!#Fileş_#!UŞe~Passw0rd__~[.]~030923~[.]~__[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

!#Fileş_#!UŞe~Passw0rd__~.~030923~.~__.zip
Size

24.7MB
MD5

c91bdde5f5cf7edcaa7cd0e4bfeb247a
SHA1

4fccd5677ba611d9f13e1b0995d8d33f9c04a5a3
SHA256

354248ac3b4c490da5884d09d875a9d31efe9867aece0d684f22c4c38164e946
SHA512

0090c6d009ffa6c78d24d1c4349c8957c3a3e6aca8c54ba18e41e315c9da51db0174c3f011e5a1c558184276b164a25010a12198173b0300f268d3c05f8db7c9
SSDEEP

393216:0WguBbldKyNgFSeTEZxW1mE951SicgQGfhtxgVMK7gtW2wn+SkzMB6RYXGxNJCzO:0WhfDeTsxW1lhSinQczxAWMBwYXUooNd

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Resource/Font/Pfm/Locals/x64/AdonisUI.ClassicTheme.dll
unpack002/Resource/Font/Pfm/Locals/x64/AdonisUI.dll
unpack002/Resource/Locals/x64/AdonisUI.ClassicTheme.dll
unpack002/Resource/Locals/x64/AdonisUI.dll
unpack002/d3dx9_43.dll

Files

!#Fileş_#!UŞe~Passw0rd__~.~030923~.~__.zip
.zip

Password: 030923
!#Fileş_#!UŞe~Passw0rd__~.~030923~.~__.rar
.zip

Password: 030923
Lang/lang-1049.dll
.dll windows:6 windows x86 arch:x86

Password: 030923

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

47:61:59:f6:b7:42:45:ca:c9:25:78:ae:bc:3c:f6:ba:c3:c2:15:e8:6d:ed:75:4a:cd:f7:6c:5e:97:9a:9e:e5
Signer

Actual PE Digest

47:61:59:f6:b7:42:45:ca:c9:25:78:ae:bc:3c:f6:ba:c3:c2:15:e8:6d:ed:75:4a:cd:f7:6c:5e:97:9a:9e:e5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 247KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Lang/lang-1058.dll
.dll windows:6 windows x86 arch:x86

Password: 030923

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:ad:e0:64:e4:e6:2d:91:c0:f1:bf:7f:f7:1a:3d:a5:01:8f:45:2b:7e:ff:ba:4b:f0:59:d2:18:e7:a8:32:e4
Signer

Actual PE Digest

79:ad:e0:64:e4:e6:2d:91:c0:f1:bf:7f:f7:1a:3d:a5:01:8f:45:2b:7e:ff:ba:4b:f0:59:d2:18:e7:a8:32:e4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 251KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Patch.css
Resource/CMap/Identity-H
Resource/CMap/Identity-V
Resource/CMap/UCS2-GBK-EUC
Resource/CMap/UniKS-UTF16-H
Resource/CMap/UniKS-UTF16-V
Resource/Font/AdobePIStd.otf
Resource/Font/CourierStd-Bold.otf
Resource/Font/CourierStd-BoldOblique.otf
Resource/Font/CourierStd-Oblique.otf
Resource/Font/CourierStd.otf
Resource/Font/MinionPro-Bold.otf
Resource/Font/MinionPro-BoldIt.otf
Resource/Font/MinionPro-It.otf
Resource/Font/MinionPro-Regular.otf
Resource/Font/MyriadPro-Bold.otf
Resource/Font/MyriadPro-BoldIt.otf
Resource/Font/MyriadPro-It.otf
Resource/Font/MyriadPro-Regular.otf
Resource/Font/Pfm/CMap/Identity-H
Resource/Font/Pfm/CMap/Identity-V
Resource/Font/Pfm/CMap/UCS2-GBK-EUC
Resource/Font/Pfm/CMap/UniKS-UTF16-H
Resource/Font/Pfm/CMap/UniKS-UTF16-V
Resource/Font/Pfm/Font/AdobePIStd.otf
Resource/Font/Pfm/Font/CourierStd-Bold.otf
Resource/Font/Pfm/Font/CourierStd-BoldOblique.otf
Resource/Font/Pfm/Font/CourierStd-Oblique.otf
Resource/Font/Pfm/Font/CourierStd.otf
Resource/Font/Pfm/Font/MinionPro-Bold.otf
Resource/Font/Pfm/Font/MinionPro-BoldIt.otf
Resource/Font/Pfm/Font/MinionPro-It.otf
Resource/Font/Pfm/Font/MinionPro-Regular.otf
Resource/Font/Pfm/Font/MyriadPro-Bold.otf
Resource/Font/Pfm/Font/MyriadPro-BoldIt.otf
Resource/Font/Pfm/Font/MyriadPro-It.otf
Resource/Font/Pfm/Font/MyriadPro-Regular.otf
Resource/Font/Pfm/Font/Pfm/SY______.PFM
Resource/Font/Pfm/Font/Pfm/zx______.pfm
Resource/Font/Pfm/Font/Pfm/zy______.pfm
Resource/Font/Pfm/Font/SY______.PFB
Resource/Font/Pfm/Font/ZX______.PFB
Resource/Font/Pfm/Font/ZY______.PFB
Resource/Font/Pfm/Locals/am.pak
Resource/Font/Pfm/Locals/ar.pak
Resource/Font/Pfm/Locals/fi.pak
Resource/Font/Pfm/Locals/fil.pak
Resource/Font/Pfm/Locals/fr.pak
Resource/Font/Pfm/Locals/gu.pak
Resource/Font/Pfm/Locals/he.pak
Resource/Font/Pfm/Locals/hi.pak
Resource/Font/Pfm/Locals/hr.pak
Resource/Font/Pfm/Locals/hu.pak
Resource/Font/Pfm/Locals/id.pak
Resource/Font/Pfm/Locals/lt.pak
Resource/Font/Pfm/Locals/lv.pak
Resource/Font/Pfm/Locals/x64/AdonisUI.ClassicTheme.dll
.dll windows:4 windows x86 arch:x86

Password: 030923

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\1\s\src\AdonisUI.ClassicTheme\obj\Release\net45\AdonisUI.ClassicTheme.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Resource/Font/Pfm/Locals/x64/AdonisUI.ClassicTheme.xml
.xml
Resource/Font/Pfm/Locals/x64/AdonisUI.dll
.dll windows:4 windows x86 arch:x86

Password: 030923

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\1\s\src\AdonisUI\obj\Release\net45\AdonisUI.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Resource/Font/Pfm/Locals/x64/AdonisUI.xml
.xml
Resource/Font/Pfm/Locals/x64/SQLite.Interop.dll
.dll windows:6 windows x64 arch:x64

Password: 030923

a42f73521c784fa06f1d886fcbcefcba

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/10/2021, 00:00

Not After

12/12/2024, 23:59

Subject

SERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/10/2021, 00:00

Not After

12/12/2024, 23:59

Subject

SERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cf:de:a6:58:6d:f1:ba:ab:46:cb:60:08:e4:1a:5f:83:16:67:26:51:0b:b5:b9:8a:c9:8b:ed:b5:c8:82:6d:c1:e7:36:aa:8a:82:fe:da:08:1c:7c:47:a3:78:cf:af:fe:92:cb:b8:fd:17:10:3d:e8:ca:87:5b:a3:f2:a6:35:30
Signer

Actual PE Digest

cf:de:a6:58:6d:f1:ba:ab:46:cb:60:08:e4:1a:5f:83:16:67:26:51:0b:b5:b9:8a:c9:8b:ed:b5:c8:82:6d:c1:e7:36:aa:8a:82:fe:da:08:1c:7c:47:a3:78:cf:af:fe:92:cb:b8:fd:17:10:3d:e8:ca:87:5b:a3:f2:a6:35:30

Digest Algorithm

sha512

PE Digest Matches

true

3e:e8:ad:96:a2:e1:d0:66:85:77:ae:c2:41:dc:ef:f3:d5:76:58:fd
Signer

Actual PE Digest

3e:e8:ad:96:a2:e1:d0:66:85:77:ae:c2:41:dc:ef:f3:d5:76:58:fd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\dev\sqlite\dotnet-private\bin\2015\x64\ReleaseNativeOnlyStatic\SQLite.Interop.pdb

Imports

mscoree

StrongNameSignatureVerificationEx
StrongNameTokenFromAssembly
StrongNameFreeBuffer
CorBindToRuntimeEx
StrongNameErrorInfo

wintrust

WinVerifyTrust

kernel32

TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
lstrlenW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
GetModuleFileNameW
SetEnvironmentVariableW
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
GetEnvironmentVariableW
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetLastError
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
ReadFile
CreateFileA
LoadLibraryA
lstrcatW
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
CloseHandle
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
CreateFileMappingA
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
WriteConsoleW
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
AreFileApisANSI
SetEnvironmentVariableA
RaiseException
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushViewOfFile
lstrcmpiW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
CompareStringW
LCMapStringW
GetACP
GetTimeZoneInformation
GetStringTypeW
GetStdHandle
GetFileType
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW

user32

wsprintfW

advapi32

CryptAcquireContextW
CryptEncrypt
CryptDecrypt
CryptCreateHash
CryptDeriveKey
CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptDestroyKey

Exports

Exports

SI00b5de0dbe05adc8
SI00f2097672333949
SI013768ea228eaf06
SI03ee1370ff2172fd
SI050169b0f137dcac
SI061f9351f6b79d40
SI066df4a47deb7b95
SI075258fe7332f5c9
SI07646c0ac405baf1
SI0a8f1a0337a9feb7
SI0b65268e19d3b81d
SI0e7c9abcb195c68c
SI0f556a49067bf550
SI0fe7fecb92f1b44b
SI12409cae6ddf2f1e
SI12a7c0808f3f99f2
SI150953dc62f0a879
SI1527d54f96ad891e
SI15d5f41c81892f13
SI19b2677a019ab7ab
SI1ae480d1861ed022
SI1bc1bc471c8cd143
SI1c7a7970970b9619
SI21d24eac30bb9014
SI23e7cf9c8e559e93
SI2409c7e1eb500ce9
SI24bb313f312e2857
SI24f5c83eaddd65e8
SI252aeb4a9d3dc2ff
SI2b074e8cf29cb472
SI2b5f6f3d24eb7ba3
SI2bc16556d60ccfcd
SI2c7820fd77bf7594
SI31a566678d8c54ab
SI327cfc7a6b1fd1fb
SI32b0162a49ae8729
SI349980d776ee39ac
SI36ddf861177da59c
SI36e67160052f7f69
SI3723ba2973e3b57b
SI3974af1f94b94613
SI3d45b939740dff51
SI3d527d6e902c8427
SI3efc17e9bbe52434
SI3f596ca698b243fc
SI3f8b1cdb4dc92eff
SI45d842f2d2322061
SI462a496f3247faf2
SI46481015c7f49c68
SI4983499b64278231
SI4987aea8bdedf163
SI4abff63f9a080046
SI4bf5a93645714882
SI4ceb9ee614df7639
SI4fb6877896ef7303
SI50a9b553ac0b2e2a
SI52058dea2268cd04
SI546abd8b90c0f48d
SI568a7d0a1f4d0ff4
SI57335d3e329eea8d
SI5887bf867911838d
SI588da80b6a264802
SI5b2b3e8bff031a75
SI5b7374ef2d63d8eb
SI5c7fb49466251e7d
SI609efcf96ea8408a
SI61a330d2e855b61b
SI633e1c91fb9a8aa1
SI64119fb980b7e962
SI6479b9cf07b87f67
SI674c3bc07fc17979
SI6901b186cfd089f2
SI690ffdcfd9cda629
SI69d8a1d378771295
SI6cfa851319f410c1
SI6d14611bb8b2c8bc
SI6e539204336d5b4b
SI6e6c544c028b2de9
SI70e4ec628dd7e188
SI7164645d0504ae24
SI72621cc08869a205
SI72b05b1ad5f34d61
SI75fe921d50a95fe0
SI768767362ea03a94
SI77ffe3fede90bfbb
SI783104ea11038afc
SI79f6c64948ab63d2
SI7a4943591207dd14
SI7b97ee05aa1e64c7
SI7c373366af3ee2f7
SI7cd7250399b1ea60
SI7da3b9691a73b4a2
SI7f41c842e0d89557
SI8162bd921f89d839
SI824276b89178ecbe
SI83d1cf4976f57337
SI863e1ae0679961f5
SI87a11c29fe1dc17b
SI88974d2e6bd51eff
SI8a3a9f59ab5f24ee
SI8d447a033d183aaf
SI8d676d5954c732bc
SI8dd2c969f2a6a31e
SI8e33e5864c547f3f
SI9196a02c851acbfb
SI919f742193b92a4b
SI943321d364f02e5d
SI94d8f51c6c1db577
SI950480ab972e108d
SI9517b76a4f0b657e
SI9662fa92cee70cf1
SI979d7afd84d6f0ca
SI989b06a5a9b937fe
SI989b754accd7cddf
SI9bf461db9bf83c22
SI9c6d7cd7b7d38055
SI9cb7692f61998485
SI9ea49276dcf9849f
SIa069da76968b7553
SIa0f9dd1158cbfb0c
SIa1d7e21a548b910c
SIa26b8e5116b7d93b
SIa2a6050a8dbd3b7a
SIa3401e98cbad673e
SIa3f7b31190ce0815
SIa618e7f1e95b5c32
SIa62692883d0c456a
SIa8e1a742a358dc07
SIa9b758d3ae2e9aea
SIab3ed5feb3c43f0c
SIada7f27769d7f95b
SIae9562605f0b7c06
SIb391996b7b633820
SIb3f045f05d2d1b0e
SIb4089165600bb7f5
SIb4e97c410be9a2cf
SIb6d52d8cb2f1045a
SIb739af05c351a5b0
SIb84ee16d149e7562
SIb94a6bc97d77e69f
SIbc9b0b73a965892b
SIbff6307869d58daf
SIc001296960f3e921
SIc0bb4eab77f5a999
SIc21d402df09e0c69
SIc26100c97b176329
SIc28b5d2d1f102994
SIc2d8715ee8c9e908
SIc38599462746964c
SIc3b0ae4f7a27b7a8
SIc5d5610a73781fac
SIc8c63d94dd03040b
SIca6f27da046939cc
SIcbf931747ce28d75
SIcc134e65c80c0c61
SIcd2334250b08e199
SIcd6b4ac0aeff7202
SId00f524badf4f5cf
SId6deafdcc0c75049
SId99ac2a61d035e11
SIdba35b6dcb77d463
SIdbbe1b52f304f379
SIdc2e4e1ccfa9a043
SIdc6920f226dceb74
SIdca7c218fe9393fb
SIde347320a2d725fa
SIdeb28053ce71d5b4
SIdfd4d81e1791b463
SIe25e8f29ef2a78eb
SIe2cb515ade8c0235
SIe57aa77c8884d3f9
SIe6405dfd7b63ead9
SIe68a75d48671c8a5
SIe7632ce587b97772
SIea4313bfab0cfe57
SIea8388f7613ed158
SIec91f505db92f298
SIecd4a7ef4a5968a1
SIeea5cda6d9846aa5
SIef12447577961bdf
SIf060fffd3e5c94b5
SIf21356bf3fa1a8ef
SIf216ef3874529d42
SIf356c1132676af25
SIf4199c70bfb81a15
SIf499bb5c421377e7
SIf71b64d343ddea8b
SIf8090240c1414098
SIf8364af380546f2d
SIf86df75514f4442f
SIf8a71e249d9c661f
SIf8b1716e85b0e192
SIf8ee6276be88ce12
SIfc350ae509dc2b53
SIfca3960780d005fa
SIfcfad09d1b0a60ec
SIfd52d1389825aac4
SIfdb97bb7d9d0d622
sqlite3_cryptoapi_init
sqlite3_fts5_init
sqlite3_fts_init
sqlite3_json_init
sqlite3_percentile_init
sqlite3_regexp_init
sqlite3_sha_init
sqlite3_totype_init
sqlite3_vtshim_init

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 263KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Resource/Font/Pfm/Locals/x86/BouncyCastle.Crypto.dll
.dll windows:4 windows x86 arch:x86

Password: 030923

dae02f32a21e03ce65412f6e56942daa

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:d7:ef:74:a9:ff:03:a2:20:b6:ed:bb:39:9d:14:c1
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/03/2020, 00:00

