Rainmeter-4[.]5[.]20[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Rainmeter-4.5.20.exe
Size

2.4MB
MD5

b8337b134f4fe6f4b5e3d98174a78e7e
SHA1

77f8542101143d35be7521c3fa14c0beb1df278a
SHA256

9024b3b01b3883af3e12c3023ca9f7569893d25bb8154d785ac5737c7fff3ac9
SHA512

4439739e051563977854ca2aa6fd75e3468de065cbe3888d292d991955ae98e7c9f7288ba6bd5e71d9eef763202d3a69863236a3e725c44411f401b2aa2a3063
SSDEEP

49152:1bCOCeWzHJmtT+Fh8WYP6zQ1tG/oedbUTHBiG7GeqCKyeyLWRnd/azSMT:1bCOCeWzpM+Fh8R6zQrG/7dbUl7kCLes

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/MoreInfo.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UAC.dll
unpack001/$PLUGINSDIR/UserInfo.dll
unpack001/$PLUGINSDIR/nsDialogs.dll

Files

Rainmeter-4.5.20.exe
.exe windows:4 windows x86 arch:x86

61259b55b8912888e90f516ca08dc514

Code Sign

76:53:fe:ac:75:46:48:93:f5:e5:d7:4a:48:3a:4e:f8
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2020, 00:00

Not After

18/03/2045, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

81:4e:42:17:a1:29:7f:ed:5a:cc:d4:17:f8:91:ad:75
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

19/06/2024, 03:25

Not After

28/07/2038, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

31:20:f0:02:b4:8f:69:82:06:46:ba:0c
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2024, 07:30

Not After

04/08/2026, 06:50

Subject

CN=SignPath Foundation,O=SignPath Foundation,L=Lewes,ST=Delaware,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6b:35:79:e7:ac:2a:0c:a9:42:07:12:22:31:00:32:ba:d8:1e:6e:d3:ac:f7:64:bb:f1:85:ff:1d:56:3d:17:dd
Signer

Actual PE Digest

6b:35:79:e7:ac:2a:0c:a9:42:07:12:22:31:00:32:ba:d8:1e:6e:d3:ac:f7:64:bb:f1:85:ff:1d:56:3d:17:dd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 140KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

3e8d18bb71c7ebbda2ddc2a4bb03547b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenW
GlobalFree
lstrcpynW
lstrcmpW
GlobalAlloc
MulDiv
GetModuleHandleW
lstrcpyW

user32

DialogBoxParamW
SetDlgItemTextW
SendDlgItemMessageW
EndDialog
SetWindowTextW
LoadIconW
ShowWindow
SendMessageW
GetDC

gdi32

GetDeviceCaps
CreateFontIndirectW
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 681B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/MoreInfo.dll
.dll windows:4 windows x86 arch:x86

149adf074d317fbf0d2f17314bd18969

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

t:\untgz\MoreInfo\SRC\Release\MoreInfo.pdb

Imports

user32

wsprintfW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

lstrlenW
lstrcpyW
lstrcpynW
lstrcatW
GlobalAlloc
GetSystemDirectoryW
GlobalFree

Exports

Exports

GetComments
GetCompanyName
GetFileDescription
GetFileVersion
GetInternalName
GetLegalCopyright
GetLegalTrademarks
GetOSUserinterfaceLanguage
GetOriginalFilename
GetPrivateBuild
GetProductName
GetProductVersion
GetSpecialBuild
GetUserDefined

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:4 windows x86 arch:x86

0ef725341a4aecf8398c0e2132f38049

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
GetCurrentProcessId
GetCommandLineW
GetProcAddress
CreateThread
GlobalFree
LoadLibraryA
OpenProcess
GlobalAlloc
CreateFileMappingW
Sleep
MapViewOfFile
GetModuleHandleW
UnmapViewOfFile
CreateEventW
SetCurrentDirectoryW
GetVersionExW
GetExitCodeProcess
lstrcatW
LocalFree
GetPrivateProfileStringW
FormatMessageW
GetPrivateProfileIntW
CreateProcessW
CloseHandle
GetLastError
DuplicateHandle
GetCurrentThreadId
lstrlenW
SetEvent
WaitForSingleObject
lstrcmpiW
GetExitCodeThread
GetModuleFileNameW

user32

SetWindowPos
GetClientRect
GetWindowThreadProcessId
SetWindowLongW
DefWindowProcW
GetDlgItem
CallWindowProcW
CallNextHookEx
GetClassNameW
PeekMessageW
DestroyWindow
SendMessageW
SetForegroundWindow
IsWindowVisible
MsgWaitForMultipleObjects
LoadStringW
EndDialog
EnableWindow
DialogBoxParamW
LoadImageW
MessageBoxW
GetWindowLongW
DispatchMessageW
ShowWindow
wsprintfW
CreateDialogParamW
GetWindowRect
IsDialogMessageW
FindWindowExW
CharNextW
CreateWindowExW
LoadIconW
PostMessageW
SetWindowsHookExW
UnhookWindowsHookEx
TranslateMessage

shell32

ShellExecuteExW

advapi32

OpenServiceW
QueryServiceStatus
CloseServiceHandle
OpenProcessToken
OpenSCManagerW
GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
EqualSid

ole32

CoInitialize

Exports

Exports

_

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

5e62e8e248e7364886b604bd1fcf4c13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
GetUserNameW

kernel32

GlobalFree
GetVersion
GlobalAlloc
CloseHandle
GetModuleHandleA
GetLastError
GetCurrentProcess
GetCurrentThread
GetProcAddress
lstrcpynW

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 714B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 705B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

6b5c4f7d679059f68f1269aad3a5cecd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
lstrcpyW
MulDiv
lstrlenW
HeapFree
GetCurrentDirectoryW
lstrcmpiW
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
SetCurrentDirectoryW
HeapAlloc

user32

DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
GetPropW
CharPrevW
DrawFocusRect
GetWindowLongW
DrawTextW
GetClientRect
SetWindowLongW
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamW
MapDialogRect
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
CharNextW
SendMessageW
MapWindowPoints
RemovePropW
GetWindowTextW

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/ActionTimer.dll
.dll windows:6 windows x86 arch:x86

25548d1e17eaa3a0e7f6578a43f8f2b3

Code Sign

33:12:24:c0:be:b8:7c:69:0d:91:d0:69:09:1e:97:e1:7c:a1:f1:cb
Certificate

Issuer

CN=Rainmeter Team Root Certificate,O=Rainmeter Team,L=Helsinki,ST=Uusimaa,C=FI,1.2.840.113549.1.9.1=#0c127465616d407261696e6d657465722e6e6574

Not Before

29/02/2024, 12:17

Not After

26/02/2034, 12:17

Subject

CN=Rainmeter Team

Extended Key Usages

ExtKeyUsageCodeSigning

51:a7:4b:b7:f7:eb:10:31:fc:4d:90:71:b5:37:f0:06:74:9a:54:52:92:bb:37:42:a9:79:6d:7d:2e:5d:60:80
Signer

Actual PE Digest

51:a7:4b:b7:f7:eb:10:31:fc:4d:90:71:b5:37:f0:06:74:9a:54:52:92:bb:37:42:a9:79:6d:7d:2e:5d:60:80

