
_strnicmp
wcsncat_s
strcat_s
_wcsicmp
strlen
_memicmp_l
iswdigit
towupper
isdigit
iswascii
strnlen
strncpy_s
isxdigit
strcpy_s
iswxdigit
_wcsdup
_wcsnicmp
wcscat_s
wcscpy_s
wcsncmp
strncmp
_stricmp

api-ms-win-crt-filesystem-l1-1-0

_wfullpath
_wmakepath_s
_wsplitpath_s

api-ms-win-crt-stdio-l1-1-0

_fileno
ftell
fread
fclose
__stdio_common_vsnwprintf_s
_get_osfhandle
__acrt_iob_func
__stdio_common_vfprintf
fflush
__stdio_common_vsprintf_s
_wfsopen
__stdio_common_vfwprintf
fwrite
__stdio_common_vswscanf
fseek
__stdio_common_vswprintf_s

api-ms-win-crt-environment-l1-1-0

_wdupenv_s

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_errno
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-utility-l1-1-0

bsearch
qsort

api-ms-win-crt-locale-l1-1-0

_create_locale

api-ms-win-crt-multibyte-l1-1-0

_mbsicmp
_mbscmp

api-ms-win-crt-conio-l1-1-0

__conio_common_vcwprintf

api-ms-win-crt-time-l1-1-0

_wutime64
_time64

api-ms-win-crt-convert-l1-1-0

strtoul
_ultoa_s
wcstoul
_ultow_s

msvcp140_atomic_wait

__std_bulk_submit_threadpool_work
__std_submit_threadpool_work
__std_create_threadpool_work
__std_wait_for_threadpool_work_callbacks
__std_parallel_algorithms_hw_threads
__std_close_threadpool_work

msvcp140

_Mtx_init_in_situ
_Mtx_unlock
?_Xlength_error@std@@YAXPEBD@Z
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ
_Mtx_lock

tbbmalloc

scalable_malloc
scalable_free

rpcrt4

UuidCreate

Exports

Exports

??0ConstTypeTiIter@@QEAA@PEBUTYPTYPE@@@Z
??0SymTiIter@@QEAA@PEAUSYMTYPE@@@Z
??0TypeTiIter@@QEAA@PEAUTYPTYPE@@@Z
?CloseAllTimeoutPDB@PDB@@SAHXZ
?ExportValidateImplementation@PDB@@SAHK@Z
?ExportValidateInterface@PDB@@SAHK@Z
?FCreateSrcHash@SrcHash@@SA_NAEAPEAU1@W4HID@1@@Z
?FOpen@MREngine@@SAHPEAPEAU1@PEAUMreToPdb@@HH@Z
?FOpen@MREngine@@SAHPEAPEAU1@PEAUPDB@@PEAUNameMap@@HH@Z
?FOpen@MREngine@@SAHPEAPEAU1@PEBDAEAJQEADHH@Z
?FOpenW@MREngine@@SAHPEAPEAU1@PEBGAEAJPEAG_KHH@Z
?Open2W@PDB@@SAHPEBGPEBDPEAJPEAG_KPEAPEAU1@@Z
?OpenEx2W@PDB@@SAHPEBGPEBDJPEAJPEAG_KPEAPEAU1@@Z
?OpenInStream@PDB@@SAHPEAUIStream@@PEBDPEAJPEAG_KPEAPEAU1@@Z
?OpenNgenPdb@PDB@@SAHPEBG0PEAJPEAG_KPEAPEAU1@@Z
?OpenValidate4@PDB@@SAHPEBGPEBDPEBU_GUID@@KKPEAJPEAG_KPEAPEAU1@@Z
?OpenValidate5@PDB@@SAHPEBG0PEAXP6AP6AHXZ1W4POVC@@@ZPEAJPEAG_KPEAPEAU1@@Z
?OpenValidate6@PDB@@SAHPEBG0PEBDPEAXP6AP6AHXZ2W4POVC@@@ZPEAJPEAG_KPEAPEAU1@@Z
?OpenValidate7@PDB@@SAHPEBG0PEBDHPEAXP6AP6AHXZ2W4POVC@@@ZPEAJPEAG_KPEAPEAU1@@Z
?QueryImplementationVersionStatic@PDB@@SAKXZ
?QueryInterfaceVersionStatic@PDB@@SAKXZ
?RPC@PDB@@SAHXZ
?SetErrorHandlerAPI@PDB@@SAHP6APEAUIPDBError@@PEAU1@@Z@Z
?SetPDBCloseTimeout@PDB@@SAH_K@Z
?SetServerFastFailMode@PDB@@SAHXZ
?ShutDownTimeoutManager@PDB@@SAHXZ
?fConvertSymRecStToSz@@YAHPEAEJ0PEAJ@Z
?fConvertSymRecStToSz@@YAHPEAUSYMTYPE@@0@Z
?fConvertSymRecStToSzInPlace@@YAHPEAEJ@Z
?fConvertSymRecStToSzWithSig@@YAHPEAEJ0PEAJ@Z
?fConvertTypeRecStToSz@@YAHPEAUTYPTYPE@@@Z
?fConvertTypeRecsStToSz@@YAHPEAE0PEAJ@Z
?fCreate@WidenTi@@SAHAEAPEAU1@IH@Z
?fGetSymName@@YAHPEAUSYMTYPE@@PEAPEAD@Z
?fGetSymName@@YAHPEBUSYMTYPE@@PEAPEBD@Z
?fGetSymRecTypName@@YAHPEAUSYMTYPE@@PEAPEAD@Z
?fGetSymRecTypName@@YAHPEBUSYMTYPE@@PEAPEBD@Z
?fNameFromSym@@YA_NPEAUSYMTYPE@@PEAGPEAK@Z
?fNameFromSym@@YA_NPEBUSYMTYPE@@PEAGPEAK@Z
?fNameFromType@@YA_NPEAUTYPTYPE@@PEAGPEAK@Z
?fNameFromType@@YA_NPEBUTYPTYPE@@PEAGPEAK@Z
?next@ConstTypeTiIter@@QEAAHXZ
?next@SymTiIter@@QEAAHXZ
?next@TypeTiIter@@QEAAHXZ
?nextField@ConstTypeTiIter@@QEAAHXZ
?nextField@TypeTiIter@@QEAAHXZ
?open@Bsc@@SAHPEADPEAPEAU1@@Z
?open@Bsc@@SAHPEAUPDB@@PEAPEAU1@@Z
?open@NameMap@@SAHPEAUPDB@@HPEAPEAU1@@Z
?open@StreamImage@@SAHPEAUStream@@JPEAPEAU1@@Z
?openW@Bsc@@SAHPEBGPEAPEAU1@@Z
?pbEndRecordSansPad@ConstTypeTiIter@@QEBAPEBEXZ
?pbEndRecordSansPad@TypeTiIter@@QEAAPEAEXZ
DBIAddLinkInfo
DBIAddLinkInfoW
DBIAddPublic
DBIAddPublic2
DBIAddSec
DBIAddThunkMap
DBIClearSegmentMap
DBIClose
DBIDeleteMod
DBIDumpMods
DBIDumpSecContribs
DBIDumpSecMap
DBIDumpTMCache
DBIFAddSourceMappingItem
DBIFSetPfnDumpTMCache
DBIFSetPfnNotePdbUsed
DBIFSetPfnNoteTypeMismatch
DBIFSetPfnTmdTypeFilter
DBIFStripped
DBIFindTypeServers
DBIGetEnumContrib
DBIGetEnumContrib2
DBIOpenDbg
DBIOpenGlobals
DBIOpenMod
DBIOpenModW
DBIOpenPublics
DBIQueryDbgHeader
DBIQueryDbgTypes
DBIQueryFileInfo
DBIQueryImplementationVersion
DBIQueryInterfaceVersion
DBIQueryItsmForTi
DBIQueryLazyTypes
DBIQueryLinkInfo
DBIQueryModFromAddr
DBIQueryModFromAddr2
DBIQueryNextItsm
DBIQueryNextMod
DBIQuerySecMap
DBIQuerySupportsEC
DBIQueryTypeServer
DBIRemoveDataForRva
DBIRemovePublic
DBISetLazyTypes
DBISetMachineType
DBIUpdateGlobalDataAddr
DbgAppend
DbgClear
DbgClose
DbgFind
DbgQueryNext
DbgQuerySize
DbgReplaceNext
DbgReset
DbgSkip
EnumContribGet
EnumContribGetCrcs
EnumContribNext
EnumContribRelease
EnumContribReset
GSIClose
GSIHashSym
GSINearestSym
GSINextSym
GSIOffForSym
GSISymForOff
MREBagFAddDep
MREBagFClose
MRECmpClassIsBoring
MRECmpFCloseCompiland
MRECmpFOpenCompiland
MRECmpFPushFile
MRECmpPmrefilePopFile
MREDrvFFilesOutOfDate
MREDrvFRefreshFileSysInfo
MREDrvFRelease
MREDrvFSuccessfulCompile
MREDrvFUpdateTargetFile
MREDrvOneTimeInit
MREDrvYnmFileOutOfDate
MREFClose
MREFDelete
MREFOpen
MREFOpenByName
MREFOpenEx
MREFOpenW
MREFileFOpenBag
MREQueryMreCmp
MREQueryMreDrv
MREQueryMreUtil
MSFOpenExW
MSFOpenW
ModAddCoffTypeSectionChecksum
ModAddLines
ModAddLinesW
ModAddPublic
ModAddPublic2
ModAddSecContrib
ModAddSecContribEx
ModAddSymbols
ModAddSymbols2
ModAddTypes
ModClose
ModGetEnumILLines
ModGetLastErrorCode
ModGetPvClient
ModIsTypeServed
ModMergeTypes
ModQueryCBFile
ModQueryCBName
ModQueryCVRecordForTi
ModQueryCoffSymRVAs
ModQueryCrossScopeExports
ModQueryCrossScopeImports
ModQueryDBI
ModQueryFile
ModQueryFirstCodeSecContrib
ModQueryFuncMDTokenMap
ModQueryIDs
ModQueryILLineFlags
ModQueryILLines
ModQueryImod
ModQueryImplementationVersion
ModQueryInlineeLines
ModQueryInlineeMDTokenMap
ModQueryInterfaceVersion
ModQueryLines
ModQueryLines2
ModQueryMergedAssemblyInput
ModQueryName
ModQueryPbCVRecordForTi
ModQueryPdbFile
ModQuerySecContrib
ModQuerySrcFile
ModQuerySrcLineForUDT
ModQuerySupportsEC
ModQuerySymbols
ModQueryTiForUDT
ModQueryTpi
ModQueryTypeMDTokenMap
ModQueryTypes
ModRemoveGlobalRefs
ModReplaceLines
ModSetPvClient
ModTranslateFileId
NameMapOpen
PDBClose
PDBCommit
PDBCopyTo
PDBCopyToW
PDBCopyToW2
PDBCreateDBI
PDBEnablePrefetching
PDBExportValidateImplementation
PDBExportValidateInterface
PDBFLazy
PDBFMinimal
PDBFPortablePDB
PDBFRepro
PDBIsSZPDB
PDBOpen2W
PDBOpenDBI
PDBOpenDBIEx
PDBOpenEx2W
PDBOpenIpi
PDBOpenNgenPdb
PDBOpenStream
PDBOpenStreamEx
PDBOpenTpi
PDBOpenValidate4
PDBOpenValidate5
PDBOpenValidate6
PDBOpenValidate7
PDBQueryAge
PDBQueryImplementationVersion
PDBQueryImplementationVersionStatic
PDBQueryInterfaceVersion
PDBQueryInterfaceVersionStatic
PDBQueryLastError
PDBQueryLastErrorExW
PDBQueryPDBName
PDBQueryPDBNameExW
PDBQuerySignature
PDBQuerySignature2
PDBRPC
PDBRPC_PDB_UpdateSignature
PDBRegisterPDBMapping
PDBResetGUID
PDBSetServerFastFailMode
SigForPbCb
StreamAppend
StreamDelete
StreamImageBase
StreamImageNoteRead
StreamImageNoteWrite
StreamImageOpen
StreamImageRelease
StreamImageSize
StreamImageWriteBack
StreamQueryCb
StreamRead
StreamRelease
StreamReplace
StreamTruncate
StreamWrite
SzCanonFilename
TruncStFromSz
TypesAreTypesEqual
TypesClose
TypesCommit
TypesIsTypeServed
TypesQueryCVRecordForTiEx
TypesQueryCb
TypesQueryImplementationVersion
TypesQueryInterfaceVersion
TypesQueryPbCVRecordForTiEx
TypesQueryTIsForCVRecords
TypesQueryTiForCVRecordEx
TypesQueryTiForUDTEx
TypesQueryTiMacEx
TypesQueryTiMinEx
TypesSupportQueryTiForUDT
TypesfIs16bitTypePool