Not After

23/03/2023, 12:00

Subject

SERIALNUMBER=5101633,CN=Claire Novotny LLC,O=Claire Novotny LLC,L=New York,ST=New York,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13084e657720596f726b,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f6:a3:c5:7e:59:87:21:c6:7b:dd:bc:9b:b2:2d:4f:d1:d2:a5:cc:63:04:1d:78:fb:93:6c:0e:40:16:85:b2:61
Signer

Actual PE Digest

f6:a3:c5:7e:59:87:21:c6:7b:dd:bc:9b:b2:2d:4f:d1:d2:a5:cc:63:04:1d:78:fb:93:6c:0e:40:16:85:b2:61

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

BouncyCastle.Crypto.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Resource/Font/Pfm/Locals/x86/BouncyCastle.Crypto.xml
.xml
Resource/Font/Pfm/Locals/x86/SQLite.Interop.dll
.dll windows:6 windows x86 arch:x86

Password: 030923

39ace63b362beb47a2a7a8202a5c4f2d

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/10/2021, 00:00

Not After

12/12/2024, 23:59

Subject

SERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/10/2021, 00:00

Not After

12/12/2024, 23:59

Subject

SERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3b:1f:3a:ac:fb:ed:36:06:88:31:ea:b4:6d:f3:a1:e3:8d:2e:7a:dc:11:66:12:9b:f9:bb:8d:7d:d5:0e:57:cc:4e:89:0a:bf:27:24:68:97:37:c9:ea:55:87:a3:86:1c:e3:da:c3:21:ee:3d:b2:c8:6c:40:c6:40:7b:27:ce:61
Signer

Actual PE Digest

3b:1f:3a:ac:fb:ed:36:06:88:31:ea:b4:6d:f3:a1:e3:8d:2e:7a:dc:11:66:12:9b:f9:bb:8d:7d:d5:0e:57:cc:4e:89:0a:bf:27:24:68:97:37:c9:ea:55:87:a3:86:1c:e3:da:c3:21:ee:3d:b2:c8:6c:40:c6:40:7b:27:ce:61

Digest Algorithm

sha512

PE Digest Matches

true

18:28:ac:13:a6:25:5d:21:f8:30:42:d7:18:8e:57:cb:ff:65:3f:df
Signer

Actual PE Digest

18:28:ac:13:a6:25:5d:21:f8:30:42:d7:18:8e:57:cb:ff:65:3f:df

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\dev\sqlite\dotnet-private\bin\2015\Win32\ReleaseNativeOnlyStatic\SQLite.Interop.pdb

Imports

mscoree

StrongNameSignatureVerificationEx
StrongNameTokenFromAssembly
StrongNameFreeBuffer
CorBindToRuntimeEx
StrongNameErrorInfo

wintrust

WinVerifyTrust

kernel32

TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
lstrlenW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
GetModuleFileNameW
SetEnvironmentVariableW
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
GetEnvironmentVariableW
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetLastError
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
ReadFile
CreateFileA
LoadLibraryA
lstrcatW
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
CloseHandle
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
CreateFileMappingA
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
WriteConsoleW
lstrcmpiW
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
SetEnvironmentVariableA
AreFileApisANSI
DecodePointer
SetStdHandle
RaiseException
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushViewOfFile
MapViewOfFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InterlockedFlushSList
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
CompareStringW
LCMapStringW
GetACP
GetTimeZoneInformation
GetStringTypeW
GetStdHandle
GetFileType
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW

user32

wsprintfW

advapi32

CryptAcquireContextW
CryptEncrypt
CryptDecrypt
CryptCreateHash
CryptDeriveKey
CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptDestroyKey

Exports

Exports

SI00b5de0dbe05adc8
SI00f2097672333949
SI03ee1370ff2172fd
SI066df4a47deb7b95
SI07646c0ac405baf1
SI0a8f1a0337a9feb7
SI0e7c9abcb195c68c
SI12409cae6ddf2f1e
SI12a7c0808f3f99f2
SI150953dc62f0a879
SI1527d54f96ad891e
SI19b2677a019ab7ab
SI1ae480d1861ed022
SI1bc1bc471c8cd143
SI1c7a7970970b9619
SI21d24eac30bb9014
SI23e7cf9c8e559e93
SI2409c7e1eb500ce9
SI24bb313f312e2857
SI252aeb4a9d3dc2ff
SI2b5f6f3d24eb7ba3
SI2bc16556d60ccfcd
SI2c7820fd77bf7594
SI31a566678d8c54ab
SI327cfc7a6b1fd1fb
SI32b0162a49ae8729
SI36ddf861177da59c
SI36e67160052f7f69
SI3723ba2973e3b57b
SI3d45b939740dff51
SI3d527d6e902c8427
SI3efc17e9bbe52434
SI3f596ca698b243fc
SI3f8b1cdb4dc92eff
SI45d842f2d2322061
SI462a496f3247faf2
SI46481015c7f49c68
SI4983499b64278231
SI4987aea8bdedf163
SI4abff63f9a080046
SI4bf5a93645714882
SI4ceb9ee614df7639
SI4fb6877896ef7303
SI50a9b553ac0b2e2a
SI52058dea2268cd04
SI546abd8b90c0f48d
SI568a7d0a1f4d0ff4
SI588da80b6a264802
SI5b2b3e8bff031a75
SI5b7374ef2d63d8eb
SI5c7fb49466251e7d
SI609efcf96ea8408a
SI61a330d2e855b61b
SI633e1c91fb9a8aa1
SI674c3bc07fc17979
SI6901b186cfd089f2
SI69d8a1d378771295
SI6cfa851319f410c1
SI6d14611bb8b2c8bc
SI6e539204336d5b4b
SI70e4ec628dd7e188
SI7164645d0504ae24
SI72621cc08869a205
SI75fe921d50a95fe0
SI768767362ea03a94
SI783104ea11038afc
SI79f6c64948ab63d2
SI7f41c842e0d89557
SI8162bd921f89d839
SI824276b89178ecbe
SI83d1cf4976f57337
SI863e1ae0679961f5
SI87a11c29fe1dc17b
SI88974d2e6bd51eff
SI8a3a9f59ab5f24ee
SI8d447a033d183aaf
SI8d676d5954c732bc
SI8e33e5864c547f3f
SI9196a02c851acbfb
SI919f742193b92a4b
SI943321d364f02e5d
SI94d8f51c6c1db577
SI950480ab972e108d
SI9517b76a4f0b657e
SI9662fa92cee70cf1
SI979d7afd84d6f0ca
SI989b06a5a9b937fe
SI989b754accd7cddf
SI9c6d7cd7b7d38055
SI9cb7692f61998485
SIa069da76968b7553
SIa0f9dd1158cbfb0c
SIa26b8e5116b7d93b
SIa2a6050a8dbd3b7a
SIa3401e98cbad673e
SIa3f7b31190ce0815
SIa618e7f1e95b5c32
SIa62692883d0c456a
SIae9562605f0b7c06
SIb3f045f05d2d1b0e
SIb4089165600bb7f5
SIb4e97c410be9a2cf
SIb6d52d8cb2f1045a
SIb739af05c351a5b0
SIbc9b0b73a965892b
SIbff6307869d58daf
SIc001296960f3e921
SIc26100c97b176329
SIc28b5d2d1f102994
SIc38599462746964c
SIc3b0ae4f7a27b7a8
SIca6f27da046939cc
SIcbf931747ce28d75
SIcc134e65c80c0c61
SIcd6b4ac0aeff7202
SId6deafdcc0c75049
SId99ac2a61d035e11
SIdba35b6dcb77d463
SIdc2e4e1ccfa9a043
SIdc6920f226dceb74
SIde347320a2d725fa
SIdfd4d81e1791b463
SIe25e8f29ef2a78eb
SIe57aa77c8884d3f9
SIe6405dfd7b63ead9
SIe68a75d48671c8a5
SIe7632ce587b97772
SIea4313bfab0cfe57
SIea8388f7613ed158
SIec91f505db92f298
SIecd4a7ef4a5968a1
SIef12447577961bdf
SIf060fffd3e5c94b5
SIf21356bf3fa1a8ef
SIf216ef3874529d42
SIf356c1132676af25
SIf4199c70bfb81a15
SIf499bb5c421377e7
SIf71b64d343ddea8b
SIf8364af380546f2d
SIf86df75514f4442f
SIf8a71e249d9c661f
SIf8b1716e85b0e192
SIf8ee6276be88ce12
SIfc350ae509dc2b53
SIfca3960780d005fa
SIfd52d1389825aac4
SIfdb97bb7d9d0d622
_SI013768ea228eaf06@8
_SI050169b0f137dcac@12
_SI061f9351f6b79d40@8
_SI075258fe7332f5c9@0
_SI0b65268e19d3b81d@12
_SI0f556a49067bf550@8
_SI0fe7fecb92f1b44b@12
_SI15d5f41c81892f13@8
_SI24f5c83eaddd65e8@4
_SI2b074e8cf29cb472@16
_SI349980d776ee39ac@12
_SI3974af1f94b94613@12
_SI57335d3e329eea8d@12
_SI5887bf867911838d@12
_SI64119fb980b7e962@12
_SI6479b9cf07b87f67@8
_SI690ffdcfd9cda629@8
_SI6e6c544c028b2de9@4
_SI72b05b1ad5f34d61@12
_SI77ffe3fede90bfbb@32
_SI7a4943591207dd14@4
_SI7b97ee05aa1e64c7@12
_SI7c373366af3ee2f7@4
_SI7cd7250399b1ea60@4
_SI7da3b9691a73b4a2@12
_SI8dd2c969f2a6a31e@12
_SI9bf461db9bf83c22@8
_SI9ea49276dcf9849f@12
_SIa1d7e21a548b910c@4
_SIa8e1a742a358dc07@8
_SIa9b758d3ae2e9aea@12
_SIab3ed5feb3c43f0c@0
_SIada7f27769d7f95b@4
_SIb391996b7b633820@36
_SIb84ee16d149e7562@12
_SIb94a6bc97d77e69f@8
_SIc0bb4eab77f5a999@20
_SIc21d402df09e0c69@8
_SIc2d8715ee8c9e908@4
_SIc5d5610a73781fac@12
_SIc8c63d94dd03040b@44
_SIcd2334250b08e199@112
_SId00f524badf4f5cf@20
_SIdbbe1b52f304f379@4
_SIdca7c218fe9393fb@24
_SIdeb28053ce71d5b4@12
_SIe2cb515ade8c0235@12
_SIeea5cda6d9846aa5@12
_SIf8090240c1414098@4
_SIfcfad09d1b0a60ec@20
sqlite3_cryptoapi_init
sqlite3_fts5_init
sqlite3_fts_init
sqlite3_json_init
sqlite3_percentile_init
sqlite3_regexp_init
sqlite3_sha_init
sqlite3_totype_init
sqlite3_vtshim_init

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Resource/Font/Pfm/SY______.PFM
Resource/Font/Pfm/SaslPrep/SaslPrepProfile_norm_bidi.spp
Resource/Font/Pfm/TypeSupport/Unicode/ICU/icudt26l.dat
Resource/Font/Pfm/TypeSupport/Unicode/Mappings/Adobe/symbol.txt
Resource/Font/Pfm/TypeSupport/Unicode/Mappings/Adobe/zdingbat.txt
Resource/Font/Pfm/TypeSupport/Unicode/Mappings/Mac/CENTEURO.TXT
Resource/Font/Pfm/TypeSupport/Unicode/Mappings/Mac/CORPCHAR.TXT
Resource/Font/Pfm/TypeSupport/Unicode/Mappings/Mac/CROATIAN.TXT
Resource/Font/Pfm/TypeSupport/Unicode/Mappings/Mac/CYRILLIC.TXT
Resource/Font/Pfm/TypeSupport/Unicode/Mappings/Mac/GREEK.TXT
Resource/Font/Pfm/TypeSupport/Unicode/Mappings/Mac/ICELAND.TXT
Resource/Font/Pfm/TypeSupport/Unicode/Mappings/Mac/ROMAN.TXT
Resource/Font/Pfm/TypeSupport/Unicode/Mappings/Mac/ROMANIAN.TXT
Resource/Font/Pfm/TypeSupport/Unicode/Mappings/Mac/SYMBOL.TXT
Resource/Font/Pfm/TypeSupport/Unicode/Mappings/Mac/TURKISH.TXT
Resource/Font/Pfm/TypeSupport/Unicode/Mappings/Mac/UKRAINE.TXT
Resource/Font/Pfm/TypeSupport/Unicode/Mappings/win/CP1250.TXT
Resource/Font/Pfm/TypeSupport/Unicode/Mappings/win/CP1251.TXT
Resource/Font/Pfm/TypeSupport/Unicode/Mappings/win/CP1252.TXT
Resource/Font/Pfm/TypeSupport/Unicode/Mappings/win/CP1253.TXT
Resource/Font/Pfm/TypeSupport/Unicode/Mappings/win/CP1254.TXT
Resource/Font/Pfm/TypeSupport/Unicode/Mappings/win/CP1257.TXT
Resource/Font/Pfm/TypeSupport/Unicode/Mappings/win/CP1258.TXT
Resource/Font/Pfm/opengl64.dll
Resource/Font/Pfm/resources.pak
Resource/Font/Pfm/zx______.pfm
Resource/Font/Pfm/zy______.pfm
Resource/Font/SY______.PFB
Resource/Font/ZX______.PFB
Resource/Font/ZY______.PFB
Resource/Locals/am.pak
Resource/Locals/ar.pak
Resource/Locals/fi.pak
Resource/Locals/fil.pak
Resource/Locals/fr.pak
Resource/Locals/gu.pak
Resource/Locals/he.pak
Resource/Locals/hi.pak
Resource/Locals/hr.pak
Resource/Locals/hu.pak
Resource/Locals/id.pak
Resource/Locals/lt.pak
Resource/Locals/lv.pak
Resource/Locals/x64/AdonisUI.ClassicTheme.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\1\s\src\AdonisUI.ClassicTheme\obj\Release\net45\AdonisUI.ClassicTheme.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Resource/Locals/x64/AdonisUI.ClassicTheme.xml
.xml
Resource/Locals/x64/AdonisUI.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\1\s\src\AdonisUI\obj\Release\net45\AdonisUI.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Resource/Locals/x64/AdonisUI.xml
.xml
Resource/Locals/x64/SQLite.Interop.dll
.dll windows:6 windows x64 arch:x64

a42f73521c784fa06f1d886fcbcefcba

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/10/2021, 00:00

Not After

12/12/2024, 23:59

Subject

SERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/10/2021, 00:00

Not After

12/12/2024, 23:59

Subject

SERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cf:de:a6:58:6d:f1:ba:ab:46:cb:60:08:e4:1a:5f:83:16:67:26:51:0b:b5:b9:8a:c9:8b:ed:b5:c8:82:6d:c1:e7:36:aa:8a:82:fe:da:08:1c:7c:47:a3:78:cf:af:fe:92:cb:b8:fd:17:10:3d:e8:ca:87:5b:a3:f2:a6:35:30
Signer

Actual PE Digest

cf:de:a6:58:6d:f1:ba:ab:46:cb:60:08:e4:1a:5f:83:16:67:26:51:0b:b5:b9:8a:c9:8b:ed:b5:c8:82:6d:c1:e7:36:aa:8a:82:fe:da:08:1c:7c:47:a3:78:cf:af:fe:92:cb:b8:fd:17:10:3d:e8:ca:87:5b:a3:f2:a6:35:30

Digest Algorithm

sha512

PE Digest Matches

true

3e:e8:ad:96:a2:e1:d0:66:85:77:ae:c2:41:dc:ef:f3:d5:76:58:fd
Signer

Actual PE Digest

3e:e8:ad:96:a2:e1:d0:66:85:77:ae:c2:41:dc:ef:f3:d5:76:58:fd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\dev\sqlite\dotnet-private\bin\2015\x64\ReleaseNativeOnlyStatic\SQLite.Interop.pdb

