SoftLoader 4[.]08[.]2024[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

SoftLoader 4.08.2024.rar
Size

39.1MB
MD5

d5b233975201ce85a389131daf6e620f
SHA1

9b06b3cafb567e617a24f7aeb2072fff8f621d39
SHA256

e9051847fb5feac275b94c316305cb78ae5eca22d954406608a3df0eacb4e80e
SHA512

7414c8de3edd375c595315fa174a20ce38755ffe168a496bd4c72edd0bf833c4114cb61f23fbdbbb1a15522e320a13a7b8b0cf2d7cef89e2347af077bea59cb2
SSDEEP

786432:Zs+mkM9NwTNl8S+Meqpm+2fd3N/mhi3Zdsi:/G6Nu2Ppmloi3ZZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SoftCheats Loader.exe
unpack001/VMProtectSDK64.dll

Files

SoftLoader 4.08.2024.rar
.rar

Password: soft
Beni oku.txt
Read Me.txt
SoftCheats Loader.exe
.exe windows:6 windows x64 arch:x64

Password: soft

1c96f2efe71023f5ad261708250613e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Patso\source\repos\miner vmpsiz\x64\Release\s2s.pdb

Imports

kernel32

GetCurrentProcessId
VerSetConditionMask
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
WriteConsoleW
HeapSize
GetProcessHeap
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExA
MultiByteToWideChar
GetTickCount
QueryPerformanceCounter
LoadLibraryA
FreeLibrary
GetSystemDirectoryA
FormatMessageW
SleepEx
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetExitCodeProcess
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
WideCharToMultiByte
GetFullPathNameW
GetCurrentDirectoryW
SetEndOfFile
SetStdHandle
FlushFileBuffers
HeapReAlloc
CreatePipe
GetFileAttributesExW
EnumSystemLocalesW
QueryPerformanceFrequency
SetLastError
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapFree
HeapAlloc
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetCommandLineW
GetCommandLineA
GetModuleFileNameW
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
CreateThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
CreateProcessW
DuplicateHandle
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetSystemTimeAsFileTime
RtlUnwind
GetCurrentThreadId
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
GetProcAddress
GetLocalTime
CloseHandle
Process32Next
DeleteFileW
GetLastError
Sleep
CreateToolhelp32Snapshot
GetModuleHandleA
CreateFileW
WaitForSingleObject
WriteFile
GetStdHandle
SetConsoleTextAttribute
GetTimeZoneInformation
Process32First
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
CompareStringEx
GetStringTypeW
LCMapStringEx
GetLocaleInfoEx
LocalFree
DecodePointer
EncodePointer

user32

GetSystemMetrics
MessageBoxA

gdi32

CreateCompatibleBitmap
DeleteDC
CreateCompatibleDC
BitBlt
CreateDCA
SelectObject

advapi32

OpenServiceA
OpenSCManagerA
CloseServiceHandle
QueryServiceStatus
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
GetUserNameW

shell32

ShellExecuteW

ole32

CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

VariantClear
SysFreeString
VariantInit
SysAllocString

d3d9

Direct3DCreate9

gdiplus

GdipGetImageEncodersSize
GdipSaveImageToFile
GdipDisposeImage
GdiplusStartup
GdipFree
GdipAlloc
GdipCloneImage
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP

dxgi

CreateDXGIFactory

bcrypt

BCryptGenRandom

ws2_32

getpeername
connect
bind
recv
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
getsockname
getsockopt
htons
setsockopt
socket
WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
__WSAFDIsSet
select
accept
htonl
listen
getaddrinfo
freeaddrinfo
recvfrom
ioctlsocket
gethostname
ntohs
sendto

normaliz

IdnToAscii

crypt32

CertFreeCertificateChain
CertEnumCertificatesInStore
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertOpenStore

wldap32

ord27
ord26
ord22
ord143
ord32
ord33
ord35
ord79
ord217
ord46
ord211
ord60
ord45
ord50
ord30
ord301
ord200
ord41