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\build\x32-Release\Obj\PluginActionTimer\ActionTimer.pdb

Imports

rainmeter

RmReadFormula
RmReplaceVariables
RmReadString
RmLogF
RmGet

user32

SendNotifyMessageW
FindWindowW

kernel32

EncodePointer
DecodePointer
WriteConsoleW
CreateFileW
HeapReAlloc
HeapSize
WakeAllConditionVariable
SleepConditionVariableSRW
GetCurrentThreadId
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
CloseHandle
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind
InterlockedFlushSList
GetLastError
SetLastError
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
HeapAlloc
HeapFree
LCMapStringW
GetStdHandle
GetFileType
SetFilePointerEx
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStringTypeW
FlushFileBuffers
WriteFile
GetConsoleOutputCP
SetStdHandle

Exports

Exports

ExecuteBang
Finalize
Initialize
Reload
Update

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/AdvancedCPU.dll
.dll windows:6 windows x86 arch:x86

b1c624bc684847ef7d30ed2ad0b99f96

Code Sign

33:12:24:c0:be:b8:7c:69:0d:91:d0:69:09:1e:97:e1:7c:a1:f1:cb
Certificate

Issuer

CN=Rainmeter Team Root Certificate,O=Rainmeter Team,L=Helsinki,ST=Uusimaa,C=FI,1.2.840.113549.1.9.1=#0c127465616d407261696e6d657465722e6e6574

Not Before

29/02/2024, 12:17

Not After

26/02/2034, 12:17

Subject

CN=Rainmeter Team

Extended Key Usages

ExtKeyUsageCodeSigning

e0:18:10:b6:e4:34:d2:56:ee:ab:8f:eb:54:01:ea:11:91:7c:a5:a6:01:ac:6a:e5:1f:ba:d9:eb:89:5e:44:14
Signer

Actual PE Digest

e0:18:10:b6:e4:34:d2:56:ee:ab:8f:eb:54:01:ea:11:91:7c:a5:a6:01:ac:6a:e5:1f:ba:d9:eb:89:5e:44:14

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\build\x32-Release\Obj\PluginAdvancedCPU\AdvancedCPU.pdb

Imports

rainmeter

RmReadFormula
RmReadString

kernel32

lstrcpyW
IsBadStringPtrW
GetTickCount64
CreateFileW
CloseHandle
WriteConsoleW
lstrlenW
GetModuleFileNameW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
ExitProcess
GetModuleHandleExW
DecodePointer
HeapFree
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx

user32

wsprintfW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

Exports

Exports

Finalize
GetString
Initialize
Reload
Update

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/AudioLevel.dll
.dll windows:6 windows x86 arch:x86

c892355687805396f38824de2aa7a25c

Code Sign

33:12:24:c0:be:b8:7c:69:0d:91:d0:69:09:1e:97:e1:7c:a1:f1:cb
Certificate

Issuer

CN=Rainmeter Team Root Certificate,O=Rainmeter Team,L=Helsinki,ST=Uusimaa,C=FI,1.2.840.113549.1.9.1=#0c127465616d407261696e6d657465722e6e6574

Not Before

29/02/2024, 12:17

Not After

26/02/2034, 12:17

Subject

CN=Rainmeter Team

Extended Key Usages

ExtKeyUsageCodeSigning

c4:b9:87:79:dc:69:eb:90:c2:aa:3a:7d:8b:24:38:7d:8b:c4:bf:76:27:be:10:7f:64:b7:f8:99:4e:2e:9a:ff
Signer

Actual PE Digest

c4:b9:87:79:dc:69:eb:90:c2:aa:3a:7d:8b:24:38:7d:8b:c4:bf:76:27:be:10:7f:64:b7:f8:99:4e:2e:9a:ff

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\build\x32-Release\Obj\PluginAudioLevel\AudioLevel.pdb

Imports

rainmeter

RmReadString
RmLogF
LSLog
RmReadFormula
RmGet

kernel32

HeapAlloc
CreateFileW
DecodePointer
QueryPerformanceFrequency
QueryPerformanceCounter
CloseHandle
HeapReAlloc
HeapSize
GetConsoleMode
GetConsoleOutputCP
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
WriteConsoleW
HeapFree
GetStdHandle
GetFileType
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStringTypeW
GetFileSizeEx
SetFilePointerEx
SetStdHandle
FlushFileBuffers
WriteFile

ole32

CoCreateInstance
CoTaskMemFree
PropVariantClear

Exports

Exports

Finalize
GetString
Initialize
Reload
Update

Sections

.text
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/CoreTemp.dll
.dll windows:6 windows x86 arch:x86

b3001b975b34528faf5a531f3015762c

Code Sign

33:12:24:c0:be:b8:7c:69:0d:91:d0:69:09:1e:97:e1:7c:a1:f1:cb
Certificate

Issuer

CN=Rainmeter Team Root Certificate,O=Rainmeter Team,L=Helsinki,ST=Uusimaa,C=FI,1.2.840.113549.1.9.1=#0c127465616d407261696e6d657465722e6e6574

Not Before

29/02/2024, 12:17

Not After

26/02/2034, 12:17

Subject

CN=Rainmeter Team

Extended Key Usages

ExtKeyUsageCodeSigning

f4:89:10:f1:00:fa:5b:77:10:d0:bf:51:2a:ab:04:b0:3f:c3:e5:71:70:f2:82:43:ed:9b:75:1e:21:f5:26:72
Signer

Actual PE Digest

f4:89:10:f1:00:fa:5b:77:10:d0:bf:51:2a:ab:04:b0:3f:c3:e5:71:70:f2:82:43:ed:9b:75:1e:21:f5:26:72

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\build\x32-Release\Obj\PluginCoreTemp\CoreTemp.pdb

Imports

rainmeter

RmReadFormula
RmLogF
RmReadString

kernel32

GetModuleFileNameW
CreateFileW
DecodePointer
GetLastError
SetLastError
CreateMutexW
WaitForSingleObject
ReleaseMutex
OpenFileMappingW
UnmapViewOfFile
CloseHandle
MapViewOfFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
InterlockedFlushSList
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
ExitProcess
GetModuleHandleExW
WriteConsoleW
HeapFree
HeapAlloc
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStringTypeW
SetFilePointerEx
SetStdHandle
HeapSize
HeapReAlloc
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode

Exports

Exports

Finalize
GetString
Initialize
Reload
Update

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/FileView.dll
.dll windows:6 windows x86 arch:x86

fcc7a5b7ccc6ddbfa817dcc3f0cdb7b7

Code Sign

33:12:24:c0:be:b8:7c:69:0d:91:d0:69:09:1e:97:e1:7c:a1:f1:cb
Certificate

Issuer

CN=Rainmeter Team Root Certificate,O=Rainmeter Team,L=Helsinki,ST=Uusimaa,C=FI,1.2.840.113549.1.9.1=#0c127465616d407261696e6d657465722e6e6574