Sections

.text
Size: 551KB - Virtual size: 551KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 128.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Generated Invoice and Log sheet details/mspft140.dll
.dll regsvr32 windows:6 windows x64 arch:x64

8045e381960e3c61889e1049bf375ef3

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-03-2023 18:43

Not After

14-03-2024 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:06:f7:a9:b8:ed:7d:c2:78:e3:9f:70:0f:f2:86:ec:c8:f1:10:0a:e8:b6:c2:ca:ac:92:0a:27:f9:c5:ea:cc
Signer

Actual PE Digest

18:06:f7:a9:b8:ed:7d:c2:78:e3:9f:70:0f:f2:86:ec:c8:f1:10:0a:e8:b6:c2:ca:ac:92:0a:27:f9:c5:ea:cc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\mspft140.pdb

Imports

advapi32

RegDeleteKeyW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW

kernel32

FreeLibrary
GetProcAddress
GetModuleHandleW
lstrcmpiW
RaiseException
GetLastError
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionEx
DecodePointer
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DisableThreadLibraryCalls
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
FormatMessageA
GetTickCount64
FindNextFileW
GetUserDefaultUILanguage
HeapFree
GetProcessHeap
HeapAlloc
GetEnvironmentVariableW
LocalFree
FormatMessageW
LocalAlloc
FindClose
FindFirstFileW
LockResource
GetTempFileNameW
DeleteFileW
LoadLibraryW
WideCharToMultiByte
AreFileApisANSI
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
OutputDebugStringW
GetFullPathNameW
CopyFileW
CloseHandle

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy
memmove
memset
_purecall
__current_exception_context
__current_exception
__C_specific_handler
wcsstr
__std_terminate
strchr
wcsrchr
__std_exception_destroy
_CxxThrowException
__std_type_info_destroy_list
__std_exception_copy
memcmp
wcschr

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_initialize_narrow_environment
_initterm_e
terminate
_initterm
_errno
_invalid_parameter_noinfo
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv

api-ms-win-crt-string-l1-1-0

towupper
wcsncat_s
wcsncpy_s
strncmp
strtok_s
_wcsnicmp
_wcsupr_s
iswdigit
iswgraph
iswspace
iswalpha
wcsncmp
_wcsdup
_wcslwr_s
_wcsicmp
iswalnum
wcscpy_s
wcscmp

api-ms-win-crt-heap-l1-1-0

realloc
calloc
free
malloc
_recalloc
_callnewh

user32

CharNextW
CharLowerW
CharUpperW

ole32

CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoFreeLibrary
CoLoadLibrary
StringFromCLSID
CoTaskMemAlloc

oleaut32

SysFreeString
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
GetErrorInfo
SetErrorInfo
SysReAllocStringLen
VarFormatNumber
SysAllocStringLen
VariantChangeType
SysStringLen
SysAllocString
VariantInit
SysStringByteLen
VariantClear
SysAllocStringByteLen
VariantCopy

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
__stdio_common_vfwprintf
__stdio_common_vswprintf_s
fflush
__stdio_common_vsprintf
_wfopen_s
__stdio_common_vswprintf_p
_wfsopen
fread
__stdio_common_vsnwprintf_s
fclose
fwrite
__acrt_iob_func
__stdio_common_vswscanf

api-ms-win-crt-convert-l1-1-0

_i64tow_s
_wcstoi64
wcstoul
wcstol
_itow_s
_wtoi
strtol
_ltow_s
atoi

api-ms-win-crt-environment-l1-1-0

_wdupenv_s
_dupenv_s

msvcp140

?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??Bid@locale@std@@QEAA_KXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?is@?$ctype@G@std@@QEBA_NFG@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$collate@G@std@@2V0locale@2@A
?id@?$ctype@G@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
_Wcsxfrm
_Wcscoll
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exceptions@std@@YAHXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

shlwapi

SHCreateStreamOnFileW
ord12

xmllite

CreateXmlWriter
CreateXmlReader

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 353KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Generated Invoice and Log sheet details/msvcdis140.dll
.dll windows:6 windows x64 arch:x64