Sections

.text
Size: 853KB - Virtual size: 852KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.2MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VMProtectSDK64.dll
.dll windows:5 windows x64 arch:x64

Password: soft

1851ff453adce0cef5274e320d5bed3c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

IsDebuggerPresent
GetLocalTime
GetTickCount
GetModuleFileNameW
GetPrivateProfileStringW
MultiByteToWideChar
WideCharToMultiByte
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
HeapFree
HeapAlloc
GetStringTypeW
GetACP
GetStdHandle
GetFileType
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
HeapSize
HeapReAlloc
GetConsoleMode
FlushFileBuffers
WriteFile
GetConsoleCP
SetFilePointerEx
CloseHandle
WriteConsoleW
CreateFileW
RaiseException

Exports

Exports

VMProtectActivateLicense
VMProtectBegin
VMProtectBeginMutation
VMProtectBeginUltra
VMProtectBeginUltraLockByKey
VMProtectBeginVirtualization
VMProtectBeginVirtualizationLockByKey
VMProtectDeactivateLicense
VMProtectDecryptStringA
VMProtectDecryptStringW
VMProtectEnd
VMProtectFreeString
VMProtectGetCurrentHWID
VMProtectGetOfflineActivationString
VMProtectGetOfflineDeactivationString
VMProtectGetSerialNumberData
VMProtectGetSerialNumberState
VMProtectIsDebuggerPresent
VMProtectIsProtected
VMProtectIsValidImageCRC
VMProtectIsVirtualMachinePresent
VMProtectSetSerialNumber

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/api-ms-win-core-console-l1-1-0.dll
.dll windows:10 windows x86 arch:x86

Password: soft

Code Sign

33:00:00:00:8b:4c:06:71:0c:20:2c:df:3b:00:00:00:00:00:8b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:728D-C45F-F9EB,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:e4:c9:61:9c:84:5c:b4:62:6a:0e:25:2c:db:a7:f8:ca:50:eb:ad:d5:c9:8f:e2:34:e9:25:72:67:6c:a2:d3
Signer

Actual PE Digest

54:e4:c9:61:9c:84:5c:b4:62:6a:0e:25:2c:db:a7:f8:ca:50:eb:ad:d5:c9:8f:e2:34:e9:25:72:67:6c:a2:d3

Digest Algorithm

sha256

PE Digest Matches

true

9e:4d:cb:b3:85:ee:4a:a9:0d:81:b3:9c:a8:49:fd:92:a3:3a:2a:11
Signer

Actual PE Digest

9e:4d:cb:b3:85:ee:4a:a9:0d:81:b3:9c:a8:49:fd:92:a3:3a:2a:11

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-console-l1-1-0.pdb

Exports

Exports

AllocConsole
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetNumberOfConsoleInputEvents
PeekConsoleInputA
ReadConsoleA
ReadConsoleInputA
ReadConsoleInputW
ReadConsoleW
SetConsoleCtrlHandler
SetConsoleMode
WriteConsoleA
WriteConsoleW

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-core-datetime-l1-1-0.dll
.dll windows:10 windows x86 arch:x86

Password: soft

Code Sign

33:00:00:00:8b:4c:06:71:0c:20:2c:df:3b:00:00:00:00:00:8b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:728D-C45F-F9EB,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

93:9d:1c:fb:5b:32:f9:be:d8:42:dc:25:a6:5d:64:62:62:ad:2f:57:7f:d5:53:ca:1c:97:be:b4:2d:73:10:db
Signer

Actual PE Digest

93:9d:1c:fb:5b:32:f9:be:d8:42:dc:25:a6:5d:64:62:62:ad:2f:57:7f:d5:53:ca:1c:97:be:b4:2d:73:10:db

Digest Algorithm

sha256

PE Digest Matches

true

ba:cc:fd:99:68:c3:e4:fd:b5:1d:1f:9a:da:d5:f7:2c:64:bf:36:ec
Signer

Actual PE Digest

ba:cc:fd:99:68:c3:e4:fd:b5:1d:1f:9a:da:d5:f7:2c:64:bf:36:ec

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-datetime-l1-1-0.pdb

Exports

Exports

GetDateFormatA
GetDateFormatW
GetTimeFormatA
GetTimeFormatW

Sections

.text
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-core-debug-l1-1-0.dll
.dll windows:10 windows x86 arch:x86