Not Before

29/02/2024, 12:17

Not After

26/02/2034, 12:17

Subject

CN=Rainmeter Team

Extended Key Usages

ExtKeyUsageCodeSigning

92:85:c5:05:6e:45:6f:a6:04:fa:f6:7e:d0:22:46:66:94:87:da:a0:7d:2d:d6:0f:fe:eb:dc:98:51:9e:af:e0
Signer

Actual PE Digest

92:85:c5:05:6e:45:6f:a6:04:fa:f6:7e:d0:22:46:66:94:87:da:a0:7d:2d:d6:0f:fe:eb:dc:98:51:9e:af:e0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\build\x32-Release\Obj\PluginFileView\FileView.pdb

Imports

shlwapi

PathMatchSpecW

rainmeter

RmReplaceVariables
RmGet
RmReadFormula
RmLogF
RmPathToAbsolute
RmReadString
RmLog
RmExecute

kernel32

HeapReAlloc
HeapSize
GetCurrentDirectoryW
ReadConsoleW
ReadFile
FlushFileBuffers
GetLogicalDrives
CompareFileTime
FindFirstFileExW
EnterCriticalSection
FindNextFileW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
InitializeCriticalSectionEx
FindClose
GetPrivateProfileStringW
FileTimeToSystemTime
DisableThreadLibraryCalls
SetEndOfFile
CloseHandle
GetTimeFormatW
DeleteCriticalSection
VerSetConditionMask
SystemTimeToFileTime
VerifyVersionInfoW
SystemTimeToTzSpecificLocalTime
GetDateFormatW
SetStdHandle
CreateFileW
GetStringTypeW
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
WriteConsoleW
TerminateThread
GetSystemTimeAsFileTime
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
WideCharToMultiByte
MultiByteToWideChar
GetDriveTypeW
SetFilePointerEx
GetFileSizeEx
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
DecodePointer
InitializeSListHead
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetFullPathNameW
ExitProcess
GetModuleFileNameW
HeapFree
HeapAlloc
LCMapStringW
WriteFile
GetConsoleOutputCP
GetConsoleMode

user32

ReleaseDC
GetCursorPos
DestroyMenu
DestroyIcon
CreatePopupMenu
GetIconInfo
GetDC
GetWindowRect
TrackPopupMenuEx
PrivateExtractIconsW

gdi32

GetObjectW
DeleteObject
GetDIBits

shell32

SHParseDisplayName
ShellExecuteExW
SHBindToParent
ord727
SHGetFileInfoW

ole32

CoInitializeEx
CoUninitialize

Exports

Exports

ExecuteBang
Finalize
GetString
Initialize
Reload
Update

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/FolderInfo.dll
.dll windows:6 windows x86 arch:x86

c47e972939d7b0157e16d0daf4975b22

Code Sign

33:12:24:c0:be:b8:7c:69:0d:91:d0:69:09:1e:97:e1:7c:a1:f1:cb
Certificate

Issuer

CN=Rainmeter Team Root Certificate,O=Rainmeter Team,L=Helsinki,ST=Uusimaa,C=FI,1.2.840.113549.1.9.1=#0c127465616d407261696e6d657465722e6e6574

Not Before

29/02/2024, 12:17

Not After

26/02/2034, 12:17

Subject

CN=Rainmeter Team

Extended Key Usages

ExtKeyUsageCodeSigning

96:c7:79:9a:fe:f4:df:cc:e8:6d:4c:1d:e9:20:99:f1:8e:cc:33:ff:de:a3:1b:f0:f6:fc:e8:53:60:3d:db:64
Signer

Actual PE Digest

96:c7:79:9a:fe:f4:df:cc:e8:6d:4c:1d:e9:20:99:f1:8e:cc:33:ff:de:a3:1b:f0:f6:fc:e8:53:60:3d:db:64

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\build\x32-Release\Obj\PluginFolderInfo\FolderInfo.pdb

Imports

rainmeter

RmReadFormula
RmPathToAbsolute
RmReadString
RmGet
ord6
ord5

kernel32

GetModuleFileNameW
CreateFileW
CloseHandle
DecodePointer
FindFirstFileW
FindNextFileW
FindClose
GetTickCount64
GetConsoleMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
ExitProcess
GetModuleHandleExW
WriteConsoleW
HeapFree
HeapAlloc
GetStdHandle
GetFileType
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStringTypeW
SetFilePointerEx
SetStdHandle
HeapSize
HeapReAlloc
FlushFileBuffers
WriteFile
GetConsoleOutputCP

Exports

Exports

Finalize
Initialize
Reload
Update

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/InputText.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:12:24:c0:be:b8:7c:69:0d:91:d0:69:09:1e:97:e1:7c:a1:f1:cb
Certificate

Issuer

CN=Rainmeter Team Root Certificate,O=Rainmeter Team,L=Helsinki,ST=Uusimaa,C=FI,1.2.840.113549.1.9.1=#0c127465616d407261696e6d657465722e6e6574

Not Before

29/02/2024, 12:17

Not After

26/02/2034, 12:17

Subject

CN=Rainmeter Team

Extended Key Usages

ExtKeyUsageCodeSigning

85:12:ac:ca:55:f0:11:f5:ea:64:4e:3c:59:78:d3:d7:a6:59:49:9c:96:bd:79:67:aa:0e:d5:2b:8c:84:9b:35
Signer

Actual PE Digest

85:12:ac:ca:55:f0:11:f5:ea:64:4e:3c:59:78:d3:d7:a6:59:49:9c:96:bd:79:67:aa:0e:d5:2b:8c:84:9b:35

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Exports

Exports

ExecuteBang
Finalize
GetString
Initialize
Reload
Update

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 195B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/PerfMon.dll
.dll windows:6 windows x86 arch:x86

d6311df7e9e9fa35c7f4bf6f36ce56e1

Code Sign

33:12:24:c0:be:b8:7c:69:0d:91:d0:69:09:1e:97:e1:7c:a1:f1:cb
Certificate

Issuer

CN=Rainmeter Team Root Certificate,O=Rainmeter Team,L=Helsinki,ST=Uusimaa,C=FI,1.2.840.113549.1.9.1=#0c127465616d407261696e6d657465722e6e6574

Not Before

29/02/2024, 12:17

Not After

26/02/2034, 12:17

Subject

CN=Rainmeter Team

Extended Key Usages

ExtKeyUsageCodeSigning

5a:c2:8d:a6:3a:9b:59:b8:38:82:1b:34:05:57:ca:ac:12:ea:27:e2:9d:5c:3f:88:09:3a:73:2d:db:54:2c:cb
Signer

Actual PE Digest

5a:c2:8d:a6:3a:9b:59:b8:38:82:1b:34:05:57:ca:ac:12:ea:27:e2:9d:5c:3f:88:09:3a:73:2d:db:54:2c:cb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\build\x32-Release\Obj\PluginPerfMon\PerfMon.pdb