85a14b244ae27395ba5e8716f5fc1746

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-03-2023 18:43

Not After

14-03-2024 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:18:5d:1d:9b:a5:7a:23:f9:2b:77:dc:e9:2a:53:1b:c8:22:f0:35:d6:b3:2b:38:f6:2f:bd:0a:b7:56:d9:0a
Signer

Actual PE Digest

0d:18:5d:1d:9b:a5:7a:23:f9:2b:77:dc:e9:2a:53:1b:c8:22:f0:35:d6:b3:2b:38:f6:2f:bd:0a:b7:56:d9:0a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\msvcdis140.pdb

Imports

kernel32

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
GetStdHandle
GetFileType
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStringTypeW
SetFilePointerEx
SetStdHandle
HeapSize
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
CloseHandle
CreateFileW
WriteConsoleW

Exports

Exports

?Addr@DIS@@QEBA_KXZ
?CchFormatAddr@DIS@@QEBA_K_KPEA_W0@Z
?CchFormatInstr@DIS@@QEBA_KPEA_W_K@Z
?Dist@DIS@@QEBA?AW4DIST@1@XZ
?PdisNew@DIS@@SAPEAV1@W4DIST@1@@Z
?PdisNew@DISARM64@@SAPEAVDIS@@W4DIST@2@@Z
?PdisNew@DISARM@@SAPEAVDIS@@W4DIST@2@@Z
?PdisNew@DISX86@@SAPEAVDIS@@W4DIST@2@@Z
?PfncchaddrSet@DIS@@QEAAP6A_KPEBV1@_KPEA_W1PEA_K@ZP6A_K01213@Z@Z
?PfncchfixupSet@DIS@@QEAAP6A_KPEBV1@_K1PEA_W1PEA_K@ZP6A_K011213@Z@Z
?PfncchregSet@DIS@@QEAAP6A_KPEBV1@W4REGA@1@PEA_W_K@ZP6A_K0123@Z@Z
?PfncchregrelSet@DIS@@QEAAP6A_KPEBV1@W4REGA@1@KPEA_W_KPEAK@ZP6A_K01K234@Z@Z
?PfndwgetregSet@DIS@@QEAAP6A_KPEBV1@W4REGA@1@@ZP6A_K01@Z@Z
?PvClient@DIS@@QEBAPEAXXZ
?PvClientSet@DIS@@QEAAPEAXPEAX@Z
?PwostrstreamNew@wostrstream@DIS@@SAPEAV12@PEA_W_K@Z
?PwostrstreamNew@wostrstream@DIS@@SAPEAV12@XZ
?SetAddr64@DIS@@QEAAX_N@Z

Sections

.text
Size: 603KB - Virtual size: 603KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 561KB - Virtual size: 561KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 146KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Generated Invoice and Log sheet details/msvcp140.dll
.dll windows:6 windows x64 arch:x64

2ba11fd5a511c8a409e705e9ab6b5dc1

Code Sign

33:00:00:03:3e:63:3a:86:bf:41:73:d7:e0:00:00:00:00:03:3e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-02-2023 20:10

Not After

31-01-2024 20:10

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

87:ba:40:3b:5c:2b:15:53:b7:2c:46:68:45:5a:4a:18:e3:30:d9:d9:2b:de:f8:4e:1a:97:fc:77:ef:b3:f6:b3
Signer

Actual PE Digest

87:ba:40:3b:5c:2b:15:53:b7:2c:46:68:45:5a:4a:18:e3:30:d9:d9:2b:de:f8:4e:1a:97:fc:77:ef:b3:f6:b3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb

Imports

vcruntime140

__current_exception_context
__C_specific_handler
memcmp
__uncaught_exceptions
__uncaught_exception
memchr
memmove
__std_terminate
_purecall
memset
memcpy
_CxxThrowException
__AdjustPointer
__current_exception
__std_exception_destroy
__std_type_info_destroy_list
__std_exception_copy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-heap-l1-1-0

_callnewh
realloc
calloc
free
malloc

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_configure_narrow_argv
abort
_initterm_e
_initialize_narrow_environment
_execute_onexit_table
_endthreadex
_beginthreadex
terminate
_set_new_handler
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_initialize_onexit_table
_initterm
_crt_atexit
_cexit
_errno

api-ms-win-crt-string-l1-1-0

isdigit
isspace
isxdigit
iswxdigit
__strncnt
wcsnlen
iswspace
isupper
wcscpy_s
iswalnum
iswdigit
isalnum
islower
_wcsdup
tolower
strcspn

api-ms-win-crt-locale-l1-1-0

_lock_locales
__pctype_func
___lc_locale_name_func
setlocale
___lc_codepage_func
___mb_cur_max_func
___lc_collate_cp_func
_unlock_locales
localeconv

api-ms-win-crt-stdio-l1-1-0

fputs
fgetwc
fseek
_fsopen
_wfsopen
fputwc
ungetwc
__stdio_common_vsprintf_s
__acrt_iob_func
_get_stream_buffer_pointers
fclose
fflush
fgetc
fgetpos
fputc
fread
fsetpos
_fseeki64
fwrite
setvbuf
ungetc

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file
_wrmdir
_wrename
_wchdir
_wremove

api-ms-win-crt-time-l1-1-0

_W_Getmonths
_W_Getdays
_Gettnames
_Getmonths
_W_Gettnames
_Wcsftime
_Getdays
_Strftime

api-ms-win-crt-environment-l1-1-0

_wgetcwd

api-ms-win-crt-math-l1-1-0

pow
powf
ldexp
frexp
logf
log

api-ms-win-crt-convert-l1-1-0

btowc
strtod
strtof

api-ms-win-crt-utility-l1-1-0

rand_s

kernel32

SubmitThreadpoolWork
RaiseException
CompareStringEx
MultiByteToWideChar
GetCPInfo
InitializeSListHead
WideCharToMultiByte
LCMapStringEx
GetLocaleInfoEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetFileInformationByHandleEx
GetProcAddress
GetModuleHandleW
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
GetTickCount64
GetSystemTimeAsFileTime
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
SetFileInformationByHandle
InitOnceExecuteOnce
GetStringTypeW
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleHandleExW
CloseThreadpoolWork
RtlPcToFileHeader
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
IsProcessorFeaturePresent
RtlCaptureStackBackTrace
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
InitializeSRWLock
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThreadId
SwitchToThread
Sleep
WaitForSingleObjectEx
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
FormatMessageA
LocalFree
DecodePointer
EncodePointer
CreateSymbolicLinkW
CreateHardLinkW
CopyFileW
GetLastError
CloseHandle
AreFileApisANSI
GetTempPathW
SetFileTime
SetFilePointerEx
SetFileAttributesW
SetEndOfFile
GetFileInformationByHandle