Imports

mscoree

StrongNameSignatureVerificationEx
StrongNameTokenFromAssembly
StrongNameFreeBuffer
CorBindToRuntimeEx
StrongNameErrorInfo

wintrust

WinVerifyTrust

kernel32

TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
lstrlenW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
GetModuleFileNameW
SetEnvironmentVariableW
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
GetEnvironmentVariableW
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetLastError
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
ReadFile
CreateFileA
LoadLibraryA
lstrcatW
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
CloseHandle
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
CreateFileMappingA
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
WriteConsoleW
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
AreFileApisANSI
SetEnvironmentVariableA
RaiseException
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushViewOfFile
lstrcmpiW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
CompareStringW
LCMapStringW
GetACP
GetTimeZoneInformation
GetStringTypeW
GetStdHandle
GetFileType
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW

user32

wsprintfW

advapi32

CryptAcquireContextW
CryptEncrypt
CryptDecrypt
CryptCreateHash
CryptDeriveKey
CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptDestroyKey

Exports

Exports

SI00b5de0dbe05adc8
SI00f2097672333949
SI013768ea228eaf06
SI03ee1370ff2172fd
SI050169b0f137dcac
SI061f9351f6b79d40
SI066df4a47deb7b95
SI075258fe7332f5c9
SI07646c0ac405baf1
SI0a8f1a0337a9feb7
SI0b65268e19d3b81d
SI0e7c9abcb195c68c
SI0f556a49067bf550
SI0fe7fecb92f1b44b
SI12409cae6ddf2f1e
SI12a7c0808f3f99f2
SI150953dc62f0a879
SI1527d54f96ad891e
SI15d5f41c81892f13
SI19b2677a019ab7ab
SI1ae480d1861ed022
SI1bc1bc471c8cd143
SI1c7a7970970b9619
SI21d24eac30bb9014
SI23e7cf9c8e559e93
SI2409c7e1eb500ce9
SI24bb313f312e2857
SI24f5c83eaddd65e8
SI252aeb4a9d3dc2ff
SI2b074e8cf29cb472
SI2b5f6f3d24eb7ba3
SI2bc16556d60ccfcd
SI2c7820fd77bf7594
SI31a566678d8c54ab
SI327cfc7a6b1fd1fb
SI32b0162a49ae8729
SI349980d776ee39ac
SI36ddf861177da59c
SI36e67160052f7f69
SI3723ba2973e3b57b
SI3974af1f94b94613
SI3d45b939740dff51
SI3d527d6e902c8427
SI3efc17e9bbe52434
SI3f596ca698b243fc
SI3f8b1cdb4dc92eff
SI45d842f2d2322061
SI462a496f3247faf2
SI46481015c7f49c68
SI4983499b64278231
SI4987aea8bdedf163
SI4abff63f9a080046
SI4bf5a93645714882
SI4ceb9ee614df7639
SI4fb6877896ef7303
SI50a9b553ac0b2e2a
SI52058dea2268cd04
SI546abd8b90c0f48d
SI568a7d0a1f4d0ff4
SI57335d3e329eea8d
SI5887bf867911838d
SI588da80b6a264802
SI5b2b3e8bff031a75
SI5b7374ef2d63d8eb
SI5c7fb49466251e7d
SI609efcf96ea8408a
SI61a330d2e855b61b
SI633e1c91fb9a8aa1
SI64119fb980b7e962
SI6479b9cf07b87f67
SI674c3bc07fc17979
SI6901b186cfd089f2
SI690ffdcfd9cda629
SI69d8a1d378771295
SI6cfa851319f410c1
SI6d14611bb8b2c8bc
SI6e539204336d5b4b
SI6e6c544c028b2de9
SI70e4ec628dd7e188
SI7164645d0504ae24
SI72621cc08869a205
SI72b05b1ad5f34d61
SI75fe921d50a95fe0
SI768767362ea03a94
SI77ffe3fede90bfbb
SI783104ea11038afc
SI79f6c64948ab63d2
SI7a4943591207dd14
SI7b97ee05aa1e64c7
SI7c373366af3ee2f7
SI7cd7250399b1ea60
SI7da3b9691a73b4a2
SI7f41c842e0d89557
SI8162bd921f89d839
SI824276b89178ecbe
SI83d1cf4976f57337
SI863e1ae0679961f5
SI87a11c29fe1dc17b
SI88974d2e6bd51eff
SI8a3a9f59ab5f24ee
SI8d447a033d183aaf
SI8d676d5954c732bc
SI8dd2c969f2a6a31e
SI8e33e5864c547f3f
SI9196a02c851acbfb
SI919f742193b92a4b
SI943321d364f02e5d
SI94d8f51c6c1db577
SI950480ab972e108d
SI9517b76a4f0b657e
SI9662fa92cee70cf1
SI979d7afd84d6f0ca
SI989b06a5a9b937fe
SI989b754accd7cddf
SI9bf461db9bf83c22
SI9c6d7cd7b7d38055
SI9cb7692f61998485
SI9ea49276dcf9849f
SIa069da76968b7553
SIa0f9dd1158cbfb0c
SIa1d7e21a548b910c
SIa26b8e5116b7d93b
SIa2a6050a8dbd3b7a
SIa3401e98cbad673e
SIa3f7b31190ce0815
SIa618e7f1e95b5c32
SIa62692883d0c456a
SIa8e1a742a358dc07
SIa9b758d3ae2e9aea
SIab3ed5feb3c43f0c
SIada7f27769d7f95b
SIae9562605f0b7c06
SIb391996b7b633820
SIb3f045f05d2d1b0e
SIb4089165600bb7f5
SIb4e97c410be9a2cf
SIb6d52d8cb2f1045a
SIb739af05c351a5b0
SIb84ee16d149e7562
SIb94a6bc97d77e69f
SIbc9b0b73a965892b
SIbff6307869d58daf
SIc001296960f3e921
SIc0bb4eab77f5a999
SIc21d402df09e0c69
SIc26100c97b176329
SIc28b5d2d1f102994
SIc2d8715ee8c9e908
SIc38599462746964c
SIc3b0ae4f7a27b7a8
SIc5d5610a73781fac
SIc8c63d94dd03040b
SIca6f27da046939cc
SIcbf931747ce28d75
SIcc134e65c80c0c61
SIcd2334250b08e199
SIcd6b4ac0aeff7202
SId00f524badf4f5cf
SId6deafdcc0c75049
SId99ac2a61d035e11
SIdba35b6dcb77d463
SIdbbe1b52f304f379
SIdc2e4e1ccfa9a043
SIdc6920f226dceb74
SIdca7c218fe9393fb
SIde347320a2d725fa
SIdeb28053ce71d5b4
SIdfd4d81e1791b463
SIe25e8f29ef2a78eb
SIe2cb515ade8c0235
SIe57aa77c8884d3f9
SIe6405dfd7b63ead9
SIe68a75d48671c8a5
SIe7632ce587b97772
SIea4313bfab0cfe57
SIea8388f7613ed158
SIec91f505db92f298
SIecd4a7ef4a5968a1
SIeea5cda6d9846aa5
SIef12447577961bdf
SIf060fffd3e5c94b5
SIf21356bf3fa1a8ef
SIf216ef3874529d42
SIf356c1132676af25
SIf4199c70bfb81a15
SIf499bb5c421377e7
SIf71b64d343ddea8b
SIf8090240c1414098
SIf8364af380546f2d
SIf86df75514f4442f
SIf8a71e249d9c661f
SIf8b1716e85b0e192
SIf8ee6276be88ce12
SIfc350ae509dc2b53
SIfca3960780d005fa
SIfcfad09d1b0a60ec
SIfd52d1389825aac4
SIfdb97bb7d9d0d622
sqlite3_cryptoapi_init
sqlite3_fts5_init
sqlite3_fts_init
sqlite3_json_init
sqlite3_percentile_init
sqlite3_regexp_init
sqlite3_sha_init
sqlite3_totype_init
sqlite3_vtshim_init

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 263KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Resource/Locals/x86/BouncyCastle.Crypto.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:d7:ef:74:a9:ff:03:a2:20:b6:ed:bb:39:9d:14:c1
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/03/2020, 00:00

Not After

23/03/2023, 12:00

Subject

SERIALNUMBER=5101633,CN=Claire Novotny LLC,O=Claire Novotny LLC,L=New York,ST=New York,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13084e657720596f726b,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f6:a3:c5:7e:59:87:21:c6:7b:dd:bc:9b:b2:2d:4f:d1:d2:a5:cc:63:04:1d:78:fb:93:6c:0e:40:16:85:b2:61
Signer

Actual PE Digest

f6:a3:c5:7e:59:87:21:c6:7b:dd:bc:9b:b2:2d:4f:d1:d2:a5:cc:63:04:1d:78:fb:93:6c:0e:40:16:85:b2:61

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

BouncyCastle.Crypto.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Resource/Locals/x86/BouncyCastle.Crypto.xml
.xml
Resource/Locals/x86/SQLite.Interop.dll
.dll windows:6 windows x86 arch:x86

39ace63b362beb47a2a7a8202a5c4f2d

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/10/2021, 00:00

Not After

12/12/2024, 23:59

Subject

SERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/10/2021, 00:00

Not After

12/12/2024, 23:59

Subject

SERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3b:1f:3a:ac:fb:ed:36:06:88:31:ea:b4:6d:f3:a1:e3:8d:2e:7a:dc:11:66:12:9b:f9:bb:8d:7d:d5:0e:57:cc:4e:89:0a:bf:27:24:68:97:37:c9:ea:55:87:a3:86:1c:e3:da:c3:21:ee:3d:b2:c8:6c:40:c6:40:7b:27:ce:61
Signer

Actual PE Digest

3b:1f:3a:ac:fb:ed:36:06:88:31:ea:b4:6d:f3:a1:e3:8d:2e:7a:dc:11:66:12:9b:f9:bb:8d:7d:d5:0e:57:cc:4e:89:0a:bf:27:24:68:97:37:c9:ea:55:87:a3:86:1c:e3:da:c3:21:ee:3d:b2:c8:6c:40:c6:40:7b:27:ce:61

Digest Algorithm

sha512

PE Digest Matches

true

18:28:ac:13:a6:25:5d:21:f8:30:42:d7:18:8e:57:cb:ff:65:3f:df
Signer

Actual PE Digest

18:28:ac:13:a6:25:5d:21:f8:30:42:d7:18:8e:57:cb:ff:65:3f:df

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\dev\sqlite\dotnet-private\bin\2015\Win32\ReleaseNativeOnlyStatic\SQLite.Interop.pdb

Imports

mscoree

StrongNameSignatureVerificationEx
StrongNameTokenFromAssembly
StrongNameFreeBuffer
CorBindToRuntimeEx
StrongNameErrorInfo

wintrust

WinVerifyTrust

kernel32

TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
lstrlenW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
GetModuleFileNameW
SetEnvironmentVariableW
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
GetEnvironmentVariableW
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetLastError
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
ReadFile
CreateFileA
LoadLibraryA
lstrcatW
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
CloseHandle
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
CreateFileMappingA
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
WriteConsoleW
lstrcmpiW
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
SetEnvironmentVariableA
AreFileApisANSI
DecodePointer
SetStdHandle
RaiseException
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushViewOfFile
MapViewOfFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InterlockedFlushSList
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
CompareStringW
LCMapStringW
GetACP
GetTimeZoneInformation
GetStringTypeW
GetStdHandle
GetFileType
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW

user32

wsprintfW

advapi32

CryptAcquireContextW
CryptEncrypt
CryptDecrypt
CryptCreateHash
CryptDeriveKey
CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptDestroyKey

Exports

Exports

SI00b5de0dbe05adc8
SI00f2097672333949
SI03ee1370ff2172fd
SI066df4a47deb7b95
SI07646c0ac405baf1
SI0a8f1a0337a9feb7
SI0e7c9abcb195c68c
SI12409cae6ddf2f1e
SI12a7c0808f3f99f2
SI150953dc62f0a879
SI1527d54f96ad891e
SI19b2677a019ab7ab
SI1ae480d1861ed022
SI1bc1bc471c8cd143
SI1c7a7970970b9619
SI21d24eac30bb9014
SI23e7cf9c8e559e93
SI2409c7e1eb500ce9
SI24bb313f312e2857
SI252aeb4a9d3dc2ff
SI2b5f6f3d24eb7ba3
SI2bc16556d60ccfcd
SI2c7820fd77bf7594
SI31a566678d8c54ab
SI327cfc7a6b1fd1fb
SI32b0162a49ae8729
SI36ddf861177da59c
SI36e67160052f7f69
SI3723ba2973e3b57b
SI3d45b939740dff51
SI3d527d6e902c8427
SI3efc17e9bbe52434
SI3f596ca698b243fc
SI3f8b1cdb4dc92eff
SI45d842f2d2322061
SI462a496f3247faf2
SI46481015c7f49c68
SI4983499b64278231
SI4987aea8bdedf163
SI4abff63f9a080046
SI4bf5a93645714882
SI4ceb9ee614df7639
SI4fb6877896ef7303
SI50a9b553ac0b2e2a
SI52058dea2268cd04
SI546abd8b90c0f48d
SI568a7d0a1f4d0ff4
SI588da80b6a264802
SI5b2b3e8bff031a75
SI5b7374ef2d63d8eb
SI5c7fb49466251e7d
SI609efcf96ea8408a
SI61a330d2e855b61b
SI633e1c91fb9a8aa1
SI674c3bc07fc17979
SI6901b186cfd089f2
SI69d8a1d378771295
SI6cfa851319f410c1
SI6d14611bb8b2c8bc
SI6e539204336d5b4b
SI70e4ec628dd7e188
SI7164645d0504ae24
SI72621cc08869a205
SI75fe921d50a95fe0
SI768767362ea03a94
SI783104ea11038afc
SI79f6c64948ab63d2
SI7f41c842e0d89557
SI8162bd921f89d839
SI824276b89178ecbe
SI83d1cf4976f57337
SI863e1ae0679961f5
SI87a11c29fe1dc17b
SI88974d2e6bd51eff
SI8a3a9f59ab5f24ee
SI8d447a033d183aaf
SI8d676d5954c732bc
SI8e33e5864c547f3f
SI9196a02c851acbfb
SI919f742193b92a4b
SI943321d364f02e5d
SI94d8f51c6c1db577
SI950480ab972e108d
SI9517b76a4f0b657e
SI9662fa92cee70cf1
SI979d7afd84d6f0ca
SI989b06a5a9b937fe
SI989b754accd7cddf
SI9c6d7cd7b7d38055
SI9cb7692f61998485
SIa069da76968b7553
SIa0f9dd1158cbfb0c
SIa26b8e5116b7d93b
SIa2a6050a8dbd3b7a
SIa3401e98cbad673e
SIa3f7b31190ce0815
SIa618e7f1e95b5c32
SIa62692883d0c456a
SIae9562605f0b7c06
SIb3f045f05d2d1b0e
SIb4089165600bb7f5
SIb4e97c410be9a2cf
SIb6d52d8cb2f1045a
SIb739af05c351a5b0
SIbc9b0b73a965892b
SIbff6307869d58daf
SIc001296960f3e921
SIc26100c97b176329
SIc28b5d2d1f102994
SIc38599462746964c
SIc3b0ae4f7a27b7a8
SIca6f27da046939cc
SIcbf931747ce28d75
SIcc134e65c80c0c61
SIcd6b4ac0aeff7202
SId6deafdcc0c75049
SId99ac2a61d035e11
SIdba35b6dcb77d463
SIdc2e4e1ccfa9a043
SIdc6920f226dceb74
SIde347320a2d725fa
SIdfd4d81e1791b463
SIe25e8f29ef2a78eb
SIe57aa77c8884d3f9
SIe6405dfd7b63ead9
SIe68a75d48671c8a5
SIe7632ce587b97772
SIea4313bfab0cfe57
SIea8388f7613ed158
SIec91f505db92f298
SIecd4a7ef4a5968a1
SIef12447577961bdf
SIf060fffd3e5c94b5
SIf21356bf3fa1a8ef
SIf216ef3874529d42
SIf356c1132676af25
SIf4199c70bfb81a15
SIf499bb5c421377e7
SIf71b64d343ddea8b
SIf8364af380546f2d
SIf86df75514f4442f
SIf8a71e249d9c661f
SIf8b1716e85b0e192
SIf8ee6276be88ce12
SIfc350ae509dc2b53
SIfca3960780d005fa
SIfd52d1389825aac4
SIfdb97bb7d9d0d622
_SI013768ea228eaf06@8
_SI050169b0f137dcac@12
_SI061f9351f6b79d40@8
_SI075258fe7332f5c9@0
_SI0b65268e19d3b81d@12
_SI0f556a49067bf550@8
_SI0fe7fecb92f1b44b@12
_SI15d5f41c81892f13@8
_SI24f5c83eaddd65e8@4
_SI2b074e8cf29cb472@16
_SI349980d776ee39ac@12
_SI3974af1f94b94613@12
_SI57335d3e329eea8d@12
_SI5887bf867911838d@12
_SI64119fb980b7e962@12
_SI6479b9cf07b87f67@8
_SI690ffdcfd9cda629@8
_SI6e6c544c028b2de9@4
_SI72b05b1ad5f34d61@12
_SI77ffe3fede90bfbb@32
_SI7a4943591207dd14@4
_SI7b97ee05aa1e64c7@12
_SI7c373366af3ee2f7@4
_SI7cd7250399b1ea60@4
_SI7da3b9691a73b4a2@12
_SI8dd2c969f2a6a31e@12
_SI9bf461db9bf83c22@8
_SI9ea49276dcf9849f@12
_SIa1d7e21a548b910c@4
_SIa8e1a742a358dc07@8
_SIa9b758d3ae2e9aea@12
_SIab3ed5feb3c43f0c@0
_SIada7f27769d7f95b@4
_SIb391996b7b633820@36
_SIb84ee16d149e7562@12
_SIb94a6bc97d77e69f@8
_SIc0bb4eab77f5a999@20
_SIc21d402df09e0c69@8
_SIc2d8715ee8c9e908@4
_SIc5d5610a73781fac@12
_SIc8c63d94dd03040b@44
_SIcd2334250b08e199@112
_SId00f524badf4f5cf@20
_SIdbbe1b52f304f379@4
_SIdca7c218fe9393fb@24
_SIdeb28053ce71d5b4@12
_SIe2cb515ade8c0235@12
_SIeea5cda6d9846aa5@12
_SIf8090240c1414098@4
_SIfcfad09d1b0a60ec@20
sqlite3_cryptoapi_init
sqlite3_fts5_init
sqlite3_fts_init
sqlite3_json_init
sqlite3_percentile_init
sqlite3_regexp_init
sqlite3_sha_init
sqlite3_totype_init
sqlite3_vtshim_init