Imports

rainmeter

RmReadFormula
RmReadString

kernel32

IsBadStringPtrW
lstrcpyW
CreateFileW
CloseHandle
WriteConsoleW
lstrlenW
GetModuleFileNameW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
ExitProcess
GetModuleHandleExW
DecodePointer
HeapFree
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx

user32

wsprintfW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

Exports

Exports

Finalize
Initialize
Reload
Update

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/PingPlugin.dll
.dll windows:6 windows x86 arch:x86

dd760caf43effecb12952cdaa5b6b865

Code Sign

33:12:24:c0:be:b8:7c:69:0d:91:d0:69:09:1e:97:e1:7c:a1:f1:cb
Certificate

Issuer

CN=Rainmeter Team Root Certificate,O=Rainmeter Team,L=Helsinki,ST=Uusimaa,C=FI,1.2.840.113549.1.9.1=#0c127465616d407261696e6d657465722e6e6574

Not Before

29/02/2024, 12:17

Not After

26/02/2034, 12:17

Subject

CN=Rainmeter Team

Extended Key Usages

ExtKeyUsageCodeSigning

e9:fe:37:c0:c4:b2:a9:ee:96:f9:74:72:be:46:42:3a:02:e2:e1:2c:2d:59:c2:f6:70:db:02:65:d6:c8:db:c6
Signer

Actual PE Digest

e9:fe:37:c0:c4:b2:a9:ee:96:f9:74:72:be:46:42:3a:02:e2:e1:2c:2d:59:c2:f6:70:db:02:65:d6:c8:db:c6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\build\x32-Release\Obj\PluginPing\PingPlugin.pdb

Imports

ws2_32

WSACleanup
FreeAddrInfoW
WSAStartup
GetAddrInfoW
WSAGetLastError

iphlpapi

IcmpSendEcho2
GetIpErrorString
Icmp6CreateFile
Icmp6SendEcho2
IcmpCreateFile
IcmpCloseHandle

rainmeter

RmGet
RmReadFormula
RmLogF
RmReadString
RmExecute

kernel32

CreateFileW
WriteConsoleW
TlsSetValue
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
EnterCriticalSection
GetModuleHandleExW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
InitializeCriticalSectionEx
FreeLibraryAndExitThread
FormatMessageW
GetLastError
DisableThreadLibraryCalls
CloseHandle
CreateThread
LocalFree
DeleteCriticalSection
SetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RaiseException
InterlockedFlushSList
RtlUnwind
SetLastError
TlsAlloc
TlsGetValue
DecodePointer
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
ExitProcess
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc

Exports

Exports

Finalize
Initialize
Reload
Update

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/PowerPlugin.dll
.dll windows:6 windows x86 arch:x86

28658fb492f9db33226fa3c32566a78d

Code Sign

33:12:24:c0:be:b8:7c:69:0d:91:d0:69:09:1e:97:e1:7c:a1:f1:cb
Certificate

Issuer

CN=Rainmeter Team Root Certificate,O=Rainmeter Team,L=Helsinki,ST=Uusimaa,C=FI,1.2.840.113549.1.9.1=#0c127465616d407261696e6d657465722e6e6574

Not Before

29/02/2024, 12:17

Not After

26/02/2034, 12:17

Subject

CN=Rainmeter Team

Extended Key Usages

ExtKeyUsageCodeSigning

80:d6:2b:05:92:c0:fe:e4:32:b8:c9:0c:bf:1c:e6:c1:81:10:0d:bb:b1:eb:3f:ae:40:5e:0b:dc:ed:78:d7:81
Signer

Actual PE Digest

80:d6:2b:05:92:c0:fe:e4:32:b8:c9:0c:bf:1c:e6:c1:81:10:0d:bb:b1:eb:3f:ae:40:5e:0b:dc:ed:78:d7:81

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\build\x32-Release\Obj\PluginPower\PowerPlugin.pdb

Imports

rainmeter

RmLogF
RmReadString

kernel32

HeapAlloc
WriteConsoleW
CloseHandle
GetSystemPowerStatus
GetLastError
GetSystemInfo
CreateFileW
RaiseException
VirtualProtect
VirtualQuery
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InterlockedFlushSList
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EncodePointer
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
DecodePointer
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx

Exports

Exports

Finalize
GetString
Initialize
Reload
Update

Sections

.text
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/QuotePlugin.dll
.dll windows:6 windows x86 arch:x86

57370f325ba7deef6021730c1c29c9dc

Code Sign

33:12:24:c0:be:b8:7c:69:0d:91:d0:69:09:1e:97:e1:7c:a1:f1:cb
Certificate

Issuer

CN=Rainmeter Team Root Certificate,O=Rainmeter Team,L=Helsinki,ST=Uusimaa,C=FI,1.2.840.113549.1.9.1=#0c127465616d407261696e6d657465722e6e6574

Not Before

29/02/2024, 12:17

Not After

26/02/2034, 12:17

Subject

CN=Rainmeter Team

Extended Key Usages

ExtKeyUsageCodeSigning

bc:de:1c:a7:b9:60:1a:5e:95:c1:11:3c:cd:9c:f0:dd:02:46:0a:38:16:bb:52:f4:2a:de:67:fe:34:3c:98:55
Signer

Actual PE Digest

bc:de:1c:a7:b9:60:1a:5e:95:c1:11:3c:cd:9c:f0:dd:02:46:0a:38:16:bb:52:f4:2a:de:67:fe:34:3c:98:55

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\build\x32-Release\Obj\PluginQuote\QuotePlugin.pdb

Imports

shlwapi

PathIsDirectoryW
PathMatchSpecW

rainmeter

RmReadFormula
RmPathToAbsolute
RmReadString

kernel32

LoadLibraryExW
DecodePointer
SetEndOfFile
HeapReAlloc
HeapSize
CreateFileW
MultiByteToWideChar
LCMapStringW
WideCharToMultiByte
FindFirstFileW
FindNextFileW
FindClose
GetConsoleOutputCP
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
WriteConsoleW
EncodePointer
ReadFile
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
GetStdHandle
GetFileType
SetFilePointerEx
GetConsoleMode
ReadConsoleW
CloseHandle
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStringTypeW
SetStdHandle
FlushFileBuffers
WriteFile

Exports

Exports

Finalize
GetString
Initialize
Reload
Update

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/ResMon.dll
.dll windows:6 windows x86 arch:x86

aabaed3bb862f8b1662f7e7aa1ed87ff

Code Sign

33:12:24:c0:be:b8:7c:69:0d:91:d0:69:09:1e:97:e1:7c:a1:f1:cb
Certificate

Issuer

CN=Rainmeter Team Root Certificate,O=Rainmeter Team,L=Helsinki,ST=Uusimaa,C=FI,1.2.840.113549.1.9.1=#0c127465616d407261696e6d657465722e6e6574

Not Before

29/02/2024, 12:17

Not After

26/02/2034, 12:17

Subject

CN=Rainmeter Team

Extended Key Usages

ExtKeyUsageCodeSigning

ed:38:dd:e1:6a:74:e2:04:1e:2a:0d:eb:7d:75:14:dd:0e:18:6a:c5:ca:9f:a6:7c:09:25:e8:a0:f2:e7:05:ad
Signer

Actual PE Digest

ed:38:dd:e1:6a:74:e2:04:1e:2a:0d:eb:7d:75:14:dd:0e:18:6a:c5:ca:9f:a6:7c:09:25:e8:a0:f2:e7:05:ad