Exports

Exports

??$_Getvals@_W@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??0?$_Yarn@D@std@@QEAA@AEBV01@@Z
??0?$_Yarn@D@std@@QEAA@PEBD@Z
??0?$_Yarn@D@std@@QEAA@XZ
??0?$_Yarn@G@std@@QEAA@AEBV01@@Z
??0?$_Yarn@G@std@@QEAA@PEBG@Z
??0?$_Yarn@G@std@@QEAA@XZ
??0?$_Yarn@_W@std@@QEAA@AEBV01@@Z
??0?$_Yarn@_W@std@@QEAA@PEB_W@Z
??0?$_Yarn@_W@std@@QEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N1@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$codecvt@DDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@DDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@KW4_Codecvt_mode@1@_K@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@KW4_Codecvt_mode@1@_K@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$ctype@D@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@D@std@@QEAA@PEBF_N_K@Z
??0?$ctype@G@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@G@std@@QEAA@_K@Z
??0?$ctype@_W@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@_W@std@@QEAA@_K@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0Init@ios_base@std@@QEAA@XZ
??0_Facet_base@std@@QEAA@AEBV01@@Z
??0_Facet_base@std@@QEAA@XZ
??0_Init_locks@std@@QEAA@XZ
??0_Locimp@locale@std@@AEAA@AEBV012@@Z
??0_Locimp@locale@std@@AEAA@_N@Z
??0_Locinfo@std@@QEAA@HPEBD@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
??0_Lockit@std@@QEAA@XZ
??0_Timevec@std@@QEAA@AEBV01@@Z
??0_Timevec@std@@QEAA@PEAX@Z
??0_UShinit@std@@QEAA@XZ
??0_Winit@std@@QEAA@XZ
??0codecvt_base@std@@QEAA@_K@Z
??0ctype_base@std@@QEAA@_K@Z
??0facet@locale@std@@IEAA@_K@Z
??0id@locale@std@@QEAA@_K@Z
??0ios_base@std@@IEAA@XZ
??0task_continuation_context@Concurrency@@AEAA@XZ
??0time_base@std@@QEAA@_K@Z
??1?$_Yarn@D@std@@QEAA@XZ
??1?$_Yarn@G@std@@QEAA@XZ
??1?$_Yarn@_W@std@@QEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$codecvt@DDU_Mbstatet@@@std@@MEAA@XZ
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??1?$codecvt@_SDU_Mbstatet@@@std@@MEAA@XZ
??1?$codecvt@_UDU_Mbstatet@@@std@@MEAA@XZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??1?$ctype@D@std@@MEAA@XZ
??1?$ctype@G@std@@MEAA@XZ
??1?$ctype@_W@std@@MEAA@XZ
??1?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1Init@ios_base@std@@QEAA@XZ
??1_Facet_base@std@@UEAA@XZ
??1_Init_locks@std@@QEAA@XZ
??1_Locimp@locale@std@@MEAA@XZ
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
??1_Timevec@std@@QEAA@XZ
??1_UShinit@std@@QEAA@XZ
??1_Winit@std@@QEAA@XZ
??1codecvt_base@std@@UEAA@XZ
??1ctype_base@std@@UEAA@XZ
??1facet@locale@std@@MEAA@XZ
??1ios_base@std@@UEAA@XZ
??1time_base@std@@UEAA@XZ
??4?$_Iosb@H@std@@QEAAAEAV01@$$QEAV01@@Z
??4?$_Iosb@H@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??4?$_Yarn@G@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@G@std@@QEAAAEAV01@PEBG@Z
??4?$_Yarn@_W@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@_W@std@@QEAAAEAV01@PEB_W@Z
??4?$basic_iostream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_iostream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4Init@ios_base@std@@QEAAAEAV012@AEBV012@@Z
??4_Crt_new_delete@std@@QEAAAEAU01@$$QEAU01@@Z
??4_Crt_new_delete@std@@QEAAAEAU01@AEBU01@@Z
??4_Facet_base@std@@QEAAAEAV01@AEBV01@@Z
??4_Init_locks@std@@QEAAAEAV01@AEBV01@@Z
??4_Timevec@std@@QEAAAEAV01@AEBV01@@Z
??4_UShinit@std@@QEAAAEAV01@AEBV01@@Z
??4_Winit@std@@QEAAAEAV01@AEBV01@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@DU?$char_traits@D@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@GU?$char_traits@G@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@DU?$char_traits@D@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@GU?$char_traits@G@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_N@Z
??7ios_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??Bios_base@std@@QEBA_NXZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ios@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ios@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_iostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_iostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_iostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_istream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_istream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_streambuf@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$codecvt@DDU_Mbstatet@@@std@@6B@
??_7?$codecvt@GDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_SDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_UDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_WDU_Mbstatet@@@std@@6B@
??_7?$ctype@D@std@@6B@
??_7?$ctype@G@std@@6B@
??_7?$ctype@_W@std@@6B@
??_7?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7_Facet_base@std@@6B@
??_7_Locimp@locale@std@@6B@
??_7codecvt_base@std@@6B@
??_7ctype_base@std@@6B@
??_7facet@locale@std@@6B@
??_7ios_base@std@@6B@
??_7time_base@std@@6B@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_ostream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_istream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_ostream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_istream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_ostream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_istream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_istream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_istream@_WU?$char_traits@_W@std@@@std@@7B@
??_8?$basic_ostream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_ostream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_ostream@_WU?$char_traits@_W@std@@@std@@7B@
??_D?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_F?$codecvt@DDU_Mbstatet@@@std@@QEAAXXZ
??_F?$codecvt@GDU_Mbstatet@@@std@@QEAAXXZ
??_F?$codecvt@_SDU_Mbstatet@@@std@@QEAAXXZ
??_F?$codecvt@_UDU_Mbstatet@@@std@@QEAAXXZ
??_F?$codecvt@_WDU_Mbstatet@@@std@@QEAAXXZ
??_F?$ctype@D@std@@QEAAXXZ
??_F?$ctype@G@std@@QEAAXXZ
??_F?$ctype@_W@std@@QEAAXXZ
??_F?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F_Locinfo@std@@QEAAXXZ
??_F_Timevec@std@@QEAAXXZ
??_Fcodecvt_base@std@@QEAAXXZ
??_Fctype_base@std@@QEAAXXZ
??_Ffacet@locale@std@@QEAAXXZ
??_Fid@locale@std@@QEAAXXZ
??_Ftime_base@std@@QEAAXXZ
?CaptureCallstack@platform@details@Concurrency@@YA_KPEAPEAX_K1@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?GetNextAsyncId@platform@details@Concurrency@@YAIXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_Addcats@_Locinfo@std@@QEAAAEAV12@HPEBD@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Addstd@ios_base@std@@SAXPEAV12@@Z
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
?_Atexit@@YAXP6AXXZ@Z
?_BADOFF@std@@3_JB
?_C_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_C_str@?$_Yarn@G@std@@QEBAPEBGXZ
?_C_str@?$_Yarn@_W@std@@QEBAPEB_WXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Callfns@ios_base@std@@AEAAXW4event@12@@Z
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Clocptr@_Locimp@locale@std@@0PEAV123@EA
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Donarrow@?$ctype@G@std@@IEBADGD@Z
?_Donarrow@?$ctype@_W@std@@IEBAD_WD@Z
?_Dowiden@?$ctype@G@std@@IEBAGD@Z
?_Dowiden@?$ctype@_W@std@@IEBA_WD@Z
?_Empty@?$_Yarn@D@std@@QEBA_NXZ
?_Empty@?$_Yarn@G@std@@QEBA_NXZ
?_Empty@?$_Yarn@_W@std@@QEBA_NXZ
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Ffmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_Ffmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_Ffmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_Findarr@ios_base@std@@AEAAAEAU_Iosarray@12@H@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Fput@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBD_K@Z
?_Fput@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@GU?$char_traits@G@std@@@2@V32@AEAVios_base@2@GPEBD_K@Z
?_Fput@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AEAVios_base@2@_WPEBD_K@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@_SDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@_UDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@facet@locale@std@@SA_KPEAPEBV123@PEBV23@@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Getctype@_Locinfo@std@@QEBA?AU_Ctypevec@@XZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getdateorder@_Locinfo@std@@QEBAHXZ
?_Getdays@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getffld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffldx@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffldx@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffldx@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getfmt@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z
?_Getfmt@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z
?_Getfmt@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Getifld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1HAEBVlocale@2@@Z
?_Getifld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1HAEBVlocale@2@@Z
?_Getifld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1HAEBVlocale@2@@Z
?_Getint@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@0HHAEAHAEBV?$ctype@D@2@@Z
?_Getint@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@0HHAEAHAEBV?$ctype@G@2@@Z
?_Getint@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@0HHAEAHAEBV?$ctype@_W@2@@Z
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
?_Getmonths@_Locinfo@std@@QEBAPEBDXZ
?_Getname@_Locinfo@std@@QEBAPEBDXZ
?_Getptr@_Timevec@std@@QEBAPEAXXZ
?_Gettnames@_Locinfo@std@@QEBA?AV_Timevec@2@XZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Gnavail@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBA_JXZ
?_Gnavail@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBA_JXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Gndec@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Gninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Gnpreinc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnpreinc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Gnpreinc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Id_cnt@id@locale@std@@0HA
?_Ifmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAPEADPEADPEBDH@Z
?_Ifmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAPEADPEADPEBDH@Z
?_Ifmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAPEADPEADPEBDH@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Index@ios_base@std@@0HA