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Settings/VBoxC.dll
.dll regsvr32 windows:6 windows x64 arch:x64

38d81ae6fe77b18c50ff2c70993fd822

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

23:7e:83:ac:42:24:c1:ad:a0:cf:0a:5d
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

20/01/2023, 01:45

Not After

01/03/2024, 14:11

Subject

SERIALNUMBER=42351168,CN=VEKTOR T13 TECHNOLOGIES LLC,O=VEKTOR T13 TECHNOLOGIES LLC,STREET=SEVERINA POTOTSKOGO STREET\, building 32\, apartment 85,L=Kharkiv,ST=Kharkiv Oblast,C=UA,1.2.840.113549.1.9.1=#0c1776656b746f727431334070726f746f6e6d61696c2e6368,1.3.6.1.4.1.311.60.2.1.3=#13025541,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

23:7e:83:ac:42:24:c1:ad:a0:cf:0a:5d
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

20/01/2023, 01:45

Not After

01/03/2024, 14:11

Subject

SERIALNUMBER=42351168,CN=VEKTOR T13 TECHNOLOGIES LLC,O=VEKTOR T13 TECHNOLOGIES LLC,STREET=SEVERINA POTOTSKOGO STREET\, building 32\, apartment 85,L=Kharkiv,ST=Kharkiv Oblast,C=UA,1.2.840.113549.1.9.1=#0c1776656b746f727431334070726f746f6e6d61696c2e6368,1.3.6.1.4.1.311.60.2.1.3=#13025541,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

59:06:77:02:67:35:7a:50:04:22:31:1b:25:4e:9c:e6:d4:62:ba:53:97:a6:9a:26:a7:db:c5:d9:67:1b:25:b4
Signer

Actual PE Digest

59:06:77:02:67:35:7a:50:04:22:31:1b:25:4e:9c:e6:d4:62:ba:53:97:a6:9a:26:a7:db:c5:d9:67:1b:25:b4

Digest Algorithm

sha256

PE Digest Matches

true

7b:eb:4d:f4:f1:1a:a0:17:0f:e4:67:35:f9:51:ad:e7:2a:65:b9:cb
Signer

Actual PE Digest

7b:eb:4d:f4:f1:1a:a0:17:0f:e4:67:35:f9:51:ad:e7:2a:65:b9:cb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Devel\Antidetect4\Patreon\VirtualBox\out\win.amd64\release\obj\VBoxC\VBoxC.pdb

Imports

vcruntime140_1

__CxxFrameHandler4

vcruntime140

longjmp
memcpy
__std_terminate
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memmove
memset
__current_exception
strchr
_purecall
__RTtypeid
__std_type_info_name
__intrinsic_setjmp
strrchr
memchr
__RTDynamicCast
__C_specific_handler
__current_exception_context
__std_type_info_destroy_list

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

vboxrt

RTVfsFileSetSize
RTVfsMemorizeIoStreamAsFile
RTVfsFileFromBuffer
RTVfsUtilPumpIoStreams
RTVfsChainOpenIoStream
RTEfiVarStoreOpenAsVfs
RTFileQuerySizeByPath
RTZipTarFsStreamFromIoStream
RTZipTarFsStreamToIoStream
??0RTCString@@QEAA@PEBDPEAD@Z
RTUuidCreate
RTUuidClear
RTUuidToStr
RTSemEventMultiCreate
RTSemEventMultiDestroy
RTSemEventMultiSignal
RTSemEventMultiReset
RTSemEventMultiWait
RTMemSaferScramble
RTMemSaferUnscramble
RTMemSaferAllocZExTag
RTMemSaferFree
RTPathExists
RTPathReal
RTPathAbs
RTPathCompare
RTPathQueryInfoEx
RTThreadSelf
RTThreadCreate
RTTlsAlloc
RTTlsGet
RTTlsSet
?cleanup@RTCString@@IEAAXXZ
RTUuidToUtf16
RTUuidFromUtf16
RTStrPrintf
RTStrStripR
RTStrCopy
RTStrCat
?setNull@RTCString@@QEAAXXZ
?printf@RTCString@@QEAAAEAV1@PEBDZZ
?equals@RTCString@@QEBA_NPEBD@Z
?equalsIgnoreCase@RTCString@@QEBA_NAEBV1@@Z
?equalsIgnoreCase@RTCString@@QEBA_NPEBD@Z
RTUuidFromStr
RTDirOpen
RTDirClose
RTDirReadEx
RTBldCfgRevision
RTBldCfgVersion
RTBldCfgTargetArch
RTBldCfgTargetDotArch
RTBldCfgCompiler
RTFileReadAllEx
RTFileReadAllFree
RTLdrGetSuff
RTLdrClose
RTLdrGetSymbol
RTPathAppend
RTPathJoin
RTPathAppPrivateNoArch
RTPathAppPrivateArch
RTPathAppPrivateArchTop
RTPathQueryInfo
RTPipeCreate
RTPipeClose
RTPipeReadBlocking
RTProcCreateEx
RTProcWait
SUPR3HardenedVerifyInit
SUPR3HardenedVerifyDir
SUPR3HardenedVerifyPlugIn
SUPR3HardenedLdrLoadPlugIn
RTMemTmpAllocTag
RTMemTmpFree
RTStrPrintfV
??0RTCString@@QEAA@PEBD_K@Z
?append@RTCString@@QEAAAEAV1@AEBV1@@Z
?append@RTCString@@QEAAAEAV1@PEBD@Z
RTPathStartsWithRoot
?getName@Node@xml@@QEBAPEBDXZ
?getValueN@Node@xml@@QEBAPEBD_K@Z
?findChildElementNS@ElementNode@xml@@QEBAPEBV12@PEBD0@Z
?getAttributeValue@ElementNode@xml@@QEBA_NPEBDPEAI0@Z
?getAttributeValueN@ElementNode@xml@@QEBA_NPEBDPEAPEBD_K0@Z
?getAttributeValueN@ElementNode@xml@@QEBA_NPEBDPEAVRTCString@@_K0@Z
??0Document@xml@@QEAA@XZ
??1Document@xml@@QEAA@XZ
?getRootElement@Document@xml@@QEAAPEAVElementNode@2@XZ
??0XmlFileParser@xml@@QEAA@XZ
??1XmlFileParser@xml@@QEAA@XZ
?read@XmlFileParser@xml@@QEAAXAEBVRTCString@@AEAVDocument@2@@Z
RTMemAllocZTag
RTMemDupTag
RTReqQueueCreate
RTReqQueueDestroy
RTReqQueueProcess
RTReqQueueCall
RTReqQueueCallEx
RTReqRelease
?assignNoThrow@RTCString@@QEAAHPEBD@Z
RTStrCmp
RTStrNCmp
RTLogRelSetDefaultInstance
RTLogDestroy
RTMemWipeThoroughly
RTStrDupNTag
RTStrPurgeEncoding
RTStrCalcUtf16LenEx
RTStrToUtf16ExTag
RTStrNICmp
RTStrToUInt64
RTUtf16Len
RTUtf16Cmp
RTUtf16LocaleICmp
?length@RTCString@@QEBA_KXZ
?reserve@RTCString@@QEAAX_K@Z
?reserveNoThrow@RTCString@@QEAAH_K@Z
?appendPrintf@RTCString@@QEAAAEAV1@PEBDZZ
?mutableRaw@RTCString@@QEAAPEADXZ
?jolt@RTCString@@QEAAXXZ
?equals@RTCString@@QEBA_NAEBV1@@Z
??9RTCString@@QEBA_NPEBD@Z
?contains@RTCString@@QEBA_NPEBDW4CaseSensitivity@1@@Z
RTUuidCompare
ASMAtomicCmpXchgU8
SUPR3HardenedLdrLoadAppPriv
RTDirExists
RTDirCreateFullPath
RTDirFlush
RTVfsFileFlush
RTFileRename
RTProcSetPriority
RTBase64DecodedSize
RTBase64Decode
RTLogRelGetDefaultInstance
RTLogGroupSettings
RTStrDupTag
RTStrToUpper
RTStrToUInt64Full
RTStrToUInt32Full
RTStrToUInt16
?append@RTCString@@QEAAAEAV1@D@Z
??YRTCString@@QEAAAEAV0@PEBD@Z
?replace@RTCString@@QEAAAEAV1@_K0AEBV1@@Z
?replace@RTCString@@QEAAAEAV1@_K0PEBD@Z
?compare@RTCString@@QEBAHPEBDW4CaseSensitivity@1@@Z
??8RTCString@@QEBA_NPEBD@Z
?find@RTCString@@QEBA_KPEBD_K@Z
?substr@RTCString@@QEBA?AV1@_K0@Z
?endsWith@RTCString@@QEBA_NAEBV1@W4CaseSensitivity@1@@Z
?toUInt32@RTCString@@QEBAIXZ
?toUInt64@RTCString@@QEBA_KXZ
??H@YA?BVRTCString@@PEBDAEBV0@@Z
RTFsQueryType
RTFsTypeName
RTPathEnsureTrailingSeparator
RTPathUserHome
RTSystemQueryDmiString
??0RTCError@@QEAA@AEBVRTCString@@@Z
??0RTCError@@QEAA@AEBV0@@Z
??1RTCError@@UEAA@XZ
CheckSerial
RTHttpCreate
RTHttpDestroy
RTHttpUseSystemProxySettings
RTHttpQueryProxyInfoForUrl
RTHttpFreeProxyInfo
RTSocketParseInetAddress
RTUriParse
RTUriParsedScheme
RTUriParsedAuthorityUsername
RTUriParsedAuthorityPassword
RTUriParsedAuthorityHost
RTUriParsedAuthorityPort
?what@RTCError@@UEBAPEBDXZ
?npos@RTCString@@2_KB
RTStrStrip
RTStrToInt32Full
ASMAtomicXchgU8
RTRandU32Ex
RTSocketRetain
RTSocketRelease
RTTcpServerCreateEx
RTTcpServerDestroy
RTTcpServerListen
RTTcpServerShutdown
RTTcpClientConnect
RTTcpClientClose
RTTcpRead
RTTcpWrite
RTTcpSetSendCoalescing
RTTcpSelectOne
RTTcpGetPeerAddress
RTTcpSgWriteL
RTAssertMsg1Weak
RTTimerLRDestroy
RTTimerLRStart
RTVfsFileRead
RTThreadUserSignal
RTThreadUserWait
RTStrNLenEx
RTStrToUInt32
RTPathHasPath
RTTimeNow
RTSemXRoadsCreate
RTSemXRoadsDestroy
RTSemXRoadsNSEnter
RTSemXRoadsNSLeave
RTSemXRoadsEWEnter
RTSemXRoadsEWLeave
?count@RTCString@@QEBA_KD@Z
RTTimeNanoTS
RTTimerLRCreate
??0RTCString@@QEAA@PEBD@Z
RTTimerLRChangeInterval
?contains@RTCString@@QEBA_NAEBV1@W4CaseSensitivity@1@@Z
RTLogGetDefaultInstance
RTLogQueryGroupSettings
RTLogQueryFlags
RTLogQueryDestinations
RTThreadGetName
RTStrFormatV
RTStrStartsWith
RTProcSelf
RTErrConvertFromWin32
RTMemTmpAllocZTag
RTUtf16Copy
RTLdrGetSystemSymbol
RTUtf16ToUtf8Tag
RTStrAPrintfVTag
RTStrStripL
??8RTCString@@QEBA_NAEBV0@@Z
?split@RTCString@@QEBA?AV?$RTCList@VRTCString@@PEAV1@@@AEBV1@W4SplitMode@1@@Z
RTFileExists
RTFileOpen
RTFileClose
RTSystemGetNtVersion
RTLocaleQueryNormalizedBaseLocaleName
RTOnceSlow
RTStrPrintf2
RTTlsFree
RTStrCacheCreate
RTStrCacheDestroy
RTCritSectRwInit
RTCritSectRwEnterShared
RTCritSectRwLeaveShared
RTCritSectRwEnterExcl
RTCritSectRwLeaveExcl
RTFileReadAll
RTStrHash1
RTStrCacheEnterN
RTUtf16BigToUtf8ExTag
RTNetStrToMacAddr
RTErrInfoSet
RTCircBufCreate
RTCircBufDestroy
RTCircBufUsed
RTCircBufAcquireReadBlock
RTCircBufReleaseReadBlock
RTCircBufAcquireWriteBlock
RTCircBufReleaseWriteBlock
RTStrVersionCompare
?findReplace@RTCString@@QEAAXDD@Z
??H@YA?BVRTCString@@AEBV0@0@Z
??H@YA?BVRTCString@@AEBV0@PEBD@Z
RTTimeSystemMilliTS
RTDirCreate
RTDirEntryExIsStdDotLink
RTVfsQueryPathInfo
RTVfsFileOpen
RTEnvCreateEx
RTEnvClone
RTEnvDestroy
RTEnvCreateChangeRecordEx
RTEnvIsChangeRecord
RTEnvApplyChanges
RTFileWrite
RTFsIso9660VolOpen
RTStrIsValidEncoding
RTStrEnd
RTStrToInt64
RTStrToInt16
?erase@RTCString@@QEAAAEAV1@_K0@Z
RTTimeSpecFromString
RTPathChangeToDosSlashes
RTPathChangeToUnixSlashes
RTPathFilenameEx
RTPathParse
RTRandU32
RTEnvQueryUtf8Block
RTEnvFreeUtf8Block
RTEnvCountEx
RTEnvGetByIndexRawEx
RTGetOptArgvToString
RTStrValidateEncodingEx
ASMBitFirstClear
ASMBitNextClear
RTEnvReset
RTEnvExistEx
RTEnvGetEx
RTEnvPutEx
RTEnvSetEx
RTEnvUnsetEx
RTStrNLen
RTStrAAppendTag
RTAvlU32Insert
RTAvlU32Remove
RTAvlU32Get
RTThreadYield
RTR3InitDll
RTStrAllocTag
RTStrGetCpExInternal
RTUtf16NCmpUtf8
RTUtf16ToUtf8ExTag
RTUtf16GetCpExInternal
?find@RTCString@@QEBA_KPEBV1@_K@Z
RTPathStripFilename
RTPathStripTrailingSlash
g_aRTUniUpperRanges
g_aRTUniLowerRanges
RTTimeSpecToString
RTDirCreateUniqueNumbered
RTDirRemove
RTPathTemp
RTDirIsValid
RTDirQueryInfo
RTFileRead
RTFileIsValid
RTFileQueryInfo
RTFileSetMode
RTPathEnsureTrailingSeparatorEx
RTPathFindCommon
RTPathParentLength
RTPathStartsWith
RTStrSplit
RTUriFileCreate
RTUriFilePath
RTUriFilePathEx
RTStrPurgeComplementSet
RTStrStr
RTVfsFileWrite
RTVfsFileRetain
RTVfsFileToIoStream
RTVfsIoStrmRelease
RTVfsIoStrmOpenNormal
RTVfsFsStrmAdd
RTVfsFsStrmNext
RTVfsFsStrmRelease
RTVfsObjFromFile
RTVfsObjToIoStream
RTVfsObjQueryInfo
RTVfsObjRelease
RTVfsRelease
RTUuidCompare2Strs
RTUuidIsNull
??MRTCString@@QEBA_NAEBV0@@Z
??9RTCString@@QEBA_NAEBV0@@Z
RTStrFree
RTSha512FromString
RTSha512ToString
RTSha512
?startsWith@RTCString@@QEBA_NAEBV1@W4CaseSensitivity@1@@Z
RTThreadWait
RTStrICmp
RTTimeMilliTS
RTSemEventWait
RTSemEventSignal
RTSemEventDestroy
RTSemEventCreate
RTLogLoggerEx
RTLogRelGetDefaultInstanceEx
?printfV@RTCString@@QEAAAEAV1@PEBDPEAD@Z
??0RTCString@@QEAA@AEBV0@@Z
RTCritSectLeave
RTCritSectEnter
RTAssertShouldPanic
RTThreadSleep
RTMemFree
RTMemReallocTag
RTMemAllocTag
?isNotEmpty@RTCString@@QEBA_NXZ
?isEmpty@RTCString@@QEBA_NXZ
?c_str@RTCString@@QEBAPEBDXZ
??4RTCString@@QEAAAEAV0@AEBV0@@Z
??1RTCString@@UEAA@XZ
??0RTCString@@QEAA@XZ
RTCritSectDelete
RTCritSectInit
RTVfsFileQuerySize
RTVfsFileSeek
RTVfsFileTell
RTVfsFileWriteAt
RTVfsFileReadAt
RTVfsFileRelease
RTVfsFileOpenNormal
RTFileDelete
??4RTCString@@QEAAAEAV0@PEBD@Z
RTTimerLRStop
RTAssertMsg2Weak
RTCritSectRwInitEx
RTCritSectRwDelete
RTCritSectRwIsWriteOwner
RTCritSectRwIsReadOwner
RTCritSectRwGetWriteRecursion
RTSystemQueryOSInfo
RTSystemQueryTotalRam
RTSystemQueryAvailableRam
RTSystemQueryFirmwareType
RTSystemFirmwareTypeName
RTSystemQueryFirmwareBoolean
RTProcGetExecutablePath
RTLogCreateEx
RTLogSetBuffering
RTLogFlush
RTTimerLRCreateEx