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\build\x32-Release\Obj\PluginResMon\ResMon.pdb

Imports

psapi

EnumProcesses
GetModuleBaseNameW
EnumProcessModules

rainmeter

RmLogF
RmReadString

kernel32

GetModuleFileNameW
WriteConsoleW
CreateFileW
SetFilePointerEx
OpenProcess
CloseHandle
GetProcessHandleCount
GetConsoleMode
GetConsoleOutputCP
WriteFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RaiseException
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
ExitProcess
GetModuleHandleExW
DecodePointer
HeapFree
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers

user32

EnumChildWindows
GetGuiResources

Exports

Exports

Finalize
Initialize
Reload
Update

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/RunCommand.dll
.dll windows:6 windows x86 arch:x86

e7eef522e8f275c872f8fc2e4864d1aa

Code Sign

33:12:24:c0:be:b8:7c:69:0d:91:d0:69:09:1e:97:e1:7c:a1:f1:cb
Certificate

Issuer

CN=Rainmeter Team Root Certificate,O=Rainmeter Team,L=Helsinki,ST=Uusimaa,C=FI,1.2.840.113549.1.9.1=#0c127465616d407261696e6d657465722e6e6574

Not Before

29/02/2024, 12:17

Not After

26/02/2034, 12:17

Subject

CN=Rainmeter Team

Extended Key Usages

ExtKeyUsageCodeSigning

a7:57:92:6e:07:09:02:07:cb:e7:b4:1f:bb:3d:15:fe:02:29:6d:fe:3b:d2:12:e4:7d:97:f9:2b:18:33:d5:4f
Signer

Actual PE Digest

a7:57:92:6e:07:09:02:07:cb:e7:b4:1f:bb:3d:15:fe:02:29:6d:fe:3b:d2:12:e4:7d:97:f9:2b:18:33:d5:4f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\build\x32-Release\Obj\PluginRunCommand\RunCommand.pdb

Imports

rainmeter

RmExecute
RmReplaceVariables
RmLog
RmLogF
RmReadString
RmReadFormula
RmGet
RmPathToAbsolute

kernel32

IsProcessorFeaturePresent
WriteConsoleW
ReadConsoleW
SetEndOfFile
HeapReAlloc
HeapSize
GetConsoleMode
GetConsoleOutputCP
ReadFile
GetCurrentProcess
WriteFile
GetModuleHandleExW
TerminateProcess
CreatePipe
PeekNamedPipe
WaitForSingleObject
FreeLibraryAndExitThread
DuplicateHandle
DisableThreadLibraryCalls
CloseHandle
CreateProcessW
GetExitCodeProcess
FlushFileBuffers
SetStdHandle
CreateFileW
GetStringTypeW
GetProcessHeap
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetCurrentThreadId
QueryPerformanceCounter
WakeAllConditionVariable
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
CreateThread
ExitThread
ExitProcess
GetModuleFileNameW
HeapFree
HeapAlloc
GetStdHandle
GetFileType
GetFileSizeEx
SetFilePointerEx
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW

user32

PostMessageW
GetWindowThreadProcessId
EnumWindows

Exports

Exports

ExecuteBang
Finalize
GetString
Initialize
Reload
Update

Sections

.text
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/SpeedFanPlugin.dll
.dll windows:6 windows x86 arch:x86

d483aaee46df655d33c40104f3965356

Code Sign

33:12:24:c0:be:b8:7c:69:0d:91:d0:69:09:1e:97:e1:7c:a1:f1:cb
Certificate

Issuer

CN=Rainmeter Team Root Certificate,O=Rainmeter Team,L=Helsinki,ST=Uusimaa,C=FI,1.2.840.113549.1.9.1=#0c127465616d407261696e6d657465722e6e6574

Not Before

29/02/2024, 12:17

Not After

26/02/2034, 12:17

Subject

CN=Rainmeter Team

Extended Key Usages

ExtKeyUsageCodeSigning

f1:26:1b:52:c0:d4:4e:37:c4:eb:59:5c:64:0c:ac:5d:fd:5f:7d:af:2f:f1:18:56:93:42:06:8a:d7:b5:32:3b
Signer

Actual PE Digest

f1:26:1b:52:c0:d4:4e:37:c4:eb:59:5c:64:0c:ac:5d:fd:5f:7d:af:2f:f1:18:56:93:42:06:8a:d7:b5:32:3b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\build\x32-Release\Obj\PluginSpeedFan\SpeedFanPlugin.pdb

Imports

rainmeter

RmReadFormula
RmReadString
LSLog
RmGet

kernel32

HeapFree
CreateFileW
DecodePointer
OpenFileMappingW
UnmapViewOfFile
CloseHandle
MapViewOfFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RaiseException
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
WriteConsoleW
HeapAlloc
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStringTypeW
SetFilePointerEx
SetStdHandle
HeapSize
HeapReAlloc
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode

Exports

Exports

Finalize
Initialize
Reload
Update

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/UsageMonitor.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:12:24:c0:be:b8:7c:69:0d:91:d0:69:09:1e:97:e1:7c:a1:f1:cb
Certificate

Issuer

CN=Rainmeter Team Root Certificate,O=Rainmeter Team,L=Helsinki,ST=Uusimaa,C=FI,1.2.840.113549.1.9.1=#0c127465616d407261696e6d657465722e6e6574

Not Before

29/02/2024, 12:17

Not After

26/02/2034, 12:17

Subject

CN=Rainmeter Team

Extended Key Usages

ExtKeyUsageCodeSigning

4b:83:66:dc:f8:a1:30:c6:a6:a5:ee:78:bd:c6:cf:fc:43:63:e6:1b:61:25:fc:98:02:00:c7:eb:c4:11:68:d7
Signer

Actual PE Digest

4b:83:66:dc:f8:a1:30:c6:a6:a5:ee:78:bd:c6:cf:fc:43:63:e6:1b:61:25:fc:98:02:00:c7:eb:c4:11:68:d7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Exports

Exports

Finalize
GetString
Initialize
Reload
Update

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/Win7AudioPlugin.dll
.dll windows:6 windows x86 arch:x86

1e59eb2bbcc4adcdc2d2d27c472e6bad

Code Sign

33:12:24:c0:be:b8:7c:69:0d:91:d0:69:09:1e:97:e1:7c:a1:f1:cb
Certificate

Issuer

CN=Rainmeter Team Root Certificate,O=Rainmeter Team,L=Helsinki,ST=Uusimaa,C=FI,1.2.840.113549.1.9.1=#0c127465616d407261696e6d657465722e6e6574

Not Before

29/02/2024, 12:17

Not After

26/02/2034, 12:17

Subject

CN=Rainmeter Team

Extended Key Usages

ExtKeyUsageCodeSigning

6e:91:55:e7:04:d1:75:ee:3b:7f:d4:5e:4c:93:4a:61:5c:54:f6:b6:85:8b:f8:17:a5:da:22:55:e1:9a:0f:5b
Signer

Actual PE Digest

6e:91:55:e7:04:d1:75:ee:3b:7f:d4:5e:4c:93:4a:61:5c:54:f6:b6:85:8b:f8:17:a5:da:22:55:e1:9a:0f:5b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\build\x32-Release\Obj\PluginWin7Audio\Win7AudioPlugin.pdb