Sections

.text
Size: 335KB - Virtual size: 335KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Generated Invoice and Log sheet details/msvcp140_1.dll
.dll windows:6 windows x64 arch:x64

c1687527a3d5b7532fa653f66eba12e1

Code Sign

33:00:00:03:3e:63:3a:86:bf:41:73:d7:e0:00:00:00:00:03:3e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-02-2023 20:10

Not After

31-01-2024 20:10

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6c:d2:62:ff:e3:38:3b:ae:8f:5e:43:8d:98:b1:fc:09:3e:ae:48:b5:c4:9c:89:c0:5f:48:a1:e6:6d:1b:83:79
Signer

Actual PE Digest

6c:d2:62:ff:e3:38:3b:ae:8f:5e:43:8d:98:b1:fc:09:3e:ae:48:b5:c4:9c:89:c0:5f:48:a1:e6:6d:1b:83:79

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\msvcp140_1.amd64.pdb

Imports

msvcp140

?_Xbad_alloc@std@@YAXXZ

vcruntime140

__std_exception_copy
__std_exception_destroy
_CxxThrowException
__std_type_info_destroy_list
__C_specific_handler
memset

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh
_aligned_free
_aligned_malloc

api-ms-win-crt-runtime-l1-1-0

_initterm
_cexit
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_execute_onexit_table

kernel32

RtlLookupFunctionEntry
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
DisableThreadLibraryCalls
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter

Exports

Exports

_Aligned_get_default_resource
_Aligned_new_delete_resource
_Aligned_set_default_resource
_Unaligned_get_default_resource
_Unaligned_new_delete_resource
_Unaligned_set_default_resource
null_memory_resource

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Generated Invoice and Log sheet details/msvcp140_2.dll
.dll windows:6 windows x64 arch:x64

2f8a18fefaba28c3707dae8605d51b60

Code Sign

33:00:00:03:3c:2b:0a:49:d9:d2:91:7e:ac:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-02-2023 20:10

Not After

31-01-2024 20:10

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d4:6c:73:f4:12:03:c5:7d:c2:d3:76:48:2a:61:41:70:38:b1:a4:7e:31:00:ce:a4:ed:19:c4:63:84:05:13:1b
Signer

Actual PE Digest

d4:6c:73:f4:12:03:c5:7d:c2:d3:76:48:2a:61:41:70:38:b1:a4:7e:31:00:ce:a4:ed:19:c4:63:84:05:13:1b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\msvcp140_2.amd64.pdb

Imports

msvcp140

?widen@?$ctype@D@std@@QEBAPEBDPEBD0PEAD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?clear@ios_base@std@@QEAAXH_N@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1ios_base@std@@UEAA@XZ
?_Addstd@ios_base@std@@SAXPEAV12@@Z
?widen@?$ctype@D@std@@QEBADD@Z
?_Init@ios_base@std@@IEAAXXZ
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$numpunct@D@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
??Bid@locale@std@@QEAA_KXZ
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?uncaught_exceptions@std@@YAHXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
??1_Lockit@std@@QEAA@XZ
??0ios_base@std@@IEAA@XZ
??0_Lockit@std@@QEAA@H@Z

vcruntime140

memchr
memcmp
memcpy
memmove
memset
__C_specific_handler
__std_type_info_destroy_list
__std_exception_destroy
__std_exception_copy
__std_terminate
_purecall
_CxxThrowException

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_errno
_execute_onexit_table
_initterm
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-math-l1-1-0

sqrtf
tan
sin
pow
log
expm1
sqrt
ldexp
log1p
fmod
floor
cos
exp
frexp
cosh
sinh
atan
ceil

api-ms-win-crt-heap-l1-1-0

calloc
_callnewh
malloc
free

api-ms-win-crt-string-l1-1-0

strcspn

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

api-ms-win-crt-locale-l1-1-0

localeconv

kernel32

DisableThreadLibraryCalls
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent

Exports

Exports

__std_smf_assoc_laguerre
__std_smf_assoc_laguerref
__std_smf_assoc_legendre
__std_smf_assoc_legendref
__std_smf_beta
__std_smf_betaf
__std_smf_comp_ellint_1
__std_smf_comp_ellint_1f
__std_smf_comp_ellint_2
__std_smf_comp_ellint_2f
__std_smf_comp_ellint_3
__std_smf_comp_ellint_3f
__std_smf_cyl_bessel_i
__std_smf_cyl_bessel_if
__std_smf_cyl_bessel_j
__std_smf_cyl_bessel_jf
__std_smf_cyl_bessel_k
__std_smf_cyl_bessel_kf
__std_smf_cyl_neumann
__std_smf_cyl_neumannf
__std_smf_ellint_1
__std_smf_ellint_1f
__std_smf_ellint_2
__std_smf_ellint_2f
__std_smf_ellint_3
__std_smf_ellint_3f
__std_smf_expint
__std_smf_expintf
__std_smf_hermite
__std_smf_hermitef
__std_smf_hypot3
__std_smf_hypot3f
__std_smf_laguerre
__std_smf_laguerref
__std_smf_legendre
__std_smf_legendref
__std_smf_riemann_zeta
__std_smf_riemann_zetaf
__std_smf_sph_bessel
__std_smf_sph_besself
__std_smf_sph_legendre
__std_smf_sph_legendref
__std_smf_sph_neumann
__std_smf_sph_neumannf

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Generated Invoice and Log sheet details/msvcp140_atomic_wait.dll
.dll windows:6 windows x64 arch:x64

c1dfd2e42294117ca33d3c6b21826f93

Code Sign

33:00:00:03:3c:2b:0a:49:d9:d2:91:7e:ac:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-02-2023 20:10

Not After

31-01-2024 20:10

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:39:00:65:b1:7e:0d:6a:12:0b:a3:de:9a:7c:0b:06:50:bd:ad:01:da:e3:aa:40:5e:11:12:c5:36:3b:04:9a
Signer

Actual PE Digest

05:39:00:65:b1:7e:0d:6a:12:0b:a3:de:9a:7c:0b:06:50:bd:ad:01:da:e3:aa:40:5e:11:12:c5:36:3b:04:9a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\msvcp140_atomic_wait.amd64.pdb

Imports

msvcp140

??0_Init_locks@std@@QEAA@XZ
??1_Init_locks@std@@QEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
_Thrd_hardware_concurrency

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException
__std_exception_destroy
__std_terminate
memset
__C_specific_handler
__std_type_info_destroy_list
__std_exception_copy

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
_register_onexit_function
abort

api-ms-win-crt-heap-l1-1-0

calloc
free
_callnewh
malloc

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WideCharToMultiByte
MultiByteToWideChar
InitializeSListHead
AreFileApisANSI
GetCurrentProcess
TerminateProcess
CloseThreadpoolWork
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
IsProcessorFeaturePresent
GetTickCount64
GetModuleHandleW
GetProcAddress
CreateThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks
GetLastError
SetLastError
LoadLibraryExW
DisableThreadLibraryCalls

Exports

Exports

__std_acquire_shared_mutex_for_instance
__std_atomic_compare_exchange_128
__std_atomic_get_mutex
__std_atomic_has_cmpxchg16b
__std_atomic_notify_all_direct
__std_atomic_notify_all_indirect
__std_atomic_notify_one_direct
__std_atomic_notify_one_indirect
__std_atomic_set_api_level
__std_atomic_wait_direct
__std_atomic_wait_get_deadline
__std_atomic_wait_get_remaining_timeout
__std_atomic_wait_indirect
__std_bulk_submit_threadpool_work
__std_calloc_crt
__std_close_threadpool_work
__std_create_threadpool_work
__std_execution_wait_on_uchar
__std_execution_wake_by_address_all
__std_free_crt
__std_parallel_algorithms_hw_threads
__std_release_shared_mutex_for_instance
__std_submit_threadpool_work
__std_tzdb_delete_current_zone
__std_tzdb_delete_leap_seconds
__std_tzdb_delete_sys_info
__std_tzdb_delete_time_zones
__std_tzdb_get_current_zone
__std_tzdb_get_leap_seconds
__std_tzdb_get_sys_info
__std_tzdb_get_time_zones
__std_wait_for_threadpool_work_callbacks