api-ms-win-crt-runtime-l1-1-0

_initterm_e
terminate
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-string-l1-1-0

strpbrk
strncmp
strncpy
strcmp

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

api-ms-win-crt-stdio-l1-1-0

fwrite
__acrt_iob_func
fflush
__stdio_common_vfprintf

kernel32

IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
DisableThreadLibraryCalls
GetUserDefaultLCID
GetLocaleInfoA
WideCharToMultiByte
OpenMutexW
WaitForSingleObject
ReleaseMutex
SetEvent
GetLastError
CloseHandle
ExitProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
CreateEventW

advapi32

QueryServiceConfigW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

ole32

CoInitializeEx
CoTaskMemFree
CoCreateInstance
CoCreateFreeThreadedMarshaler
StringFromIID
CoUninitialize

oleaut32

SafeArrayDestroy
SafeArrayRedim
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
GetErrorInfo
SetErrorInfo
SysAllocString
SafeArrayGetVartype
SysAllocStringLen
SysReAllocStringLen
SysFreeString
SysStringLen
SysAllocStringByteLen
SafeArrayGetIID
SafeArrayCreateEx
SafeArrayCreate

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
VBoxDriversRegister

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 607KB - Virtual size: 607KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 435KB - Virtual size: 435KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Settings/VBoxDD.dll
.dll windows:6 windows x64 arch:x64

05c3b514e479e7f29b3ef5540c6e1aca

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

23:7e:83:ac:42:24:c1:ad:a0:cf:0a:5d
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

20/01/2023, 01:45

Not After

01/03/2024, 14:11

Subject

SERIALNUMBER=42351168,CN=VEKTOR T13 TECHNOLOGIES LLC,O=VEKTOR T13 TECHNOLOGIES LLC,STREET=SEVERINA POTOTSKOGO STREET\, building 32\, apartment 85,L=Kharkiv,ST=Kharkiv Oblast,C=UA,1.2.840.113549.1.9.1=#0c1776656b746f727431334070726f746f6e6d61696c2e6368,1.3.6.1.4.1.311.60.2.1.3=#13025541,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

23:7e:83:ac:42:24:c1:ad:a0:cf:0a:5d
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

20/01/2023, 01:45

Not After

01/03/2024, 14:11

Subject

SERIALNUMBER=42351168,CN=VEKTOR T13 TECHNOLOGIES LLC,O=VEKTOR T13 TECHNOLOGIES LLC,STREET=SEVERINA POTOTSKOGO STREET\, building 32\, apartment 85,L=Kharkiv,ST=Kharkiv Oblast,C=UA,1.2.840.113549.1.9.1=#0c1776656b746f727431334070726f746f6e6d61696c2e6368,1.3.6.1.4.1.311.60.2.1.3=#13025541,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

dc:2f:0b:00:00:4a:55:7a:47:52:33:6d:5e:0d:70:ba:73:0d:b9:4f:6e:90:a2:72:6f:d8:45:51:45:83:6d:4a
Signer

Actual PE Digest

dc:2f:0b:00:00:4a:55:7a:47:52:33:6d:5e:0d:70:ba:73:0d:b9:4f:6e:90:a2:72:6f:d8:45:51:45:83:6d:4a

Digest Algorithm

sha256

PE Digest Matches

true

91:f8:58:64:39:fb:83:fb:ac:0d:03:a6:78:55:5e:67:23:97:0e:fd
Signer

Actual PE Digest

91:f8:58:64:39:fb:83:fb:ac:0d:03:a6:78:55:5e:67:23:97:0e:fd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Devel\Antidetect4\Patreon\VirtualBox\out\win.amd64\release\obj\VBoxDD\VBoxDD.pdb

Imports

vcruntime140

__std_terminate
memcmp
strstr
memmove
memset
_CxxThrowException
__std_exception_destroy
__std_exception_copy
memcpy
strchr
longjmp
__std_type_info_destroy_list
__C_specific_handler
__intrinsic_setjmp

vcruntime140_1

__CxxFrameHandler4

vboxrt

RTNetIPv6PseudoChecksumEx
RTNetUDPChecksum
RTNetTCPChecksum
RTStrStripL
RTStrStripR
RTMemCacheAlloc
RTSerialPortOpen
RTSerialPortClose
RTSerialPortReadNB
RTSerialPortWriteNB
RTSerialPortCfgSet
RTSerialPortEvtPoll
RTSerialPortEvtPollInterrupt
RTSerialPortChgBreakCondition
RTSerialPortChgStatusLines
RTSerialPortQueryStatusLines
RTErrConvertFromWin32
RTPipeCreate
RTPipeClose
RTPipeRead
RTPipeReadBlocking
RTPipeWriteBlocking
RTPoll
RTPollSetCreate
RTPollSetDestroy
RTPollSetAdd
RTPollSetRemove
RTPollSetEventsChange
RTStrToUInt32Ex
RTSocketReadNB
RTSocketWriteNB
RTTcpServerCreateEx
RTTcpServerListen2
RTTcpServerDisconnectClient2
RTTcpServerShutdown
RTTcpClientConnect
RTStrFree
RTStrAPrintfVTag
RTStrToUpper
RTSgBufReset
RTSgBufGetNextSegment
ASMAtomicCmpXchgU8
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRequest
RTSemFastMutexRelease
RTSemRWCreate
RTSemRWDestroy
RTSemRWRequestRead
RTSemRWReleaseRead
RTSemRWRequestWrite
RTSemRWReleaseWrite
RTMemPageAllocZTag
RTMemSaferAllocZExTag
RTSgBufInit
RTCritSectTryEnter
RTTimeProgramNanoTS
RTProcSelf
RTPathRealDup
RTBldCfgVersion
RTTraceLogWrCreateFile
RTTraceLogWrDestroy
RTTraceLogWrEvtAddL
RTPathExists
RTPathReal
RTStrDupTag
RTStrNCmp
RTSemEventWaitNoResume
RTHeapSimpleRelocate
RTHeapSimpleAlloc
RTHeapSimpleFree
RTHeapOffsetAlloc
RTHeapOffsetFree
RTStrFormat
RTStrFormatTypeRegister
RTStrIStr
RTStrToUInt32
RTLogRelSetBuffering
ASMAtomicBitClear
RTAvlU32Insert
RTStrAPrintf2VTag
RTAvlU32Remove
RTAvlU32Get
ASMMemFirstNonZero
RTAvlU32DoWithAll
RTMemTmpAllocZTag
RTThreadGetNative
RTSortShell
RTLdrLoadSystem
RTLdrGetSymbol
RTLdrGetSystemSymbol
RTAvlU32Destroy
RTStrAllocExTag
RTStrCopyEx
RTStrStr
RTTcpClientCloseEx
RTTcpRead
RTTcpWrite
RTTcpSetSendCoalescing
RTTcpSgWrite
RTTcpReadNB
RTPipeWrite
RTSgBufCopyToBuf
RTSgBufCopyFromBuf
RTSemEventMultiWaitEx
ASMBitFirstSet
RTThreadSelf
RTStrToUtf16ExTag
RTReqQueueCreate
RTReqQueueDestroy
RTReqQueueProcess
RTReqQueueCallV
RTReqRelease
RTReqWait
RTPathSuffix
RTBldCfgTargetDotArch
RTSystemQueryOSInfo
RTRandU32
RTSemMutexCreate
RTSemMutexDestroy
RTSemMutexRequest
RTSemMutexRelease
RTCrc32
RTNetIPv4PseudoChecksum
RTSocketParseInetAddress
RTUdpServerCreate
RTUdpServerDestroy
RTUdpRead
RTUdpWrite
RTSgBufCopyToFn
RTSgBufCopyFromFn
RTSocketWrite
RTSocketSelectOne
RTSocketSgWrite
RTJsonParseFromBuf
RTJsonValueRelease
RTJsonValueQueryString
RTJsonValueQueryByName
RTSgBufCopy
RTSgBufClone
??1RTCString@@UEAA@XZ
RTSgBufIsZero
RTTimeSystemMilliTS
RTAvlrFileOffsetInsert
RTAvlrFileOffsetRemove
RTAvlrFileOffsetGetBestFit
RTAvlrFileOffsetRangeGet
RTAvlrFileOffsetDestroy
RTMsgError
RTTraceLogWrCreateTcpServer
RTTraceLogWrCreateTcpClient
RTSgBufSet
RTReqQueueCallEx
RTStrNLen
RTFileReadAllEx
RTFileReadAllFree
RTStrToInt32Full
RTCircBufCreate
RTCircBufDestroy
RTCircBufReset
RTCircBufFree
RTCircBufUsed
RTCircBufSize
RTCircBufAcquireReadBlock
RTCircBufReleaseReadBlock
RTCircBufAcquireWriteBlock
RTCircBufReleaseWriteBlock
ASMMultU32ByU32DivByU32
RTCircBufOffsetRead
RTTimeToString
RTDirCreateFullPath
RTFileWriteAt
RTFileIsValid
RTMemAllocVarTag
RTStrPrintf2
RTPathEnsureTrailingSeparator
RTPathTemp
ASMMemFirstMismatchingU8
RTMemAllocZVarTag
RTCritSectRwInit
RTCritSectRwEnterShared
RTCritSectRwLeaveShared
RTCritSectRwEnterExcl
RTCritSectRwLeaveExcl
RTCritSectRwDelete
RTReqPoolCreate
RTReqPoolRelease
RTReqPoolSetCfgVar
RTReqPoolCallEx
RTReqPoolCallVoidNoWait
RTReqCancel
RTTimeSpecToString
RTDirRemove
RTEnvGetEx
RTFileSeek
RTFileTell
RTIniFileRelease
RTRandU32Ex
RTUuidCreate
RTUuidToStr
RTZipTarCmd
RTPathAbs
RTPathJoin
RTCrc32Start
RTCrc32Process
RTCrc32Finish
RTMemReallocZTag
RTStrPrintfV
BN_CTX_new
RTTcpServerDestroy
RTTcpClientConnectEx
RTTcpClientCancelConnect
RTTcpClientClose
RTTcpSelectOne
RTStrmPrintf
RTFileExists
RTSystemGetNtVersion
RTUuidFromUtf16
RTUtf16ToUtf8ExTag
RTUtf16CalcUtf8Len
RTLdrClose
RTStrToUtf16Tag
RTUtf16Free
RTUtf16Len
RTUtf16Cmp
RTUtf16ICmp
RTUtf16ICmpUtf8
RTCidrStrToIPv4
RTPathAbsDup
RTUtf16ToUtf8Tag
RTStrNICmp
RTStrToLower
RTStrSimplePatternMultiMatch
RTStrNLenEx
RTStrToInt64Full
RTPathSkipRootSpec
RTFileToNative
RTFileFlush
RTPathFilename
RTLdrLoad
RTMemProtect
BN_CTX_free
RTNetIPv4HdrChecksum
SUPR3IsDriverless
SUPSemEventWaitNoResume
SUPSemEventSignal
SUPSemEventClose
SUPSemEventCreate
RTLogPrintf
RTThreadPoke
RTTestFailed
RTTestSubErrorCount
RTTestErrorCount
RTTestErrorInc
RTTestValue
RTTestSkipped
RTTestSubDone
RTTestSub
RTTestSummaryAndDestroy
RTTestBanner
RTTestPrintf
RTTestChangeName
RTTestCreateEx
RTStrStrip
RTMemCacheFree
RTMemCacheAllocEx
RTMemCacheDestroy
RTMemCacheCreate
RTMemSaferFree
RTMemSaferAllocZTag
RTMemWipeThoroughly
RTMemPageFree
RTMemPageAllocTag
RTMemFreeZ
RTSystemQueryTotalRam
RTStrToUInt8Full
RTStrEnd
RTStrCopy
RTStrValidateEncoding
RTBldCfgVersionBuild
RTBldCfgVersionMinor
RTBldCfgVersionMajor
RTBldCfgRevision
RTFileMove
RTFileDelete
RTDirExists
RTPathAppend
RTTimeNow
RTUdpCreateClientSocket
RTSocketShutdown
RTSocketRead
RTSocketWriteTo
RTSocketClose
RTSocketRetain
RTSemEventMultiWait
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiDestroy
RTSemEventMultiCreate
RTThreadCreate
g_abRTZero64K
RTVfsFileQuerySize
RTVfsFileReadAt
RTVfsFileRelease
RTVfsFileOpenNormal
?split@RTCString@@QEBA?AV?$RTCList@VRTCString@@PEAV1@@@AEBV1@W4SplitMode@1@@Z
?toInt@RTCString@@QEBAHAEAI@Z
?toUInt32@RTCString@@QEBAIXZ
?toInt32@RTCString@@QEBAHXZ
RTThreadUserSignal
?c_str@RTCString@@QEBAPEBDXZ
RTThreadWait
RTThreadCreateF
RTThreadYield
RTThreadSleep
RTFileQuerySize
RTMemAllocTag
RTFileWrite
RTFileRead
RTFileClose
RTFileOpen
RTMemFree
RTMemAllocZTag
RTAvlU64Destroy
RTAvlU64DoWithAll
RTAvlU64Get
RTAvlU64Remove
RTAvlU64Insert
ASMAtomicXchgU8
RTStrToUInt16Full
RTStrPrintf
RTMemTmpFree
RTMemTmpAllocTag
RTStrCmp
RTSemEventWait
RTSemEventSignal
RTSemEventDestroy
RTSemEventCreate
RTCritSectDelete
RTCritSectLeave
RTCritSectEnter
RTCritSectInit
RTUuidCompare2Strs
RTStrCatP
RTLogLoggerEx
??0RTCString@@QEAA@PEBD@Z
??0RTCString@@QEAA@AEBV0@@Z
??0RTCString@@QEAA@XZ
RTSystemQueryDmiString
RTUuidFromStr
RTMemReallocTag
mempcpy
RTTimeLocalExplode
RTTimeExplode
RTFileReadAt
RTMemDupTag
RTStrICmp
ASMMultU64ByU32DivByU32
RTUuidIsNull
RTUuidClear
RTTimeMilliTS
RTTimeNanoTS
ASMNopPause
RTMpGetOnlineCount
RTThreadUserReset
RTSgBufCmp
RTThreadUserWait
RTLogRelGetDefaultInstanceEx
RTAssertShouldPanic
RTAssertMsg2Weak
RTAssertMsg1Weak
DES_set_key_unchecked
BN_value_one
BN_is_one
BN_is_zero
BN_free
RTSgBufAdvance
DES_ecb3_encrypt
Camellia_decrypt
Camellia_encrypt
Camellia_set_key
AES_decrypt
EC_POINT_mul
EC_POINTs_mul
EC_POINT_add
EC_POINT_get_affine_coordinates
EC_POINT_set_affine_coordinates
EC_POINT_clear_free
EC_POINT_free
EC_POINT_new
EC_GROUP_new_curve_GFp
EC_GROUP_set_generator
EC_GROUP_free
BN_copy
SHA512_Final
SHA512_Update
SHA512_Init
SHA384_Final
SHA384_Update
SHA384_Init
SHA256_Final
SHA256_Update
SHA256_Init
AES_ofb128_encrypt
AES_cbc_encrypt
AES_encrypt
AES_set_decrypt_key
AES_set_encrypt_key
ERR_get_error_line_data
RSA_padding_check_PKCS1_OAEP
RSA_padding_add_PKCS1_OAEP
RSA_padding_check_PKCS1_type_2
RSA_padding_add_PKCS1_type_2
RSA_padding_add_PKCS1_type_1
BN_clear_free
BN_set_flags
RTSgBufCmpEx
RTMsgErrorRc
RSA_verify
RSA_sign
RSA_free
RSA_private_decrypt
RSA_private_encrypt
RSA_public_encrypt
RSA_generate_key_ex
RSA_get0_factors
RSA_get0_key
RSA_set0_key
RSA_size
RSA_new
SHA1_Final
SHA1_Update
SHA1_Init
RAND_add
RAND_bytes
BN_mod_inverse
BN_rshift
BN_mask_bits
BN_mod_exp
BN_lshift
BN_mod_mul
BN_mod_add
BN_div
BN_mul
BN_add
BN_sub
BN_bn2bin
BN_bin2bn
BN_new
BN_num_bits
BN_CTX_end
BN_CTX_get
BN_CTX_start