Imports

rainmeter

LSLog

ole32

CoUninitialize
PropVariantClear
CoInitialize
CoCreateInstance
CoTaskMemFree

kernel32

GetStdHandle
WriteConsoleW
CreateFileW
DecodePointer
CloseHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
GetConsoleOutputCP
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStringTypeW
SetStdHandle
SetFilePointerEx
HeapSize
HeapReAlloc
FlushFileBuffers
WriteFile
GetConsoleMode

Exports

Exports

ExecuteBang
Finalize
GetString
Initialize
Reload
Update

Sections

.text
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/WindowMessagePlugin.dll
.dll windows:6 windows x86 arch:x86

01d2fca22b52cf1a7c801c66c481b311

Code Sign

33:12:24:c0:be:b8:7c:69:0d:91:d0:69:09:1e:97:e1:7c:a1:f1:cb
Certificate

Issuer

CN=Rainmeter Team Root Certificate,O=Rainmeter Team,L=Helsinki,ST=Uusimaa,C=FI,1.2.840.113549.1.9.1=#0c127465616d407261696e6d657465722e6e6574

Not Before

29/02/2024, 12:17

Not After

26/02/2034, 12:17

Subject

CN=Rainmeter Team

Extended Key Usages

ExtKeyUsageCodeSigning

0d:18:b5:47:4f:70:82:ba:69:fb:9e:7c:ec:72:29:6c:ff:de:c9:a9:f8:06:6f:05:e1:2c:64:c4:71:22:e7:88
Signer

Actual PE Digest

0d:18:b5:47:4f:70:82:ba:69:fb:9e:7c:ec:72:29:6c:ff:de:c9:a9:f8:06:6f:05:e1:2c:64:c4:71:22:e7:88

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\build\x32-Release\Obj\PluginWindowMessage\WindowMessagePlugin.pdb

Imports

rainmeter

RmReadString
RmLog

user32

GetWindowTextW
FindWindowW
SendMessageW
PostMessageW

kernel32

GetStdHandle
DecodePointer
WriteConsoleW
CreateFileW
CloseHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RaiseException
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStringTypeW
SetStdHandle
HeapSize
HeapReAlloc
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx

Exports

Exports

ExecuteBang
Finalize
GetString
Initialize
Reload
Update

Sections

.text
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/iTunesPlugin.dll
.dll windows:6 windows x86 arch:x86

3b60a5debcab06429c526c817e684858

Code Sign

33:12:24:c0:be:b8:7c:69:0d:91:d0:69:09:1e:97:e1:7c:a1:f1:cb
Certificate

Issuer

CN=Rainmeter Team Root Certificate,O=Rainmeter Team,L=Helsinki,ST=Uusimaa,C=FI,1.2.840.113549.1.9.1=#0c127465616d407261696e6d657465722e6e6574

Not Before

29/02/2024, 12:17

Not After

26/02/2034, 12:17

Subject

CN=Rainmeter Team

Extended Key Usages

ExtKeyUsageCodeSigning

66:0b:8d:95:1e:fe:72:d0:e5:3f:81:0f:66:12:4c:5d:84:90:df:82:e3:d7:e9:7b:3d:4f:a8:a4:87:52:7a:1e
Signer

Actual PE Digest

66:0b:8d:95:1e:fe:72:d0:e5:3f:81:0f:66:12:4c:5d:84:90:df:82:e3:d7:e9:7b:3d:4f:a8:a4:87:52:7a:1e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\build\x32-Release\Obj\PluginiTunes\iTunesPlugin.pdb

Imports

rainmeter

LSLog
ReadConfigString

kernel32

HeapFree
CreateDirectoryW
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
WriteConsoleW
CreateFileW
HeapReAlloc
HeapSize
SetStdHandle
CloseHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
LocalFree
GetLastError
RaiseException
InterlockedFlushSList
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
QueryPerformanceFrequency
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
SetFilePointerEx
HeapAlloc
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStringTypeW
DecodePointer

user32

FindWindowW

ole32

OleRun
CoInitialize
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
LoadRegTypeLi

Exports

Exports

ExecuteBang
Finalize
GetPluginAuthor
GetPluginVersion
GetString
Initialize
Update

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rainmeter.VisualElementsManifest.xml
Rainmeter.dll
.dll windows:6 windows x86 arch:x86

4ad74fd547371fa4b6351c2947b44913

Code Sign

33:12:24:c0:be:b8:7c:69:0d:91:d0:69:09:1e:97:e1:7c:a1:f1:cb
Certificate

Issuer

CN=Rainmeter Team Root Certificate,O=Rainmeter Team,L=Helsinki,ST=Uusimaa,C=FI,1.2.840.113549.1.9.1=#0c127465616d407261696e6d657465722e6e6574

Not Before

29/02/2024, 12:17

Not After

26/02/2034, 12:17

Subject

CN=Rainmeter Team

Extended Key Usages

ExtKeyUsageCodeSigning

08:59:0b:41:ff:67:fc:d9:ae:ba:0c:af:ce:8a:a7:c5:77:3f:0f:5e:cb:64:5b:5e:a4:5f:ad:7a:58:58:f2:e3
Signer

Actual PE Digest

08:59:0b:41:ff:67:fc:d9:ae:ba:0c:af:ce:8a:a7:c5:77:3f:0f:5e:cb:64:5b:5e:a4:5f:ad:7a:58:58:f2:e3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\build\x32-Release\Obj\Library\Rainmeter.pdb

Imports

wintrust

WinVerifyTrust

comctl32

ord17
ord410
ord413
ord412
ImageList_Create
ImageList_ReplaceIcon
ImageList_Destroy

wininet

InternetOpenW
InternetCrackUrlW
InternetOpenUrlW
InternetReadFile
InternetGetLastResponseInfoW
DeleteUrlCacheEntryW
InternetCloseHandle

uxtheme

SetWindowTheme
EnableThemeDialogTexture

gdiplus

GdipFree
GdipDrawImageRectRectI
GdipGetImageHeight
GdipGetImageWidth
GdipCreateHICONFromBitmap
GdipFillPolygonI
GdiplusStartup
GdipDeleteBrush
GdipCreateSolidFill
GdipSetSmoothingMode
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipSaveImageToFile
GdipDisposeImage
GdipFillRectangleI
GdipCloneImage
GdipAlloc
GdipCreateBitmapFromFile
GdiplusShutdown

powrprof

CallNtPowerInformation

netapi32

NetApiBufferFree
NetWkstaGetInfo

ntdll

RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlUnwind
VerSetConditionMask

shlwapi

AssocQueryStringW
PathCreateFromUrlW
PathRemoveFileSpecW
PathCanonicalizeW
PathIsDirectoryW
PathFileExistsW
PathRemoveExtensionW
PathSetDlgItemPathW
PathAddBackslashW
PathFindFileNameW
PathFindExtensionW