Password: soft

Code Sign

33:00:00:00:8c:ff:f2:e5:18:1e:16:21:22:00:00:00:00:00:8c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:5847-F761-4F70,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

be:1a:42:9c:e7:75:10:38:7e:63:dc:a8:91:40:08:23:10:62:8d:c3:8a:58:0e:42:ad:7f:25:51:2f:0c:11:89
Signer

Actual PE Digest

be:1a:42:9c:e7:75:10:38:7e:63:dc:a8:91:40:08:23:10:62:8d:c3:8a:58:0e:42:ad:7f:25:51:2f:0c:11:89

Digest Algorithm

sha256

PE Digest Matches

true

20:0c:44:dd:ab:64:b5:78:36:1f:ad:7d:69:a9:62:0c:26:fb:d8:b8
Signer

Actual PE Digest

20:0c:44:dd:ab:64:b5:78:36:1f:ad:7d:69:a9:62:0c:26:fb:d8:b8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-debug-l1-1-0.pdb

Exports

Exports

DebugBreak
IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW

Sections

.text
Size: 1024B - Virtual size: 555B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-core-errorhandling-l1-1-0.dll
.dll windows:10 windows x86 arch:x86

Password: soft

Code Sign

33:00:00:00:90:3e:83:56:9d:f3:ba:ae:e8:00:00:00:00:00:90
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1b:c9:cd:95:1f:6e:9c:fe:fd:05:1f:27:9f:fb:a9:42:bd:6e:01:79:0c:c7:c3:78:95:bc:f1:21:db:f2:92
Signer

Actual PE Digest

3d:1b:c9:cd:95:1f:6e:9c:fe:fd:05:1f:27:9f:fb:a9:42:bd:6e:01:79:0c:c7:c3:78:95:bc:f1:21:db:f2:92

Digest Algorithm

sha256

PE Digest Matches

true

21:85:64:01:40:33:a3:34:19:6d:ee:0e:b1:db:90:8f:d3:e5:a2:ac
Signer

Actual PE Digest

21:85:64:01:40:33:a3:34:19:6d:ee:0e:b1:db:90:8f:d3:e5:a2:ac

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-errorhandling-l1-1-0.pdb

Exports

Exports

GetErrorMode
GetLastError
RaiseException
SetErrorMode
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

Sections

.text
Size: 1024B - Virtual size: 726B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-core-file-l1-1-0.dll
.dll windows:10 windows x86 arch:x86

Password: soft

Code Sign

33:00:00:00:8c:ff:f2:e5:18:1e:16:21:22:00:00:00:00:00:8c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:5847-F761-4F70,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

40:13:91:54:94:1d:89:44:10:e7:7c:94:6b:4d:c3:ea:09:71:1c:f8:b4:8a:a0:f8:01:a4:aa:cb:57:89:1b:6c
Signer

Actual PE Digest

40:13:91:54:94:1d:89:44:10:e7:7c:94:6b:4d:c3:ea:09:71:1c:f8:b4:8a:a0:f8:01:a4:aa:cb:57:89:1b:6c

Digest Algorithm

sha256

PE Digest Matches

true

f7:37:10:b3:db:85:0c:1b:92:3e:c4:af:ca:c0:64:e8:1d:00:42:c0
Signer

Actual PE Digest

f7:37:10:b3:db:85:0c:1b:92:3e:c4:af:ca:c0:64:e8:1d:00:42:c0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-file-l1-1-0.pdb