vboxddu

USBFilterSetNumExpression
USBFilterSetNumExact
USBFilterMatchRated
USBFilterInit
VSCSIIoReqUnmapParamsGet
VSCSIIoReqParamsGet
VSCSIIoReqTxDirGet
VSCSIIoReqCompleted
VSCSILunUnmountNotify
VSCSILunMountNotify
VSCSILunDestroy
VSCSILunCreate
VSCSIDeviceReqCreate
VSCSIDeviceReqEnqueue
VSCSIDeviceLunQueryType
VSCSIDeviceLunDetach
VSCSIDeviceLunAttach
VSCSIDeviceDestroy
VSCSIDeviceCreate
VDIfTcpNetInstDefaultDestroy
VDIfTcpNetInstDefaultCreate
VDAsyncDiscardRanges
VDAsyncFlush
VDAsyncWrite
VDAsyncRead
VDDiscardRanges
VDGetUuid
VDSetOpenFlags
VDGetOpenFlags
VDRegionListFree
VDQueryRegions
VDSetLCHSGeometry
VDGetLCHSGeometry
VDSetPCHSGeometry
VDGetPCHSGeometry
VDGetSize
VDGetSectorSize
VDIsReadOnly
VDFlush
VDWrite
VDRead
VDFilterRemove
VDMerge
VDFilterAdd
VDCacheOpen
VDOpen
VDDestroy
VDCreate
VDPluginLoadFromFilename

vboxdd2

g_cbEfiFirmware64
g_abEfiFirmware64
g_cbEfiFirmware32
g_abEfiFirmware32
g_cbNetBiosBinary
g_abNetBiosBinary
g_cbPcBiosBinary8086
g_abPcBiosBinary8086
g_cbPcBiosBinary286
g_abPcBiosBinary286
g_cbPcBiosBinary386
g_abPcBiosBinary386
g_cbVgaBiosBinary8086
g_abVgaBiosBinary8086
g_cbVgaBiosBinary286
g_abVgaBiosBinary286
g_cbVgaBiosBinary386
g_abVgaBiosBinary386

kernel32

TerminateProcess
CreateFileA
FlushFileBuffers
ReadFile
WriteFile
CloseHandle
GetCurrentProcess
GetLastError
ConnectNamedPipe
DisconnectNamedPipe
GetOverlappedResult
SetEvent
CreateEventA
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
DeviceIoControl
GetDriveTypeA
GetVersionExA
GetModuleHandleA
CreateNamedPipeA
WaitForMultipleObjects
GetSystemPowerStatus

user32

SetWindowLongPtrA
GetWindowLongPtrA
CreateWindowExA
RegisterClassA
PostQuitMessage
PostMessageA
GetDesktopWindow
LoadIconA
LoadCursorA
SetWindowLongA
GetWindowLongW
SetWindowPos
DestroyWindow
CreateWindowExW
RegisterClassExW
DefWindowProcA
PostThreadMessageA
DispatchMessageA
TranslateMessage
GetMessageA
GetWindowInfo

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
CM_Free_Log_Conf_Handle
SetupDiEnumDeviceInfo
CM_Get_First_Log_Conf
CM_Get_Res_Des_Data
CM_Get_Res_Des_Data_Size
CM_Get_Next_Res_Des
CM_Free_Res_Des_Handle

ws2_32

htonl
inet_ntoa
WSAGetLastError
ntohs
WSASetEvent
WSAWaitForMultipleEvents
getsockname
ioctlsocket
inet_addr
htons
gethostbyname
send
WSAStartup
WSACleanup
gethostbyaddr
WSAEnumNetworkEvents
WSAEventSelect
bind
closesocket
getsockopt
connect
accept
WSARecvFrom
WSASetLastError
socket
shutdown
ntohl
setsockopt
sendto
recv
listen

ole32

CoTaskMemFree
CoCreateInstance
PropVariantClear

iphlpapi

IcmpSendEcho2
IcmpCloseHandle
IcmpCreateFile
IcmpParseReplies

ntdll

NtQueryVolumeInformationFile

api-ms-win-crt-stdio-l1-1-0

fopen_s
ftell
fseek
fread
__stdio_common_vsscanf
__stdio_common_vsprintf
fwrite
fclose
fopen
fflush

api-ms-win-crt-string-l1-1-0

strcmp
_strdup
strncpy
strncmp
strpbrk

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_crt_atexit
_errno
strerror
_cexit
_initialize_onexit_table
_initterm_e
_configure_narrow_argv
abort
_wassert
_getpid
_initterm
_seh_filter_dll
_initialize_narrow_environment
_register_onexit_function

api-ms-win-crt-heap-l1-1-0

realloc
_callnewh
free
malloc

api-ms-win-crt-math-l1-1-0

sin

api-ms-win-crt-time-l1-1-0

_ftime64
clock

api-ms-win-crt-filesystem-l1-1-0

remove

api-ms-win-crt-utility-l1-1-0

srand
rand

Exports

Exports

AlgorithmGetImplementedVector
Array_Unmarshal
BnAdd
BnAddWord
BnCopy
BnCurveFree
BnCurveInitialize
BnDiv
BnEccAdd
BnEccModMult
BnEccModMult2
BnFrom2B
BnFromBytes
BnGenerateRandomInRange
BnGenerateRandomInRangeAllBytes
BnGetRandomBits
BnInit
BnInitializePoint
BnInitializeWord
BnMaskBits
BnModExp
BnModInverse
BnModMult
BnModWord
BnMsb
BnMult
BnPointFrom2B
BnPointTo2B
BnSetBit
BnSetTop
BnSetWord
BnShiftRight
BnSizeInBits
BnSub
BnSubWord
BnTestBit
BnTo2B
BnToBytes
BnUnsignedCmp
BnUnsignedCmpWord
CryptDigestUpdate
CryptDigestUpdate2B
CryptDigestUpdateInt
CryptEcc2PhaseKeyExchange
CryptEccCommitCompute
CryptEccGenerateKey
CryptEccGetCurveByIndex
CryptEccGetKeySizeForCurve
CryptEccGetParameter
CryptEccGetParametersByCurveId
CryptEccIsCurveRuntimeUsable
CryptEccIsPointOnCurve
CryptEccIsValidPrivateKey
CryptEccNewKeyPair
CryptEccPointMultiply
CryptEccSign
CryptEccValidateSignature
CryptGetSymmetricBlockSize
CryptHashBlock
CryptHashEnd
CryptHashEnd2B
CryptHashGetAlgByIndex
CryptHashGetBlockSize
CryptHashGetDigestSize
CryptHashStart
CryptHmacEnd
CryptHmacEnd2B
CryptHmacStart
CryptHmacStart2B
CryptKDFa
CryptKDFe
CryptMGF_KDF
CryptRandInit
CryptRandStartup
CryptRandomGenerate
CryptRandomStir
CryptRsaDecrypt
CryptRsaEncrypt
CryptRsaGenerateKey
CryptRsaSign
CryptRsaValidateSignature
CryptSelfTest
CryptSymmetricDecrypt
CryptSymmetricEncrypt
CryptTestAlgorithm
DRBG_AdditionalData
DRBG_Generate
DRBG_GetSeedCompatLevel
DRBG_Instantiate
DRBG_InstantiateSeeded
DRBG_InstantiateSeededKdf
DRBG_Uninstantiate
DivideB
EcPointInitialized
ExecuteCommand
FindNthSetBit
INT8_Unmarshal
MemoryCopy2B
Msb
PrimeSelectWithSieve
PrimeSieve
RsaAdjustPrimeCandidate
RsaAdjustPrimeLimit
RsaNextPrime
SM2KeyExchange
SupportLibInit
TPM2B_AUTH_Unmarshal
TPM2B_CONTEXT_DATA_Unmarshal
TPM2B_DATA_Unmarshal
TPM2B_DIGEST_Unmarshal
TPM2B_ECC_PARAMETER_Unmarshal
TPM2B_ECC_POINT_Unmarshal
TPM2B_ENCRYPTED_SECRET_Unmarshal
TPM2B_EVENT_Unmarshal
TPM2B_ID_OBJECT_Unmarshal
TPM2B_IV_Unmarshal
TPM2B_LABEL_Unmarshal
TPM2B_MAX_BUFFER_Unmarshal
TPM2B_MAX_NV_BUFFER_Unmarshal
TPM2B_NAME_Unmarshal
TPM2B_NONCE_Unmarshal
TPM2B_NV_PUBLIC_Unmarshal
TPM2B_PRIVATE_KEY_RSA_Unmarshal
TPM2B_PRIVATE_Unmarshal
TPM2B_PUBLIC_KEY_RSA_Unmarshal
TPM2B_PUBLIC_Unmarshal
TPM2B_SENSITIVE_CREATE_Unmarshal
TPM2B_SENSITIVE_DATA_Unmarshal
TPM2B_SENSITIVE_Unmarshal
TPM2B_SYM_KEY_Unmarshal
TPM2B_TEMPLATE_Unmarshal
TPM2B_TIMEOUT_Unmarshal
TPM2B_Unmarshal
TPMA_ALGORITHM_Unmarshal
TPMA_CC_Unmarshal
TPMA_LOCALITY_Unmarshal
TPMA_NV_Unmarshal
TPMA_OBJECT_Unmarshal
TPMA_SESSION_Unmarshal
TPMI_AES_KEY_BITS_Unmarshal
TPMI_ALG_CIPHER_MODE_Unmarshal
TPMI_ALG_ECC_SCHEME_Unmarshal
TPMI_ALG_HASH_Unmarshal
TPMI_ALG_KDF_Unmarshal
TPMI_ALG_KEYEDHASH_SCHEME_Unmarshal
TPMI_ALG_MAC_SCHEME_Unmarshal
TPMI_ALG_PUBLIC_Unmarshal
TPMI_ALG_RSA_DECRYPT_Unmarshal
TPMI_ALG_RSA_SCHEME_Unmarshal
TPMI_ALG_SIG_SCHEME_Unmarshal
TPMI_ALG_SYM_MODE_Unmarshal
TPMI_ALG_SYM_OBJECT_Unmarshal
TPMI_ALG_SYM_Unmarshal
TPMI_CAMELLIA_KEY_BITS_Unmarshal
TPMI_DH_CONTEXT_Unmarshal
TPMI_DH_ENTITY_Unmarshal
TPMI_DH_OBJECT_Unmarshal
TPMI_DH_PARENT_Unmarshal
TPMI_DH_PCR_Unmarshal
TPMI_DH_PERSISTENT_Unmarshal
TPMI_DH_SAVED_Unmarshal
TPMI_ECC_CURVE_Unmarshal
TPMI_ECC_KEY_EXCHANGE_Unmarshal
TPMI_RH_ACT_Unmarshal
TPMI_RH_AC_Unmarshal
TPMI_RH_CLEAR_Unmarshal
TPMI_RH_ENABLES_Unmarshal
TPMI_RH_ENDORSEMENT_Unmarshal
TPMI_RH_HIERARCHY_AUTH_Unmarshal
TPMI_RH_HIERARCHY_POLICY_Unmarshal
TPMI_RH_HIERARCHY_Unmarshal
TPMI_RH_LOCKOUT_Unmarshal
TPMI_RH_NV_AUTH_Unmarshal
TPMI_RH_NV_INDEX_Unmarshal
TPMI_RH_PLATFORM_Unmarshal
TPMI_RH_PROVISION_Unmarshal
TPMI_RSA_KEY_BITS_Unmarshal
TPMI_SH_AUTH_SESSION_Unmarshal
TPMI_SH_HMAC_Unmarshal
TPMI_SH_POLICY_Unmarshal
TPMI_ST_COMMAND_TAG_Unmarshal
TPMI_TDES_KEY_BITS_Unmarshal
TPMI_YES_NO_Unmarshal
TPML_ALG_Unmarshal
TPML_CC_Unmarshal
TPML_DIGEST_Unmarshal
TPML_DIGEST_VALUES_Unmarshal
TPML_PCR_SELECTION_Unmarshal
TPMS_CONTEXT_Unmarshal
TPMS_DERIVE_Unmarshal
TPMS_ECC_PARMS_Unmarshal
TPMS_ECC_POINT_Unmarshal
TPMS_EMPTY_Unmarshal
TPMS_ENC_SCHEME_OAEP_Unmarshal
TPMS_ENC_SCHEME_RSAES_Unmarshal
TPMS_KDF_SCHEME_KDF1_SP800_108_Unmarshal
TPMS_KDF_SCHEME_KDF1_SP800_56A_Unmarshal
TPMS_KDF_SCHEME_KDF2_Unmarshal
TPMS_KDF_SCHEME_MGF1_Unmarshal
TPMS_KEYEDHASH_PARMS_Unmarshal
TPMS_KEY_SCHEME_ECDH_Unmarshal
TPMS_KEY_SCHEME_ECMQV_Unmarshal
TPMS_NV_PUBLIC_Unmarshal
TPMS_PCR_SELECTION_Unmarshal
TPMS_RSA_PARMS_Unmarshal
TPMS_SCHEME_ECDAA_Unmarshal
TPMS_SCHEME_HASH_Unmarshal
TPMS_SCHEME_HMAC_Unmarshal
TPMS_SCHEME_XOR_Unmarshal
TPMS_SENSITIVE_CREATE_Unmarshal
TPMS_SIGNATURE_ECC_Unmarshal
TPMS_SIGNATURE_ECDAA_Unmarshal
TPMS_SIGNATURE_ECDSA_Unmarshal
TPMS_SIGNATURE_ECSCHNORR_Unmarshal
TPMS_SIGNATURE_RSAPSS_Unmarshal
TPMS_SIGNATURE_RSASSA_Unmarshal
TPMS_SIGNATURE_RSA_Unmarshal
TPMS_SIGNATURE_SM2_Unmarshal
TPMS_SIG_SCHEME_ECDAA_Unmarshal
TPMS_SIG_SCHEME_ECDSA_Unmarshal
TPMS_SIG_SCHEME_ECSCHNORR_Unmarshal
TPMS_SIG_SCHEME_RSAPSS_Unmarshal
TPMS_SIG_SCHEME_RSASSA_Unmarshal
TPMS_SIG_SCHEME_SM2_Unmarshal
TPMS_SYMCIPHER_PARMS_Unmarshal
TPMT_ECC_SCHEME_Unmarshal
TPMT_HA_Unmarshal
TPMT_KDF_SCHEME_Unmarshal
TPMT_KEYEDHASH_SCHEME_Unmarshal
TPMT_PUBLIC_PARMS_Unmarshal
TPMT_PUBLIC_Unmarshal
TPMT_RSA_DECRYPT_Unmarshal
TPMT_RSA_SCHEME_Unmarshal
TPMT_SENSITIVE_Unmarshal
TPMT_SIGNATURE_Unmarshal
TPMT_SIG_SCHEME_Unmarshal
TPMT_SYM_DEF_OBJECT_Unmarshal
TPMT_SYM_DEF_Unmarshal
TPMT_TK_AUTH_Unmarshal
TPMT_TK_CREATION_Unmarshal
TPMT_TK_HASHCHECK_Unmarshal
TPMT_TK_VERIFIED_Unmarshal
TPMU_ASYM_SCHEME_Unmarshal
TPMU_HA_Unmarshal
TPMU_KDF_SCHEME_Unmarshal
TPMU_PUBLIC_ID_Unmarshal
TPMU_PUBLIC_PARMS_Unmarshal
TPMU_SCHEME_KEYEDHASH_Unmarshal
TPMU_SENSITIVE_COMPOSITE_Unmarshal
TPMU_SIGNATURE_Unmarshal
TPMU_SIG_SCHEME_Unmarshal
TPMU_SYM_KEY_BITS_Unmarshal
TPMU_SYM_MODE_Unmarshal
TPM_ALG_ID_Unmarshal
TPM_AT_Unmarshal
TPM_CAP_Unmarshal
TPM_CC_Unmarshal
TPM_CLOCK_ADJUST_Unmarshal
TPM_ECC_CURVE_Unmarshal
TPM_EO_Unmarshal
TPM_HANDLE_Unmarshal
TPM_KEY_BITS_Unmarshal
TPM_Manufacture
TPM_PT_PCR_Unmarshal
TPM_PT_Unmarshal
TPM_SE_Unmarshal
TPM_ST_Unmarshal
TPM_SU_Unmarshal
TPM_TearDown
TestAlgorithm
UINT16_Unmarshal
UINT32_Unmarshal
UINT64_Unmarshal
UINT8_Unmarshal
UnsignedCompareB
VBoxDevicesRegister
VBoxDriversRegister
VBoxUsbRegister
_TPM_Hash_Data
_TPM_Hash_End
_TPM_Hash_Start
_TPM_Init
_plat__ACT_EnableTicks
_plat__ACT_GetImplemented
_plat__ACT_GetRemaining
_plat__ACT_GetSignaled
_plat__ACT_Initialize
_plat__ClearCancel
_plat__ClockAdjustRate
_plat__Fail
_plat__GetEntropy
_plat__GetUnique
_plat__IsCanceled
_plat__IsNvAvailable
_plat__LocalityGet
_plat__LocalitySet
_plat__NVDisable
_plat__NVEnable
_plat__NVEnable_NVChipFile
_plat__NvCommit
_plat__NvIsDifferent
_plat__NvMemoryClear
_plat__NvMemoryMove
_plat__NvMemoryRead
_plat__NvMemoryWrite
_plat__PhysicalPresenceAsserted
_plat__RealTime
_plat__RunCommand
_plat__SetCancel
_plat__SetNvAvail
_plat__Signal_PowerOff
_plat__Signal_PowerOn
_plat__Signal_Reset
_plat__TimerRead
_plat__TimerReset
_plat__TimerRestart
_plat__TimerWasReset
_plat__TimerWasStopped
_plat__WasPowerLost