d2d1

ord1
ord2
ord3

rpcrt4

UuidToStringW
RpcStringFreeW

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

kernel32

EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
CompareStringW
ReadConsoleW
GetConsoleMode
GetFileType
IsValidCodePage
GetACP
GetOEMCP
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
LCMapStringEx
DecodePointer
ExitThread
GetFileAttributesExW
TlsFree
GetFileAttributesW
WritePrivateProfileStringW
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
GetCurrentThreadId
GetModuleHandleW
FindFirstFileW
GetProcAddress
FreeLibrary
FindNextFileW
FindClose
GetLocaleInfoW
GetUserDefaultUILanguage
GetPrivateProfileIntW
ReleaseMutex
CreateFileW
WriteFile
CloseHandle
MultiByteToWideChar
GetTempPathW
GetTempFileNameW
DeleteFileW
GetPrivateProfileStringW
CreateDirectoryW
RemoveDirectoryW
WaitForSingleObject
WritePrivateProfileSectionW
GetLastError
GetVersionExW
LoadLibraryExW
MoveFileW
ReadFile
FindFirstFileExW
DeleteCriticalSection
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetSystemTimes
GetSystemInfo
GetDriveTypeW
HeapReAlloc
GetVolumeInformationW
GlobalMemoryStatusEx
GetModuleFileNameW
GetLongPathNameW
SetDllDirectoryW
FlushFileBuffers
FileTimeToLocalFileTime
GetTimeZoneInformation
GetNativeSystemInfo
GetTickCount64
GetComputerNameW
GetCurrentProcess
LocalFree
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTime
GetSystemTimeAsFileTime
GetTimeFormatW
GetDateFormatW
GetLocalTime
FormatMessageW
TerminateThread
GetShortPathNameW
UnmapViewOfFile
OpenFileMappingW
MapViewOfFile
GetSystemWow64DirectoryW
OpenProcess
TerminateProcess
ReadProcessMemory
LoadLibraryW
VerifyVersionInfoW
CreateMutexW
BeginUpdateResourceW
FindResourceW
SizeofResource
LoadResource
LockResource
UpdateResourceW
EndUpdateResourceW
SetFileAttributesW
GetFileSizeEx
SetFilePointerEx
SetEndOfFile
LocalAlloc
GetExitCodeProcess
GetCurrentDirectoryW
SetLastError
Sleep
SetCurrentDirectoryW
InitializeCriticalSectionEx
InitializeCriticalSectionAndSpinCount
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
HeapFree
GetProcessHeap
HeapAlloc
GetConsoleOutputCP
EncodePointer
GetLocaleInfoEx
QueryPerformanceFrequency
QueryPerformanceCounter
GetStringTypeW
CreateFileA
GetModuleHandleA
SetFilePointer
GetFileTime
GetFileSize
GetUserDefaultLocaleName
CreateFileMappingW
LCMapStringW
WideCharToMultiByte
ExpandEnvironmentStringsW
LoadLibraryExA
VirtualQuery
VirtualProtect
CreateProcessW
RaiseException
MoveFileExW
GetCommandLineA
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCommandLineW
GetEnvironmentStringsW
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
InterlockedFlushSList
TlsAlloc
TlsGetValue
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
HeapSize
WriteConsoleW
CompareStringEx
GetCPInfo
ReleaseSRWLockExclusive
CreateThread
GetDiskFreeSpaceExW
AcquireSRWLockExclusive
TlsSetValue

user32

IsWindowVisible
GetAncestor
SetCursor
GetParent
GetRawInputData
SetWinEventHook
UnhookWinEvent
GetMonitorInfoW
EnumDisplayDevicesW
EnumDisplaySettingsW
MonitorFromPoint
EnumDisplayMonitors
GetShellWindow
GetClassNameW
EnumWindows
GetMessagePos
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
RegisterWindowMessageW
CopyIcon
LoadStringW
ScreenToClient
GetDlgCtrlID
GetFocus
InvalidateRect
TrackMouseEvent
ShowScrollBar
GetWindowLongW
SendDlgItemMessageW
CreateWindowExW
LoadMenuW
MessageBoxW
MoveWindow
MapWindowPoints
GetWindowRect
EndDialog
DialogBoxParamW
FindWindowW
SetWindowTextW
SetWindowLongW
GetWindowTextLengthW
MonitorFromRect
GetWindowTextW
LoadImageW
SetWindowPlacement
SetWindowPos
ShowWindow
GetWindow
RegisterRawInputDevices
RegisterClassExW
SendMessageTimeoutW
DispatchMessageW
TranslateMessage
GetMessageW
PostQuitMessage
FindWindowExW
DefWindowProcW
UnregisterClassW
RegisterClassW
GetWindowPlacement
GetDlgItem
BringWindowToTop
EnableWindow
DestroyWindow
CreateDialogParamW
ReleaseDC
DrawFrameControl
IsWindowEnabled
GetDC
FlashWindow
GetClientRect
SendMessageW
EnumChildWindows
SystemParametersInfoW
SetMenuItemInfoW
GetMenuItemInfoW
AppendMenuW
GetMenuStringW
ModifyMenuW
CheckMenuRadioItem
TrackPopupMenu
SetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
CreatePopupMenu
GetSubMenu
CheckMenuItem
EnableMenuItem
SetMenuDefaultItem
InsertMenuW
DeleteMenu
GetMenuItemCount
DestroyMenu
WindowFromPoint
GetCursorPos
PostMessageW
IsWindow
DestroyCursor
LoadCursorW
UpdateLayeredWindow
LoadCursorFromFileW
DestroyIcon
LoadIconW
IntersectRect
GetLastInputInfo
GetSystemMetrics
SendInput
GetMessageExtraInfo
KillTimer
GetKeyState
SetTimer
GetSysColor
SetFocus
CreateDialogIndirectParamW
IsDialogMessageW
MapDialogRect
GetMenuState

gdi32

CreateSolidBrush
GetPixel
CreateRectRgn
DeleteObject
CreateFontIndirectW
GetObjectW
CombineRgn
CreateEllipticRgn
CreateRoundRectRgn

comdlg32

GetOpenFileNameW

advapi32

RegQueryInfoKeyW
RegCloseKey
RegEnumValueW
RegQueryValueExW
RegOpenKeyW
GetUserNameW
OpenProcessToken
GetTokenInformation
IsValidSid
ConvertSidToStringSidW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFolderPathW
SHFileOperationW
SHQueryRecycleBinW
SHEmptyRecycleBinW
Shell_NotifyIconW
ShellExecuteExW
SHQueryUserNotificationState
ShellExecuteW
Shell_NotifyIconGetRect

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize
StringFromGUID2
CoTaskMemFree
CoCreateGuid
CoInitialize

oleaut32

SysFreeString
SysAllocString

d3d11

D3D11CreateDevice

dwrite

DWriteCreateFactory

Exports

Exports

LSLog
PluginBridge
ReadConfigString
RmExecute
RmGet
RmLog
RmLogF
RmPathToAbsolute
RmReadFormula
RmReadString
RmReplaceVariables

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rainmeter.exe
.exe windows:6 windows x86 arch:x86