Exports

Exports

CompareFileTime
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DefineDosDeviceW
DeleteFileA
DeleteFileW
DeleteVolumeMountPointW
FileTimeToLocalFileTime
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationA
FindFirstChangeNotificationW
FindFirstFileA
FindFirstFileExA
FindFirstFileExW
FindFirstFileW
FindFirstVolumeW
FindNextChangeNotification
FindNextFileA
FindNextFileW
FindNextVolumeW
FindVolumeClose
FlushFileBuffers
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDriveTypeA
GetDriveTypeW
GetFileAttributesA
GetFileAttributesExA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileSize
GetFileSizeEx
GetFileTime
GetFileType
GetFinalPathNameByHandleA
GetFinalPathNameByHandleW
GetFullPathNameA
GetFullPathNameW
GetLogicalDriveStringsW
GetLogicalDrives
GetLongPathNameA
GetLongPathNameW
GetShortPathNameW
GetTempFileNameW
GetVolumeInformationByHandleW
GetVolumeInformationW
GetVolumePathNameW
LocalFileTimeToFileTime
LockFile
LockFileEx
QueryDosDeviceW
ReadFile
ReadFileEx
ReadFileScatter
RemoveDirectoryA
RemoveDirectoryW
SetEndOfFile
SetFileAttributesA
SetFileAttributesW
SetFileInformationByHandle
SetFilePointer
SetFilePointerEx
SetFileTime
SetFileValidData
UnlockFile
UnlockFileEx
WriteFile
WriteFileEx
WriteFileGather

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-core-file-l1-2-0.dll
.dll windows:10 windows x86 arch:x86

Password: soft

Code Sign

33:00:00:00:8e:a8:19:d7:3f:36:8b:7a:40:00:00:00:00:00:8e
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:5a:7b:dd:12:e5:39:e1:9b:cb:20:80:be:bf:d9:01:44:8a:18:4e:02:0d:73:3e:84:9f:ce:2d:10:b5:9c:a9
Signer

Actual PE Digest

18:5a:7b:dd:12:e5:39:e1:9b:cb:20:80:be:bf:d9:01:44:8a:18:4e:02:0d:73:3e:84:9f:ce:2d:10:b5:9c:a9

Digest Algorithm

sha256

PE Digest Matches

true

8d:2e:75:1f:9d:1c:cc:37:0a:61:49:77:08:2c:9b:3c:f3:4e:36:59
Signer

Actual PE Digest

8d:2e:75:1f:9d:1c:cc:37:0a:61:49:77:08:2c:9b:3c:f3:4e:36:59

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-file-l1-2-0.pdb

Exports

Exports

CreateFile2
GetTempPathW
GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW

Sections

.text
Size: 1024B - Virtual size: 604B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-core-file-l2-1-0.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:88:15:52:51:cf:17:37:7b:55:00:00:00:00:00:88
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7AFA-E41C-E142,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6d:60:f4:ce:bd:64:15:62:f0:d7:bc:5e:c0:8d:43:87:dd:79:0e:ad:c8:64:ba:63:42:86:d6:ac:14:a5:5d:11
Signer

Actual PE Digest

6d:60:f4:ce:bd:64:15:62:f0:d7:bc:5e:c0:8d:43:87:dd:79:0e:ad:c8:64:ba:63:42:86:d6:ac:14:a5:5d:11

Digest Algorithm

sha256

PE Digest Matches

true

b1:97:e0:bf:b1:d3:4e:fc:66:dd:8c:a2:a9:5b:39:4b:9b:4f:04:1e
Signer

Actual PE Digest

b1:97:e0:bf:b1:d3:4e:fc:66:dd:8c:a2:a9:5b:39:4b:9b:4f:04:1e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-file-l2-1-0.pdb

Exports

Exports

CopyFile2
CopyFileExW
CreateDirectoryExW
CreateHardLinkW
CreateSymbolicLinkW
GetFileInformationByHandleEx
MoveFileExW
MoveFileWithProgressW
ReOpenFile
ReadDirectoryChangesW
ReplaceFileW

Sections

.text
Size: 1024B - Virtual size: 925B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-core-handle-l1-1-0.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:8b:4c:06:71:0c:20:2c:df:3b:00:00:00:00:00:8b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:728D-C45F-F9EB,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:92:30:28:f3:e6:e8:3f:7f:3d:5d:00:eb:77:d9:f7:d8:38:c2:aa:f1:28:2e:85:63:dd:09:2c:93:b5:1d:4b
Signer