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 822KB - Virtual size: 822KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 6.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Settings/VBoxDD2.dll
.dll windows:6 windows x64 arch:x64

81933fbe25314fd119612bbfdd2e90bb

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

23:7e:83:ac:42:24:c1:ad:a0:cf:0a:5d
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

20/01/2023, 01:45

Not After

01/03/2024, 14:11

Subject

SERIALNUMBER=42351168,CN=VEKTOR T13 TECHNOLOGIES LLC,O=VEKTOR T13 TECHNOLOGIES LLC,STREET=SEVERINA POTOTSKOGO STREET\, building 32\, apartment 85,L=Kharkiv,ST=Kharkiv Oblast,C=UA,1.2.840.113549.1.9.1=#0c1776656b746f727431334070726f746f6e6d61696c2e6368,1.3.6.1.4.1.311.60.2.1.3=#13025541,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

23:7e:83:ac:42:24:c1:ad:a0:cf:0a:5d
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

20/01/2023, 01:45

Not After

01/03/2024, 14:11

Subject

SERIALNUMBER=42351168,CN=VEKTOR T13 TECHNOLOGIES LLC,O=VEKTOR T13 TECHNOLOGIES LLC,STREET=SEVERINA POTOTSKOGO STREET\, building 32\, apartment 85,L=Kharkiv,ST=Kharkiv Oblast,C=UA,1.2.840.113549.1.9.1=#0c1776656b746f727431334070726f746f6e6d61696c2e6368,1.3.6.1.4.1.311.60.2.1.3=#13025541,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:37:16:4d:04:57:48:05:33:03:8e:54:6f:51:16:ce:15:7f:c1:e1:38:e8:ae:ec:e7:d9:18:cf:99:da:11:3e
Signer

Actual PE Digest

30:37:16:4d:04:57:48:05:33:03:8e:54:6f:51:16:ce:15:7f:c1:e1:38:e8:ae:ec:e7:d9:18:cf:99:da:11:3e

Digest Algorithm

sha256

PE Digest Matches

true

22:26:6c:9e:15:52:16:15:b0:81:d4:6c:b3:e4:d5:d5:24:6c:b2:35
Signer

Actual PE Digest

22:26:6c:9e:15:52:16:15:b0:81:d4:6c:b3:e4:d5:d5:24:6c:b2:35

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Devel\Antidetect4\Patreon\VirtualBox\out\win.amd64\release\obj\VBoxDD2\VBoxDD2.pdb

Imports

vboxrt

RTAssertMsg1Weak
RTAssertMsg2Weak
RTAssertShouldPanic

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_cexit
_initialize_onexit_table

api-ms-win-crt-string-l1-1-0

memset

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
QueryPerformanceCounter

vcruntime140

__C_specific_handler
__std_type_info_destroy_list

Exports

Exports

VBoxDevicesRegister
g_abEfiFirmware32
g_abEfiFirmware64
g_abNetBiosBinary
g_abPcBiosBinary286
g_abPcBiosBinary386
g_abPcBiosBinary8086
g_abVgaBiosBinary286
g_abVgaBiosBinary386
g_abVgaBiosBinary8086
g_cbEfiFirmware32
g_cbEfiFirmware64
g_cbNetBiosBinary
g_cbPcBiosBinary286
g_cbPcBiosBinary386
g_cbPcBiosBinary8086
g_cbVgaBiosBinary286
g_cbVgaBiosBinary386
g_cbVgaBiosBinary8086

Sections

.text
Size: 8.0MB - Virtual size: 8.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 348KB - Virtual size: 347KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setup.exe
.exe windows:6 windows x86 arch:x86

c79c83a78d1e1763a4ee4174740f2404

Code Sign

1c:cf:9d:67:cd:e2:19:ff:12:d9:9a:ff:36:82:e5:a7
Certificate

Issuer

CN=SSL.com Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

07/03/2019, 19:35

Not After

03/03/2034, 19:35

Subject

CN=SSL.com Code Signing Intermediate CA ECC R2,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:7c:30:5e:d9:32:55:20:7a:13:11:70:1f:7c:cc:b1
Certificate

Issuer

CN=SSL.com Code Signing Intermediate CA ECC R2,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

26/07/2023, 19:47

Not After

25/07/2026, 19:47

Subject

CN=DesktopPaints OU,O=DesktopPaints OU,L=Tallinn,ST=Harju County,C=EE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

19/02/2024, 16:18

Not After

16/02/2034, 16:18

Subject

CN=SSL.com Timestamping Unit 2024 E1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:c3:cc:9c:d3:c9:21:50:67:6b:aa:a3:55:b6:e8:9e:8b:9a:f8:c9:6d:0e:28:2c:1f:45:a0:22:fd:c5:bf:84
Signer

Actual PE Digest

4c:c3:cc:9c:d3:c9:21:50:67:6b:aa:a3:55:b6:e8:9e:8b:9a:f8:c9:6d:0e:28:2c:1f:45:a0:22:fd:c5:bf:84

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

d3d9

Direct3DCreate9

d3dx9_43

D3DXMatrixTranspose
D3DXMatrixRotationAxis
D3DXVec3TransformCoord
D3DXMatrixMultiply
D3DXMatrixScaling
D3DXMatrixTranslation
D3DXMatrixRotationY
D3DXLoadSurfaceFromSurface
D3DXCreateTextureFromFileInMemoryEx
D3DXComputeNormals
D3DXLoadMeshFromXW
D3DXGetFVFVertexSize
D3DXLoadMeshFromXInMemory
D3DXCreateTextureFromFileExW
D3DXMatrixRotationZ
D3DXMatrixOrthoOffCenterLH
D3DXMatrixOrthoOffCenterRH
D3DXComputeNormalMap
D3DXMatrixInverse
D3DXCreateTexture
D3DXMatrixPerspectiveFovLH
D3DXMatrixLookAtLH
D3DXCreateEffect
D3DXVec4Transform
D3DXCreateMeshFVF
D3DXMatrixRotationX
D3DXVec3TransformNormal
D3DXVec3Normalize
D3DXComputeBoundingSphere

winmm

timeGetTime
mmioOpenW
mmioRead
mmioSeek
mmioDescend
mmioStringToFOURCCW

dsound

ord11

comctl32

ord17

kernel32

GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
GetStdHandle
GetModuleHandleExW
ExitProcess
FileTimeToSystemTime
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
InitializeCriticalSectionEx
GetTempPathW
LoadLibraryW
WriteFile
DeleteFileW
CopyFileW
LoadResource
LockResource
SizeofResource
FindResourceW
GetCommandLineW
Sleep
GetCurrentThread
SetThreadPriority
GetVersionExW
FreeLibrary
GetProcAddress
lstrcpyW
lstrcatW
DecodePointer
RaiseException
GetLastError
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
DeleteCriticalSection
GetCurrentDirectoryW
GetModuleFileNameW
CreateFileW
GetFullPathNameW
OutputDebugStringW
CloseHandle
QueryPerformanceCounter
QueryPerformanceFrequency
MultiByteToWideChar
WideCharToMultiByte
TlsSetValue
TlsGetValue
LoadLibraryExW
TlsAlloc
TlsFree
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
GetModuleHandleW
GetSystemTimeAsFileTime
SwitchToThread
CreateEventW
InitializeCriticalSectionAndSpinCount
SetLastError
LeaveCriticalSection
EnterCriticalSection
SetEvent
GetStringTypeW
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SetStdHandle
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
ReadFile
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
SystemTimeToTzSpecificLocalTime
CreateProcessW
SetEndOfFile

user32

SetRectEmpty
SetRect
FrameRect
FillRect
ScreenToClient
SystemParametersInfoW
UnionRect
LoadIconW
AdjustWindowRect
GetClientRect
GetWindowTextW
SetWindowTextW
InvalidateRect
MonitorFromRect
MonitorFromWindow
GetMonitorInfoW
EnumDisplaySettingsW
MessageBoxW
EnumDisplayDevicesW
EndPaint
BeginPaint
UpdateWindow
DrawTextW
EnableWindow
KillTimer
SetTimer
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItem
EndDialog
DialogBoxParamW
SetWindowPos
ShowWindow
RegisterClassW
PostQuitMessage
DefWindowProcW
PostMessageW
SendMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
wsprintfW
LoadStringW
LoadCursorW
SetCursor
CreateWindowExW

gdi32

ExcludeClipRect
GetStockObject

advapi32

RegOpenKeyW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW

shell32

ShellExecuteW

ole32

CoCreateInstance
CoInitialize
CLSIDFromString
CoCreateGuid
StringFromGUID2

oleaut32

SysFreeString
SysAllocString

shlwapi

PathFileExistsW
PathFindFileNameW

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 304KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 458KB - Virtual size: 457KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
System.IO.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:c5:96:40:60:4b:f4:de:ae:2e:00:00:00:00:00:c5
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/09/2016, 17:58

Not After

07/09/2018, 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/08/2017, 20:11

Not After

11/08/2018, 20:11

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:c4:e9:89:f8:7a:81:50:e9:ff:00:00:00:00:00:c4
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/08/2017, 20:20

Not After

11/08/2018, 20:20

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:b8:4f:a9:c3:89:20:86:32:c9:d8:c4:e2:da:5e:e4:df:37:5f:d1:01:d8:7e:92:c0:41:2c:24:fc:e3:d8:53
Signer

Actual PE Digest

0b:b8:4f:a9:c3:89:20:86:32:c9:d8:c4:e2:da:5e:e4:df:37:5f:d1:01:d8:7e:92:c0:41:2c:24:fc:e3:d8:53

Digest Algorithm

sha256

PE Digest Matches

true

46:b3:2f:33:67:6d:00:d2:ad:b1:c2:a9:cf:73:b5:49:5a:34:cc:da
Signer

Actual PE Digest

46:b3:2f:33:67:6d:00:d2:ad:b1:c2:a9:cf:73:b5:49:5a:34:cc:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\A\_work\582\s\bin\obj\ref\System.IO\4.1.2.0\System.IO.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
adu
d3dx9_43.dll
.dll windows:6 windows x86 arch:x86

5fb75b2a87c1fa7cc3d7904a0b97084a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d3dx9_43.pdb

Imports

msvcrt

_isatty
_write
_lseeki64
__pioinfo
__badioinfo
wctomb
_itoa
_snprintf
_fileno
isleadbyte
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
_amsg_exit
_initterm
_XcptFilter
srand
strtod
fread
fflush
fwrite
abort
_tempnam
exit
isalpha
atof
atol
isxdigit
_ultoa
wcstombs
_CIexp
_isnan
rand
atoi
isalnum
floor
_strtime
_strdate
sscanf
isspace
isdigit
_setjmp3
longjmp
ldexp
frexp
calloc
realloc
_CIlog
setlocale
_strdup
free
_clearfp
ceil
_controlfp
malloc
_CIatan
_CIcos
_CIasin
_finite
_CIsin
_CIatan2
_CIacos
memmove
qsort
_CIfmod
_purecall
_stricmp
modf
iswspace
iswalpha
iswdigit
iswpunct
_CIsqrt
memcpy
memset
_CIpow
??2@YAPAXI@Z
??3@YAXPAX@Z
_iob
_vsnprintf
_vsnwprintf
_errno
__CxxFrameHandler

gdi32

GetTextMetricsA
GetObjectA
GetGlyphOutlineA
CreateDIBSection
DeleteDC
DeleteObject
SelectObject
GetCharacterPlacementW
GetCharacterPlacementA
SetTextColor
SetBkColor
SetBkMode
GetTextMetricsW
GetFontLanguageInfo
CreateFontIndirectA
CreateFontIndirectW
SetTextAlign
SetMapMode
CreateCompatibleDC
ExtTextOutA
MoveToEx
ExtTextOutW
TranslateCharsetInfo
GetCurrentObject
GetOutlineTextMetricsA
GetGlyphOutlineW
GetObjectW

kernel32

DeleteFileW
SetFilePointer
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
FindResourceA
LoadResource
LockResource
SizeofResource
FreeResource
CompareStringA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FormatMessageA
LocalFree
CreateFileW
GetFileSizeEx
GetFullPathNameW
GetLastError
IsDBCSLeadByte
WriteFile
GetTempPathA
MoveFileA
CreateFileA
ReadFile
CloseHandle
DeleteFileA
InterlockedDecrement
InterlockedIncrement
IsProcessorFeaturePresent
VirtualFree
GetACP
WideCharToMultiByte
MultiByteToWideChar
OutputDebugStringA
GetModuleHandleA
FreeLibrary
LoadLibraryA
GetVersionExA
GetSystemInfo
GetProcAddress
VirtualAlloc
GetProcessHeap
HeapFree
HeapAlloc
DisableThreadLibraryCalls
MoveFileW
GetTempFileNameW
GlobalMemoryStatus
SetEndOfFile
ExpandEnvironmentStringsA
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
WaitForSingleObject
ReleaseMutex
CreateMutexA
Sleep
InterlockedExchange
InterlockedCompareExchange
RtlUnwind
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetVersion
GetTempFileNameA
FindResourceW