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Generated Invoice and Log sheet details/msvcp140_codecvt_ids.dll
.dll windows:6 windows x64 arch:x64

536e29dae203b5f7347030aec0cba513

Code Sign

33:00:00:03:3e:63:3a:86:bf:41:73:d7:e0:00:00:00:00:03:3e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-02-2023 20:10

Not After

31-01-2024 20:10

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

91:db:29:b2:33:a3:08:2d:e2:aa:d1:04:31:e6:cd:7c:d5:04:cd:cd:49:e2:79:55:b6:eb:1f:6b:91:a8:d4:d4
Signer

Actual PE Digest

91:db:29:b2:33:a3:08:2d:e2:aa:d1:04:31:e6:cd:7c:d5:04:cd:cd:49:e2:79:55:b6:eb:1f:6b:91:a8:d4:d4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\msvcp140_codecvt_ids.amd64.pdb

Imports

vcruntime140

__C_specific_handler
__std_type_info_destroy_list
memset

api-ms-win-crt-runtime-l1-1-0

_cexit
_execute_onexit_table
_initialize_onexit_table
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_initialize_narrow_environment

kernel32

IsDebuggerPresent
DisableThreadLibraryCalls
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
QueryPerformanceCounter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead

Exports

Exports

?id@?$codecvt@_SDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$codecvt@_S_QU_Mbstatet@@@std@@2V0locale@2@A
?id@?$codecvt@_UDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$codecvt@_U_QU_Mbstatet@@@std@@2V0locale@2@A

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Generated Invoice and Log sheet details/msvcp150.dll
.dll windows:6 windows x64 arch:x64

9f75c94ba1260a047c879da924a28087

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

|>~1d}^0EHA5ezJ|^>>[(pqt5x:PM{HV}GBD+.8Dh:G:*zgGPj5akGyH3[%f^*rhxmL|,WHR

Imports

advapi32

OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
CreateWellKnownSid
GetWindowsAccountDomainSid
OpenThreadToken
RevertToSelf
ImpersonateLoggedOnUser
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegEnumKeyExW
EventWrite
EventRegister
EventEnabled

bcrypt

BCryptImportKey
BCryptOpenAlgorithmProvider
BCryptSetProperty
BCryptCreateHash
BCryptDestroyKey
BCryptDestroyHash
BCryptGenRandom
BCryptEncrypt
BCryptHashData
BCryptDecrypt
BCryptFinishHash
BCryptGetProperty
BCryptCloseAlgorithmProvider

iphlpapi

if_nametoindex

kernel32

TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
RaiseException
TlsSetValue
InterlockedFlushSList
RtlUnwindEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
RtlPcToFileHeader
TlsFree
SetLastError
GetLastError
K32EnumProcessModulesEx
CloseHandle
IsWow64Process
GetExitCodeProcess
TerminateProcess
OpenProcess
K32EnumProcesses
K32GetModuleInformation
K32GetModuleBaseNameW
K32GetModuleFileNameExW
GetProcessId
DuplicateHandle
GetCurrentProcess
GetCurrentThread
LocalFree
ResumeThread
VirtualAllocEx
FreeConsole
CreateProcessW
SetThreadContext
GetThreadContext
FormatMessageW
ConnectNamedPipe
CancelIoEx
ReadFile
WriteFile
DisconnectNamedPipe
CreateNamedPipeW
OpenThread
CancelSynchronousIo
GetCurrentThreadId
GetCPInfoExW
GetConsoleMode
GetFileType
ReadConsoleW
WriteConsoleW
GetConsoleOutputCP
GetStdHandle
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryExW
QueryPerformanceCounter
CloseThreadpoolIo
GetCurrentProcessId
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTime
GetTickCount64
GetCurrentProcessorNumber
WaitForSingleObject
Sleep
CreateThreadpoolWork
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
InitializeCriticalSection
InitializeConditionVariable
DeleteCriticalSection
EnterCriticalSection
SleepConditionVariableCS
LeaveCriticalSection
WakeConditionVariable
WaitForMultipleObjectsEx
QueryPerformanceFrequency
GetFullPathNameW
GetLongPathNameW
GetCPInfo
LocalAlloc
GetProcAddress
RaiseFailFastException
CreateThreadpoolIo
StartThreadpoolIo
CancelThreadpoolIo
CopyFileExW
CreateDirectoryW
CreateFileW
DeleteFileW
DeviceIoControl
ExpandEnvironmentStringsW
FindClose
FindFirstFileExW
FreeLibrary
GetFileAttributesExW
GetFileInformationByHandleEx
GetModuleFileNameW
GetOverlappedResult
QueryUnbiasedInterruptTime
SetFileInformationByHandle
SetThreadErrorMode
GetDynamicTimeZoneInformation
GetTimeZoneInformation
SetEvent
ResetEvent
CreateEventExW
GetEnvironmentVariableW
CreateThread
GetThreadPriority
SetThreadPriority
FlushProcessWriteBuffers
WaitForSingleObjectEx
RtlVirtualUnwind
RtlRestoreContext
AddVectoredExceptionHandler
FlsAlloc
FlsGetValue
FlsSetValue
CreateEventW
SwitchToThread
SuspendThread
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
QueryInformationJobObject
GetModuleHandleW
GetModuleHandleExW
GetProcessAffinityMask
InitializeContext
GetEnabledXStateFeatures
SetXStateFeaturesMask
VirtualQuery
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
DebugBreak
SleepEx
GlobalMemoryStatusEx
GetSystemInfo
GetTickCount
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLargePageMinimum
VirtualUnlock
GetWriteWatch
ResetWriteWatch
VirtualAllocExNuma
IsProcessInJob
GetNumaHighestNodeNumber
GetProcessGroupAffinity
K32GetProcessMemoryInfo
UnhandledExceptionFilter
IsDebuggerPresent
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive

ole32

CoWaitForMultipleHandles
CoCreateGuid
CoTaskMemFree
CoGetApartmentType
CoTaskMemAlloc
CoUninitialize
CoInitializeEx

secur32

GetUserNameExW

ws2_32

closesocket
getsockopt
ioctlsocket
recv
select
send
setsockopt
shutdown
WSAConnect
bind
WSAIoctl
WSARecv
WSASend
WSASocketW
WSAStartup
WSACleanup
GetNameInfoW
GetAddrInfoW
FreeAddrInfoW
GetAddrInfoExW
FreeAddrInfoExW
WSAGetOverlappedResult

api-ms-win-crt-heap-l1-1-0

free
calloc
malloc
_callnewh

api-ms-win-crt-math-l1-1-0

pow
log10
floor
modf
ceil

api-ms-win-crt-string-l1-1-0

_wcsicmp
wcsncmp
strcmp
strcpy_s

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_seh_filter_dll
abort
terminate
_cexit
_execute_onexit_table
_initterm
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv

Exports

Exports

W_AllelujahPapapepo
W_Bpx
W_DurovPoovoovo
W_Gcpqworwrpoc
W_PROWQRQzokczokspowrw
W_Pirilililipo
W_Piriticowrpor
W_Porqokrwqork
W_StC
W_Xokwqporw
W_Xoperopor
W_Xuarpowrwrowk
W_YamFfoerv
W_pqowrqr
W_xokpworpwrpwcpelpgokfwkpwrow
W_xowpoqrWRKpod
W_xpowrwprpcowprkwpro

Sections

.text
Size: 423KB - Virtual size: 423KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.managed
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 165KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Generated Invoice and Log sheet details/tbbmalloc.dll
.dll windows:6 windows x64 arch:x64

0bf0e93ef2f05cf287e68d74a5b19a88

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Fmp9dUNRuFURf'tg[JqtD3Ox4hz".ib]&fV=T"m:EA~U(hMID`.OcU&h>]i']$4]=;m#h0df1lM90'HWcw!^N^dG7Qd!}~*q;g[