Actual PE Digest

54:92:30:28:f3:e6:e8:3f:7f:3d:5d:00:eb:77:d9:f7:d8:38:c2:aa:f1:28:2e:85:63:dd:09:2c:93:b5:1d:4b

Digest Algorithm

sha256

PE Digest Matches

true

f3:82:25:2b:3f:51:9a:42:94:a6:75:78:87:b5:c6:e2:c9:05:2d:57
Signer

Actual PE Digest

f3:82:25:2b:3f:51:9a:42:94:a6:75:78:87:b5:c6:e2:c9:05:2d:57

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-handle-l1-1-0.pdb

Exports

Exports

CloseHandle
CompareObjectHandles
DuplicateHandle
GetHandleInformation
SetHandleInformation

Sections

.text
Size: 1024B - Virtual size: 623B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-core-heap-l1-1-0.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:88:15:52:51:cf:17:37:7b:55:00:00:00:00:00:88
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7AFA-E41C-E142,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8f:c5:29:c5:10:a4:4e:5d:35:ac:3e:78:99:07:05:2c:a3:ed:ea:50:55:55:21:99:80:3e:04:b9:87:e5:87:7c
Signer

Actual PE Digest

8f:c5:29:c5:10:a4:4e:5d:35:ac:3e:78:99:07:05:2c:a3:ed:ea:50:55:55:21:99:80:3e:04:b9:87:e5:87:7c

Digest Algorithm

sha256

PE Digest Matches

true

9a:fe:da:53:23:73:c7:d3:55:60:e5:dc:27:5e:39:93:df:87:2d:39
Signer

Actual PE Digest

9a:fe:da:53:23:73:c7:d3:55:60:e5:dc:27:5e:39:93:df:87:2d:39

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-heap-l1-1-0.pdb

Exports

Exports

GetProcessHeap
GetProcessHeaps
HeapAlloc
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapLock
HeapQueryInformation
HeapReAlloc
HeapSetInformation
HeapSize
HeapSummary
HeapUnlock
HeapValidate
HeapWalk

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-core-interlocked-l1-1-0.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:88:15:52:51:cf:17:37:7b:55:00:00:00:00:00:88
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7AFA-E41C-E142,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

68:83:96:0a:c9:f4:1e:8d:3d:ec:34:0f:20:2d:a2:ab:d9:49:6d:b8:1a:05:70:71:93:38:f3:05:86:79:d4:16
Signer

Actual PE Digest

68:83:96:0a:c9:f4:1e:8d:3d:ec:34:0f:20:2d:a2:ab:d9:49:6d:b8:1a:05:70:71:93:38:f3:05:86:79:d4:16

Digest Algorithm

sha256

PE Digest Matches

true

45:2d:16:f4:67:9e:fd:24:d3:c8:8c:3c:26:30:95:1d:9c:1b:a3:8b
Signer

Actual PE Digest

45:2d:16:f4:67:9e:fd:24:d3:c8:8c:3c:26:30:95:1d:9c:1b:a3:8b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-interlocked-l1-1-0.pdb

Exports

Exports

InitializeSListHead
InterlockedCompareExchange
InterlockedCompareExchange64
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedFlushSList
InterlockedIncrement
InterlockedPopEntrySList
InterlockedPushEntrySList
QueryDepthSList

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-core-libraryloader-l1-1-0.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:90:3e:83:56:9d:f3:ba:ae:e8:00:00:00:00:00:90
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

21:82:fc:88:87:31:67:3f:e1:5f:25:e1:eb:84:c3:05:74:75:f3:1f:c6:6c:16:d6:76:b9:cb:51:13:53:e1:3d
Signer

Actual PE Digest

21:82:fc:88:87:31:67:3f:e1:5f:25:e1:eb:84:c3:05:74:75:f3:1f:c6:6c:16:d6:76:b9:cb:51:13:53:e1:3d