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey

Exports

Exports

D3DXAssembleShader
D3DXAssembleShaderFromFileA
D3DXAssembleShaderFromFileW
D3DXAssembleShaderFromResourceA
D3DXAssembleShaderFromResourceW
D3DXBoxBoundProbe
D3DXCheckCubeTextureRequirements
D3DXCheckTextureRequirements
D3DXCheckVersion
D3DXCheckVolumeTextureRequirements
D3DXCleanMesh
D3DXColorAdjustContrast
D3DXColorAdjustSaturation
D3DXCompileShader
D3DXCompileShaderFromFileA
D3DXCompileShaderFromFileW
D3DXCompileShaderFromResourceA
D3DXCompileShaderFromResourceW
D3DXComputeBoundingBox
D3DXComputeBoundingSphere
D3DXComputeIMTFromPerTexelSignal
D3DXComputeIMTFromPerVertexSignal
D3DXComputeIMTFromSignal
D3DXComputeIMTFromTexture
D3DXComputeNormalMap
D3DXComputeNormals
D3DXComputeTangent
D3DXComputeTangentFrame
D3DXComputeTangentFrameEx
D3DXConcatenateMeshes
D3DXConvertMeshSubsetToSingleStrip
D3DXConvertMeshSubsetToStrips
D3DXCreateAnimationController
D3DXCreateBox
D3DXCreateBuffer
D3DXCreateCompressedAnimationSet
D3DXCreateCubeTexture
D3DXCreateCubeTextureFromFileA
D3DXCreateCubeTextureFromFileExA
D3DXCreateCubeTextureFromFileExW
D3DXCreateCubeTextureFromFileInMemory
D3DXCreateCubeTextureFromFileInMemoryEx
D3DXCreateCubeTextureFromFileW
D3DXCreateCubeTextureFromResourceA
D3DXCreateCubeTextureFromResourceExA
D3DXCreateCubeTextureFromResourceExW
D3DXCreateCubeTextureFromResourceW
D3DXCreateCylinder
D3DXCreateEffect
D3DXCreateEffectCompiler
D3DXCreateEffectCompilerFromFileA
D3DXCreateEffectCompilerFromFileW
D3DXCreateEffectCompilerFromResourceA
D3DXCreateEffectCompilerFromResourceW
D3DXCreateEffectEx
D3DXCreateEffectFromFileA
D3DXCreateEffectFromFileExA
D3DXCreateEffectFromFileExW
D3DXCreateEffectFromFileW
D3DXCreateEffectFromResourceA
D3DXCreateEffectFromResourceExA
D3DXCreateEffectFromResourceExW
D3DXCreateEffectFromResourceW
D3DXCreateEffectPool
D3DXCreateFontA
D3DXCreateFontIndirectA
D3DXCreateFontIndirectW
D3DXCreateFontW
D3DXCreateKeyframedAnimationSet
D3DXCreateLine
D3DXCreateMatrixStack
D3DXCreateMesh
D3DXCreateMeshFVF
D3DXCreateNPatchMesh
D3DXCreatePMeshFromStream
D3DXCreatePRTBuffer
D3DXCreatePRTBufferTex
D3DXCreatePRTCompBuffer
D3DXCreatePRTEngine
D3DXCreatePatchMesh
D3DXCreatePolygon
D3DXCreateRenderToEnvMap
D3DXCreateRenderToSurface
D3DXCreateSPMesh
D3DXCreateSkinInfo
D3DXCreateSkinInfoFVF
D3DXCreateSkinInfoFromBlendedMesh
D3DXCreateSphere
D3DXCreateSprite
D3DXCreateTeapot
D3DXCreateTextA
D3DXCreateTextW
D3DXCreateTexture
D3DXCreateTextureFromFileA
D3DXCreateTextureFromFileExA
D3DXCreateTextureFromFileExW
D3DXCreateTextureFromFileInMemory
D3DXCreateTextureFromFileInMemoryEx
D3DXCreateTextureFromFileW
D3DXCreateTextureFromResourceA
D3DXCreateTextureFromResourceExA
D3DXCreateTextureFromResourceExW
D3DXCreateTextureFromResourceW
D3DXCreateTextureGutterHelper
D3DXCreateTextureShader
D3DXCreateTorus
D3DXCreateVolumeTexture
D3DXCreateVolumeTextureFromFileA
D3DXCreateVolumeTextureFromFileExA
D3DXCreateVolumeTextureFromFileExW
D3DXCreateVolumeTextureFromFileInMemory
D3DXCreateVolumeTextureFromFileInMemoryEx
D3DXCreateVolumeTextureFromFileW
D3DXCreateVolumeTextureFromResourceA
D3DXCreateVolumeTextureFromResourceExA
D3DXCreateVolumeTextureFromResourceExW
D3DXCreateVolumeTextureFromResourceW
D3DXDebugMute
D3DXDeclaratorFromFVF
D3DXDisassembleEffect
D3DXDisassembleShader
D3DXFVFFromDeclarator
D3DXFileCreate
D3DXFillCubeTexture
D3DXFillCubeTextureTX
D3DXFillTexture
D3DXFillTextureTX
D3DXFillVolumeTexture
D3DXFillVolumeTextureTX
D3DXFilterTexture
D3DXFindShaderComment
D3DXFloat16To32Array
D3DXFloat32To16Array
D3DXFrameAppendChild
D3DXFrameCalculateBoundingSphere
D3DXFrameDestroy
D3DXFrameFind
D3DXFrameNumNamedMatrices
D3DXFrameRegisterNamedMatrices
D3DXFresnelTerm
D3DXGenerateOutputDecl
D3DXGeneratePMesh
D3DXGetDeclLength
D3DXGetDeclVertexSize
D3DXGetDriverLevel
D3DXGetFVFVertexSize
D3DXGetImageInfoFromFileA
D3DXGetImageInfoFromFileInMemory
D3DXGetImageInfoFromFileW
D3DXGetImageInfoFromResourceA
D3DXGetImageInfoFromResourceW
D3DXGetPixelShaderProfile
D3DXGetShaderConstantTable
D3DXGetShaderConstantTableEx
D3DXGetShaderInputSemantics
D3DXGetShaderOutputSemantics
D3DXGetShaderSamplers
D3DXGetShaderSize
D3DXGetShaderVersion
D3DXGetVertexShaderProfile
D3DXIntersect
D3DXIntersectSubset
D3DXIntersectTri
D3DXLoadMeshFromXA
D3DXLoadMeshFromXInMemory
D3DXLoadMeshFromXResource
D3DXLoadMeshFromXW
D3DXLoadMeshFromXof
D3DXLoadMeshHierarchyFromXA
D3DXLoadMeshHierarchyFromXInMemory
D3DXLoadMeshHierarchyFromXW
D3DXLoadPRTBufferFromFileA
D3DXLoadPRTBufferFromFileW
D3DXLoadPRTCompBufferFromFileA
D3DXLoadPRTCompBufferFromFileW
D3DXLoadPatchMeshFromXof
D3DXLoadSkinMeshFromXof
D3DXLoadSurfaceFromFileA
D3DXLoadSurfaceFromFileInMemory
D3DXLoadSurfaceFromFileW
D3DXLoadSurfaceFromMemory
D3DXLoadSurfaceFromResourceA
D3DXLoadSurfaceFromResourceW
D3DXLoadSurfaceFromSurface
D3DXLoadVolumeFromFileA
D3DXLoadVolumeFromFileInMemory
D3DXLoadVolumeFromFileW
D3DXLoadVolumeFromMemory
D3DXLoadVolumeFromResourceA
D3DXLoadVolumeFromResourceW
D3DXLoadVolumeFromVolume
D3DXMatrixAffineTransformation
D3DXMatrixAffineTransformation2D
D3DXMatrixDecompose
D3DXMatrixDeterminant
D3DXMatrixInverse
D3DXMatrixLookAtLH
D3DXMatrixLookAtRH
D3DXMatrixMultiply
D3DXMatrixMultiplyTranspose
D3DXMatrixOrthoLH
D3DXMatrixOrthoOffCenterLH
D3DXMatrixOrthoOffCenterRH
D3DXMatrixOrthoRH
D3DXMatrixPerspectiveFovLH
D3DXMatrixPerspectiveFovRH
D3DXMatrixPerspectiveLH
D3DXMatrixPerspectiveOffCenterLH
D3DXMatrixPerspectiveOffCenterRH
D3DXMatrixPerspectiveRH
D3DXMatrixReflect
D3DXMatrixRotationAxis
D3DXMatrixRotationQuaternion
D3DXMatrixRotationX
D3DXMatrixRotationY
D3DXMatrixRotationYawPitchRoll
D3DXMatrixRotationZ
D3DXMatrixScaling
D3DXMatrixShadow
D3DXMatrixTransformation
D3DXMatrixTransformation2D
D3DXMatrixTranslation
D3DXMatrixTranspose
D3DXOptimizeFaces
D3DXOptimizeVertices
D3DXPlaneFromPointNormal
D3DXPlaneFromPoints
D3DXPlaneIntersectLine
D3DXPlaneNormalize
D3DXPlaneTransform
D3DXPlaneTransformArray
D3DXPreprocessShader
D3DXPreprocessShaderFromFileA
D3DXPreprocessShaderFromFileW
D3DXPreprocessShaderFromResourceA
D3DXPreprocessShaderFromResourceW
D3DXQuaternionBaryCentric
D3DXQuaternionExp
D3DXQuaternionInverse
D3DXQuaternionLn
D3DXQuaternionMultiply
D3DXQuaternionNormalize
D3DXQuaternionRotationAxis
D3DXQuaternionRotationMatrix
D3DXQuaternionRotationYawPitchRoll
D3DXQuaternionSlerp
D3DXQuaternionSquad
D3DXQuaternionSquadSetup
D3DXQuaternionToAxisAngle
D3DXRectPatchSize
D3DXSHAdd
D3DXSHDot
D3DXSHEvalConeLight
D3DXSHEvalDirection
D3DXSHEvalDirectionalLight
D3DXSHEvalHemisphereLight
D3DXSHEvalSphericalLight
D3DXSHMultiply2
D3DXSHMultiply3
D3DXSHMultiply4
D3DXSHMultiply5
D3DXSHMultiply6
D3DXSHPRTCompSplitMeshSC
D3DXSHPRTCompSuperCluster
D3DXSHProjectCubeMap
D3DXSHRotate
D3DXSHRotateZ
D3DXSHScale
D3DXSaveMeshHierarchyToFileA
D3DXSaveMeshHierarchyToFileW
D3DXSaveMeshToXA
D3DXSaveMeshToXW
D3DXSavePRTBufferToFileA
D3DXSavePRTBufferToFileW
D3DXSavePRTCompBufferToFileA
D3DXSavePRTCompBufferToFileW
D3DXSaveSurfaceToFileA
D3DXSaveSurfaceToFileInMemory
D3DXSaveSurfaceToFileW
D3DXSaveTextureToFileA
D3DXSaveTextureToFileInMemory
D3DXSaveTextureToFileW
D3DXSaveVolumeToFileA
D3DXSaveVolumeToFileInMemory
D3DXSaveVolumeToFileW
D3DXSimplifyMesh
D3DXSphereBoundProbe
D3DXSplitMesh
D3DXTessellateNPatches
D3DXTessellateRectPatch
D3DXTessellateTriPatch
D3DXTriPatchSize
D3DXUVAtlasCreate
D3DXUVAtlasPack
D3DXUVAtlasPartition
D3DXValidMesh
D3DXValidPatchMesh
D3DXVec2BaryCentric
D3DXVec2CatmullRom
D3DXVec2Hermite
D3DXVec2Normalize
D3DXVec2Transform
D3DXVec2TransformArray
D3DXVec2TransformCoord
D3DXVec2TransformCoordArray
D3DXVec2TransformNormal
D3DXVec2TransformNormalArray
D3DXVec3BaryCentric
D3DXVec3CatmullRom
D3DXVec3Hermite
D3DXVec3Normalize
D3DXVec3Project
D3DXVec3ProjectArray
D3DXVec3Transform
D3DXVec3TransformArray
D3DXVec3TransformCoord
D3DXVec3TransformCoordArray
D3DXVec3TransformNormal
D3DXVec3TransformNormalArray
D3DXVec3Unproject
D3DXVec3UnprojectArray
D3DXVec4BaryCentric
D3DXVec4CatmullRom
D3DXVec4Cross
D3DXVec4Hermite
D3DXVec4Normalize
D3DXVec4Transform
D3DXVec4TransformArray
D3DXWeldVertices

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nlxtrw

Sharing

General

Malware Config

Signatures

Files

Password: 030923

Password: 030923

Password: 030923

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bbCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

47:61:59:f6:b7:42:45:ca:c9:25:78:ae:bc:3c:f6:ba:c3:c2:15:e8:6d:ed:75:4a:cd:f7:6c:5e:97:9a:9e:e5Signer

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 160B

.rsrc Size: 247KB - Virtual size: 246KB

Password: 030923

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bbCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

79:ad:e0:64:e4:e6:2d:91:c0:f1:bf:7f:f7:1a:3d:a5:01:8f:45:2b:7e:ff:ba:4b:f0:59:d2:18:e7:a8:32:e4Signer

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 160B

.rsrc Size: 251KB - Virtual size: 250KB

Password: 030923

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 284KB - Virtual size: 284KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: 030923

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 161KB - Virtual size: 161KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: 030923

a42f73521c784fa06f1d886fcbcefcba

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

47:61:59:f6:b7:42:45:ca:c9:25:78:ae:bc:3c:f6:ba:c3:c2:15:e8:6d:ed:75:4a:cd:f7:6c:5e:97:9a:9e:e5
Signer

.rdata
Size: 512B - Virtual size: 160B

.rsrc
Size: 247KB - Virtual size: 246KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

79:ad:e0:64:e4:e6:2d:91:c0:f1:bf:7f:f7:1a:3d:a5:01:8f:45:2b:7e:ff:ba:4b:f0:59:d2:18:e7:a8:32:e4
Signer

.rdata
Size: 512B - Virtual size: 160B

.rsrc
Size: 251KB - Virtual size: 250KB

.text
Size: 284KB - Virtual size: 284KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 161KB - Virtual size: 161KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

cf:de:a6:58:6d:f1:ba:ab:46:cb:60:08:e4:1a:5f:83:16:67:26:51:0b:b5:b9:8a:c9:8b:ed:b5:c8:82:6d:c1:e7:36:aa:8a:82:fe:da:08:1c:7c:47:a3:78:cf:af:fe:92:cb:b8:fd:17:10:3d:e8:ca:87:5b:a3:f2:a6:35:30
Signer

3e:e8:ad:96:a2:e1:d0:66:85:77:ae:c2:41:dc:ef:f3:d5:76:58:fd
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 263KB - Virtual size: 263KB

.data
Size: 17KB - Virtual size: 22KB

.pdata
Size: 70KB - Virtual size: 70KB

.gfids
Size: 512B - Virtual size: 156B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 5KB - Virtual size: 5KB

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

03:d7:ef:74:a9:ff:03:a2:20:b6:ed:bb:39:9d:14:c1
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

f6:a3:c5:7e:59:87:21:c6:7b:dd:bc:9b:b2:2d:4f:d1:d2:a5:cc:63:04:1d:78:fb:93:6c:0e:40:16:85:b2:61
Signer