4e334e7d9f9b29226c17f51b28e8ceb8

Code Sign

33:12:24:c0:be:b8:7c:69:0d:91:d0:69:09:1e:97:e1:7c:a1:f1:cb
Certificate

Issuer

CN=Rainmeter Team Root Certificate,O=Rainmeter Team,L=Helsinki,ST=Uusimaa,C=FI,1.2.840.113549.1.9.1=#0c127465616d407261696e6d657465722e6e6574

Not Before

29/02/2024, 12:17

Not After

26/02/2034, 12:17

Subject

CN=Rainmeter Team

Extended Key Usages

ExtKeyUsageCodeSigning

b2:45:03:36:7a:46:6f:ca:41:be:11:9b:e8:7f:6a:37:5f:80:db:68:4e:99:bb:55:8c:99:5c:3e:64:b7:a1:b4
Signer

Actual PE Digest

b2:45:03:36:7a:46:6f:ca:41:be:11:9b:e8:7f:6a:37:5f:80:db:68:4e:99:bb:55:8c:99:5c:3e:64:b7:a1:b4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\build\x32-Release\Obj\Application\Rainmeter.pdb

Imports

shlwapi

PathFindFileNameW

kernel32

SetErrorMode
GetLastError
lstrcatW
GetModuleFileNameW
FindResourceW
SetCurrentDirectoryW
GetProcAddress
GetCommandLineW
lstrcmpiW
LoadLibraryW
ExitProcess

user32

wsprintfW
MessageBoxW

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

ShellExecuteW

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 452KB - Virtual size: 451KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rainmeter.exe.config
.xml
RestartRainmeter.exe
.exe windows:6 windows x86 arch:x86

57d82a4bdac8c9f7729a1f07acfc3aa0

Code Sign

33:12:24:c0:be:b8:7c:69:0d:91:d0:69:09:1e:97:e1:7c:a1:f1:cb
Certificate

Issuer

CN=Rainmeter Team Root Certificate,O=Rainmeter Team,L=Helsinki,ST=Uusimaa,C=FI,1.2.840.113549.1.9.1=#0c127465616d407261696e6d657465722e6e6574

Not Before

29/02/2024, 12:17

Not After

26/02/2034, 12:17

Subject

CN=Rainmeter Team

Extended Key Usages

ExtKeyUsageCodeSigning

d4:58:43:55:ec:f5:20:06:8f:d8:a7:e4:b0:48:2f:67:25:79:11:cf:2e:4f:1a:a9:4e:ee:07:cc:4f:68:e0:81
Signer

Actual PE Digest

d4:58:43:55:ec:f5:20:06:8f:d8:a7:e4:b0:48:2f:67:25:79:11:cf:2e:4f:1a:a9:4e:ee:07:cc:4f:68:e0:81

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\build\x32-Release\Obj\RestartRainmeter\RestartRainmeter.pdb

Imports

kernel32

SetErrorMode
CreateMutexW
ReleaseMutex
CreateToolhelp32Snapshot
GetLastError
Process32NextW
Process32FirstW
CloseHandle
WriteConsoleW
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
HeapSize
GetProcessHeap
LCMapStringW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
DecodePointer

user32

PostQuitMessage
KillTimer
GetMessageW
DefWindowProcW
PostMessageW
CreateWindowExW
UnregisterClassW
RegisterClassExW
DispatchMessageW
SetTimer
TranslateMessage
FindWindowW

shell32

ShellExecuteExW
ShellExecuteW

ole32

CoInitializeEx
CoUninitialize

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SkinInstaller.exe
.exe windows:6 windows x86 arch:x86

d1c635d2dd9d0f09293048819fd6e737

Code Sign

33:12:24:c0:be:b8:7c:69:0d:91:d0:69:09:1e:97:e1:7c:a1:f1:cb
Certificate

Issuer

CN=Rainmeter Team Root Certificate,O=Rainmeter Team,L=Helsinki,ST=Uusimaa,C=FI,1.2.840.113549.1.9.1=#0c127465616d407261696e6d657465722e6e6574

Not Before

29/02/2024, 12:17

Not After

26/02/2034, 12:17

Subject

CN=Rainmeter Team

Extended Key Usages

ExtKeyUsageCodeSigning

52:b9:0e:a7:c9:9b:79:13:2b:d9:03:6c:0d:f2:e5:eb:f3:d9:8c:9d:86:59:8d:e3:ea:d5:39:36:60:71:4b:0f
Signer

Actual PE Digest

52:b9:0e:a7:c9:9b:79:13:2b:d9:03:6c:0d:f2:e5:eb:f3:d9:8c:9d:86:59:8d:e3:ea:d5:39:36:60:71:4b:0f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\build\x32-Release\Obj\SkinInstallerLauncher\SkinInstaller.pdb

Imports

kernel32

SetErrorMode
ExitProcess
GetCommandLineW

rainmeter

ord8

Sections

.text
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 450KB - Virtual size: 450KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VisualElements/Rainmeter_176.png
.png
VisualElements/Rainmeter_600.png
.png

Sharing

General

Malware Config

Signatures

Files

61259b55b8912888e90f516ca08dc514

Code Sign

76:53:fe:ac:75:46:48:93:f5:e5:d7:4a:48:3a:4e:f8Certificate

Key Usages

81:4e:42:17:a1:29:7f:ed:5a:cc:d4:17:f8:91:ad:75Certificate

Extended Key Usages

Key Usages

31:20:f0:02:b4:8f:69:82:06:46:ba:0cCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

6b:35:79:e7:ac:2a:0c:a9:42:07:12:22:31:00:32:ba:d8:1e:6e:d3:ac:f7:64:bb:f1:85:ff:1d:56:3d:17:ddSigner

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 128KB

.ndata Size: - Virtual size: 140KB

.rsrc Size: 35KB - Virtual size: 34KB

3e8d18bb71c7ebbda2ddc2a4bb03547b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 681B

.data Size: 512B - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 352B

149adf074d317fbf0d2f17314bd18969

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

version

kernel32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: - Virtual size: 44B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 188B

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

76:53:fe:ac:75:46:48:93:f5:e5:d7:4a:48:3a:4e:f8
Certificate

81:4e:42:17:a1:29:7f:ed:5a:cc:d4:17:f8:91:ad:75
Certificate

31:20:f0:02:b4:8f:69:82:06:46:ba:0c
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

6b:35:79:e7:ac:2a:0c:a9:42:07:12:22:31:00:32:ba:d8:1e:6e:d3:ac:f7:64:bb:f1:85:ff:1d:56:3d:17:dd
Signer

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 128KB

.ndata
Size: - Virtual size: 140KB

.rsrc
Size: 35KB - Virtual size: 34KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 681B

.data
Size: 512B - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 352B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 44B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 188B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 662B

.text
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 100B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 1024B - Virtual size: 714B

.rdata
Size: 1024B - Virtual size: 705B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 512B - Virtual size: 240B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 638B

33:12:24:c0:be:b8:7c:69:0d:91:d0:69:09:1e:97:e1:7c:a1:f1:cb
Certificate

51:a7:4b:b7:f7:eb:10:31:fc:4d:90:71:b5:37:f0:06:74:9a:54:52:92:bb:37:42:a9:79:6d:7d:2e:5d:60:80
Signer