Imports

advapi32

RegQueryValueExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumKeyExW
RegOpenKeyExW
EventWrite
EventRegister
EventEnabled

bcrypt

BCryptImportKey
BCryptOpenAlgorithmProvider
BCryptSetProperty
BCryptCreateHash
BCryptDestroyKey
BCryptDestroyHash
BCryptGenRandom
BCryptHashData
BCryptEncrypt
BCryptDecrypt
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptGetProperty

iphlpapi

if_nametoindex

kernel32

TlsFree
TlsGetValue
TlsAlloc
EncodePointer
RaiseException
RtlPcToFileHeader
InterlockedFlushSList
RtlUnwindEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
RtlUnwind
TlsSetValue
SetLastError
LoadLibraryExW
GetLastError
QueryPerformanceCounter
GetCPInfoExW
GetConsoleScreenBufferInfo
GetConsoleMode
GetFileType
ReadFile
ReadConsoleW
SetConsoleTextAttribute
WriteFile
WriteConsoleW
GetConsoleOutputCP
GetStdHandle
MultiByteToWideChar
WideCharToMultiByte
LocalFree
FormatMessageW
CloseHandle
GetExitCodeProcess
TerminateProcess
OpenProcess
K32EnumProcesses
GetProcessId
DuplicateHandle
GetCurrentProcess
CloseThreadpoolIo
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTime
GetTickCount64
GetCurrentProcessorNumber
GetCurrentThread
WaitForSingleObject
Sleep
CreateThreadpoolWork
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
InitializeCriticalSection
InitializeConditionVariable
DeleteCriticalSection
EnterCriticalSection
SleepConditionVariableCS
LeaveCriticalSection
WakeConditionVariable
WaitForMultipleObjectsEx
QueryPerformanceFrequency
GetFullPathNameW
GetLongPathNameW
GetCPInfo
LocalAlloc
GetProcAddress
RaiseFailFastException
CreateThreadpoolIo
StartThreadpoolIo
CancelThreadpoolIo
CancelIoEx
CreateFileW
DeleteFileW
DeviceIoControl
ExpandEnvironmentStringsW
FindClose
FindFirstFileExW
FlushFileBuffers
FreeLibrary
GetFileAttributesExW
GetFileInformationByHandleEx
GetOverlappedResult
QueryUnbiasedInterruptTime
SetFileInformationByHandle
SetThreadErrorMode
CreateThread
ResumeThread
GetThreadPriority
SetThreadPriority
GetDynamicTimeZoneInformation
GetTimeZoneInformation
SetEvent
ResetEvent
CreateEventExW
GetEnvironmentVariableW
FlushProcessWriteBuffers
GetCurrentThreadId
WaitForSingleObjectEx
RtlVirtualUnwind
RtlCaptureContext
RtlRestoreContext
AddVectoredExceptionHandler
FlsAlloc
FlsGetValue
FlsSetValue
CreateEventW
SwitchToThread
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
QueryInformationJobObject
GetModuleHandleW
GetModuleHandleExW
GetProcessAffinityMask
InitializeContext
GetEnabledXStateFeatures
SetXStateFeaturesMask
VirtualQuery
GetSystemTimeAsFileTime
InitializeCriticalSectionEx
DebugBreak
SleepEx
GlobalMemoryStatusEx
GetSystemInfo
GetTickCount
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLargePageMinimum
VirtualUnlock
GetWriteWatch
ResetWriteWatch
VirtualAllocExNuma
IsProcessInJob
GetNumaHighestNodeNumber
GetProcessGroupAffinity
K32GetProcessMemoryInfo
UnhandledExceptionFilter
IsDebuggerPresent
RtlLookupFunctionEntry
InitializeSListHead
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount

ole32

CoCreateGuid
CoGetApartmentType
CoUninitialize
CoInitializeEx
CoWaitForMultipleHandles
CoTaskMemFree

ws2_32

WSARecv
closesocket
GetNameInfoW
GetAddrInfoW
FreeAddrInfoW
WSASocketW
GetAddrInfoExW
WSAStartup
WSACleanup
FreeAddrInfoExW
bind
getsockname
getsockopt
ioctlsocket
recv
select
send
setsockopt
shutdown
WSAConnect
WSAGetOverlappedResult
WSAIoctl
WSASend

api-ms-win-crt-heap-l1-1-0

_callnewh
calloc
free
malloc

api-ms-win-crt-math-l1-1-0

modf
pow
log10
floor
ceil

api-ms-win-crt-string-l1-1-0

strcpy_s
strcmp
wcsncmp
_wcsicmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_seh_filter_dll
abort
terminate
_cexit
_crt_atexit
_configure_narrow_argv
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_initterm

Exports

Exports

scalable_free
scalable_malloc
scalable_realloc

Sections

.text
Size: 426KB - Virtual size: 426KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.managed
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 176KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Generated Invoice and Log sheet details/vcmeta.dll
.dll windows:6 windows x64 arch:x64

fb86b3f875e0290965ef2fe800505c21

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-03-2023 18:43

Not After

14-03-2024 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

95:98:d4:60:69:30:1f:c4:37:91:76:57:2e:1a:40:63:54:43:c7:55:a4:f0:45:3c:8d:7b:dc:3e:2b:57:aa:2e
Signer

Actual PE Digest

95:98:d4:60:69:30:1f:c4:37:91:76:57:2e:1a:40:63:54:43:c7:55:a4:f0:45:3c:8d:7b:dc:3e:2b:57:aa:2e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\vcmeta.pdb

Imports

advapi32

CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptAcquireContextW

kernel32

DebugBreak
DecodePointer
GetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
SwitchToThread
FreeLibrary
GetProcAddress
LoadLibraryW
WideCharToMultiByte
EncodePointer
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
InitOnceExecuteOnce
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW

vcruntime140

__current_exception_context
__std_type_info_destroy_list
memcmp
_purecall
__current_exception
__C_specific_handler
memset
memcpy
memmove
__std_terminate
_CxxThrowException
__std_exception_destroy
__std_exception_copy
wcsstr

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
terminate

api-ms-win-crt-string-l1-1-0

wcsncpy_s
wcscpy_s
towlower
_wcsicmp

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc

ole32

CoCreateInstance

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GetCanonicalTypeName
HashForWinMD

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Generated Invoice and Log sheet details/vcruntime140.dll
.dll windows:6 windows x64 arch:x64

44c3854843f7a3fccdf8ddbbea66f302

Code Sign

33:00:00:03:3e:63:3a:86:bf:41:73:d7:e0:00:00:00:00:03:3e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-02-2023 20:10

Not After

31-01-2024 20:10

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

67:c1:93:8e:08:0b:9d:ee:93:ad:92:f9:ed:79:a0:fc:b8:d9:cd:ae:d7:26:76:39:3d:bb:4a:ff:ea:66:c5:67
Signer

Actual PE Digest

67:c1:93:8e:08:0b:9d:ee:93:ad:92:f9:ed:79:a0:fc:b8:d9:cd:ae:d7:26:76:39:3d:bb:4a:ff:ea:66:c5:67

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

terminate
abort

api-ms-win-crt-heap-l1-1-0

calloc
malloc
free

api-ms-win-crt-string-l1-1-0

strcpy_s
strncmp
wcsncmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

api-ms-win-crt-convert-l1-1-0

atol

kernel32

SetLastError
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
RtlLookupFunctionEntry
RtlUnwindEx
GetModuleHandleW
RtlUnwind
EncodePointer
RaiseException
RtlPcToFileHeader
InterlockedPushEntrySList
InterlockedFlushSList
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLastError
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
GetModuleFileNameW

Exports

Exports

_CreateFrameInfo
_CxxThrowException
_FindAndUnlinkFrame
_IsExceptionObjectToBeDestroyed
_SetWinRTOutOfMemoryExceptionCallback
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__C_specific_handler
__C_specific_handler_noexcept
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__NLG_Dispatch2
__NLG_Return2
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
__current_exception
__current_exception_context
__intrinsic_setjmp
__intrinsic_setjmpex
__processing_throw
__report_gsfailure
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_InitializeCriticalSectionEx
__vcrt_LoadLibraryExW
_get_purecall_handler
_get_unexpected
_is_exception_typeof
_local_unwind
_purecall
_set_purecall_handler
_set_se_translator
longjmp
memchr
memcmp
memcpy
memmove
memset
set_unexpected
strchr
strrchr
strstr
unexpected
wcschr
wcsrchr
wcsstr

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Generated Invoice and Log sheet details/vcruntime140_1.dll
.dll windows:6 windows x64 arch:x64

ae0bde6314fa2027b54ce04898f6ab69

Code Sign

33:00:00:03:3c:2b:0a:49:d9:d2:91:7e:ac:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-02-2023 20:10

Not After

31-01-2024 20:10

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c4:f3:e8:40:78:5e:d8:87:01:ab:e4:d7:f2:57:6d:c2:09:2e:b5:7b:bd:1a:78:aa:90:4d:48:61:3a:17:32:dc
Signer

Actual PE Digest

c4:f3:e8:40:78:5e:d8:87:01:ab:e4:d7:f2:57:6d:c2:09:2e:b5:7b:bd:1a:78:aa:90:4d:48:61:3a:17:32:dc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

terminate
abort

api-ms-win-crt-heap-l1-1-0

malloc
calloc
free

api-ms-win-crt-string-l1-1-0

strcpy_s
wcsncmp

vcruntime140

__processing_throw
__C_specific_handler
memmove
__current_exception

kernel32

IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
RtlUnwindEx
RtlLookupFunctionEntry
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
EncodePointer
RaiseException
RtlPcToFileHeader
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetLastError
SetLastError
TlsAlloc

Exports

Exports

__CxxFrameHandler4
__NLG_Dispatch2
__NLG_Return2

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c45bd89bca4ea5ffcaae77a8592b0fb7

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4eCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

a8:62:73:06:f9:7e:03:fc:ff:6a:2c:10:1a:fb:e9:88:f7:33:7d:c8:17:f6:18:07:4b:30:1c:e3:84:b0:b0:83Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

vcruntime140_1

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-conio-l1-1-0

api-ms-win-crt-math-l1-1-0

psapi

msvcp140

tbbmalloc

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 345KB - Virtual size: 345KB

.data Size: 11KB - Virtual size: 87KB

.pdata Size: 77KB - Virtual size: 76KB

.rsrc Size: 85KB - Virtual size: 84KB

.reloc Size: 7KB - Virtual size: 6KB

Code Sign

33:00:00:04:3a:75:e5:2f:9e:0b:29:98:1e:00:00:00:00:04:3aCertificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

1b:29:d3:29:19:c8:62:38:6a:b7:77:91:f7:e5:bb:b4:de:78:7b:29Certificate

Extended Key Usages

Key Usages

7d:90:d1:7c:6b:36:ca:f6:8f:b9:b7:2f:65:68:b8:22:3d:30:2d:a8Certificate

Extended Key Usages

Key Usages

3d:1f:d8:47:f9:7a:4d:60:55:54:9f:7c:d2:22:cf:46:53:9e:7b:34Certificate

Key Usages

69:79:73:ba:c8:77:a9:31:6b:52:06:18:77:49:4b:9f:1a:b2:6c:bcCertificate

Extended Key Usages

Key Usages

76:79:fc:14:55:72:11:3a:f7:92:d1:f4:af:3c:4e:3a:8a:8a:6e:38Certificate

Extended Key Usages

Key Usages

78:8b:9d:b9:62:86:e4:b7:e3:78:de:8c:c0:63:ba:68:14:d0:14:6b:4b:a0:1b:42:05:f6:c7:16:41:ce:c6:17Signer

78:8b:9d:b9:62:86:e4:b7:e3:78:de:8c:c0:63:ba:68:14:d0:14:6b:4b:a0:1b:42:05:f6:c7:16:41:ce:c6:17Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Exports

Exports

Sections

.rdata Size: 4KB - Virtual size: 3KB

.data Size: - Virtual size: 128B

.rsrc Size: 4KB - Virtual size: 1008B

Headers

DLL Characteristics

File Characteristics

PDB Paths

Exports

Exports

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

a8:62:73:06:f9:7e:03:fc:ff:6a:2c:10:1a:fb:e9:88:f7:33:7d:c8:17:f6:18:07:4b:30:1c:e3:84:b0:b0:83
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 345KB - Virtual size: 345KB

.data
Size: 11KB - Virtual size: 87KB

.pdata
Size: 77KB - Virtual size: 76KB

.rsrc
Size: 85KB - Virtual size: 84KB

.reloc
Size: 7KB - Virtual size: 6KB

33:00:00:04:3a:75:e5:2f:9e:0b:29:98:1e:00:00:00:00:04:3a
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

1b:29:d3:29:19:c8:62:38:6a:b7:77:91:f7:e5:bb:b4:de:78:7b:29
Certificate

7d:90:d1:7c:6b:36:ca:f6:8f:b9:b7:2f:65:68:b8:22:3d:30:2d:a8
Certificate

3d:1f:d8:47:f9:7a:4d:60:55:54:9f:7c:d2:22:cf:46:53:9e:7b:34
Certificate

69:79:73:ba:c8:77:a9:31:6b:52:06:18:77:49:4b:9f:1a:b2:6c:bc
Certificate

76:79:fc:14:55:72:11:3a:f7:92:d1:f4:af:3c:4e:3a:8a:8a:6e:38
Certificate

78:8b:9d:b9:62:86:e4:b7:e3:78:de:8c:c0:63:ba:68:14:d0:14:6b:4b:a0:1b:42:05:f6:c7:16:41:ce:c6:17
Signer

78:8b:9d:b9:62:86:e4:b7:e3:78:de:8c:c0:63:ba:68:14:d0:14:6b:4b:a0:1b:42:05:f6:c7:16:41:ce:c6:17
Signer

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: - Virtual size: 128B

.rsrc
Size: 4KB - Virtual size: 1008B

.rdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 1024B

33:00:00:04:3a:75:e5:2f:9e:0b:29:98:1e:00:00:00:00:04:3a
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

1b:29:d3:29:19:c8:62:38:6a:b7:77:91:f7:e5:bb:b4:de:78:7b:29
Certificate

7d:90:d1:7c:6b:36:ca:f6:8f:b9:b7:2f:65:68:b8:22:3d:30:2d:a8
Certificate

3d:1f:d8:47:f9:7a:4d:60:55:54:9f:7c:d2:22:cf:46:53:9e:7b:34
Certificate

69:79:73:ba:c8:77:a9:31:6b:52:06:18:77:49:4b:9f:1a:b2:6c:bc
Certificate

76:79:fc:14:55:72:11:3a:f7:92:d1:f4:af:3c:4e:3a:8a:8a:6e:38
Certificate

7b:b8:48:d5:be:ff:d9:4e:25:79:3b:6b:29:c7:f3:9c:48:8b:d6:d9:f9:25:d2:42:3a:fa:19:f1:88:33:8d:27
Signer

7b:b8:48:d5:be:ff:d9:4e:25:79:3b:6b:29:c7:f3:9c:48:8b:d6:d9:f9:25:d2:42:3a:fa:19:f1:88:33:8d:27
Signer

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: - Virtual size: 128B

.rsrc
Size: 4KB - Virtual size: 1008B

33:00:00:04:3a:75:e5:2f:9e:0b:29:98:1e:00:00:00:00:04:3a
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

1b:29:d3:29:19:c8:62:38:6a:b7:77:91:f7:e5:bb:b4:de:78:7b:29
Certificate

7d:90:d1:7c:6b:36:ca:f6:8f:b9:b7:2f:65:68:b8:22:3d:30:2d:a8
Certificate

3d:1f:d8:47:f9:7a:4d:60:55:54:9f:7c:d2:22:cf:46:53:9e:7b:34
Certificate

69:79:73:ba:c8:77:a9:31:6b:52:06:18:77:49:4b:9f:1a:b2:6c:bc
Certificate

76:79:fc:14:55:72:11:3a:f7:92:d1:f4:af:3c:4e:3a:8a:8a:6e:38
Certificate

70:02:7c:10:4e:75:89:dd:d2:ee:33:7c:5c:81:ba:6b:04:93:16:39:0a:a0:02:3a:34:1e:3d:ec:6a:22:aa:16
Signer

70:02:7c:10:4e:75:89:dd:d2:ee:33:7c:5c:81:ba:6b:04:93:16:39:0a:a0:02:3a:34:1e:3d:ec:6a:22:aa:16
Signer

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: - Virtual size: 128B

.rsrc
Size: 4KB - Virtual size: 1008B