Digest Algorithm

sha256

PE Digest Matches

true

21:b7:a1:27:3c:15:61:1e:44:5c:18:60:57:d6:d5:2e:cb:74:27:76
Signer

Actual PE Digest

21:b7:a1:27:3c:15:61:1e:44:5c:18:60:57:d6:d5:2e:cb:74:27:76

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-libraryloader-l1-1-0.pdb

Exports

Exports

DisableThreadLibraryCalls
FindResourceExW
FindStringOrdinal
FreeLibrary
FreeLibraryAndExitThread
FreeResource
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExA
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
LoadLibraryExA
LoadLibraryExW
LoadResource
LockResource
SizeofResource

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-core-localization-l1-2-0.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:8e:a8:19:d7:3f:36:8b:7a:40:00:00:00:00:00:8e
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:af:dc:df:40:8a:80:7a:ce:c1:7d:10:a6:bc:83:1e:48:94:8f:65:f0:06:06:e7:9c:4d:e7:1c:c3:d3:c3:db
Signer

Actual PE Digest

05:af:dc:df:40:8a:80:7a:ce:c1:7d:10:a6:bc:83:1e:48:94:8f:65:f0:06:06:e7:9c:4d:e7:1c:c3:d3:c3:db

Digest Algorithm

sha256

PE Digest Matches

true

9d:6d:f1:d4:fc:a5:33:bb:b1:6b:f6:f3:8e:35:22:3b:d3:2d:aa:40
Signer

Actual PE Digest

9d:6d:f1:d4:fc:a5:33:bb:b1:6b:f6:f3:8e:35:22:3b:d3:2d:aa:40

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-localization-l1-2-0.pdb

Exports

Exports

ConvertDefaultLocale
EnumSystemGeoID
EnumSystemLocalesA
EnumSystemLocalesW
FindNLSString
FindNLSStringEx
FormatMessageA
FormatMessageW
GetACP
GetCPInfo
GetCPInfoExW
GetCalendarInfoEx
GetCalendarInfoW
GetFileMUIInfo
GetFileMUIPath
GetGeoInfoW
GetLocaleInfoA
GetLocaleInfoEx
GetLocaleInfoW
GetNLSVersion
GetNLSVersionEx
GetOEMCP
GetProcessPreferredUILanguages
GetSystemDefaultLCID
GetSystemDefaultLangID
GetSystemPreferredUILanguages
GetThreadLocale
GetThreadPreferredUILanguages
GetThreadUILanguage
GetUILanguageInfo
GetUserDefaultLCID
GetUserDefaultLangID
GetUserDefaultLocaleName
GetUserGeoID
GetUserPreferredUILanguages
IdnToAscii
IdnToUnicode
IsDBCSLeadByte
IsDBCSLeadByteEx
IsNLSDefinedString
IsValidCodePage
IsValidLanguageGroup
IsValidLocale
IsValidLocaleName
IsValidNLSVersion
LCMapStringA
LCMapStringEx
LCMapStringW
LocaleNameToLCID
ResolveLocaleName
SetCalendarInfoW
SetLocaleInfoW
SetProcessPreferredUILanguages
SetThreadLocale
SetThreadPreferredUILanguages
SetThreadUILanguage
SetUserGeoID
VerLanguageNameA
VerLanguageNameW

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-core-memory-l1-1-0.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:88:15:52:51:cf:17:37:7b:55:00:00:00:00:00:88
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7AFA-E41C-E142,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

22:36:52:e0:a4:7c:8e:66:40:d1:26:55:95:02:5f:b0:ca:b5:c8:38:ee:06:19:9b:4c:1e:ac:9c:c4:59:e9:4a
Signer

Actual PE Digest

22:36:52:e0:a4:7c:8e:66:40:d1:26:55:95:02:5f:b0:ca:b5:c8:38:ee:06:19:9b:4c:1e:ac:9c:c4:59:e9:4a

Digest Algorithm

sha256

PE Digest Matches

true

3c:5d:8c:fe:ce:50:29:22:3e:f6:19:a5:aa:a2:9e:5d:46:2e:b4:b8
Signer

Actual PE Digest

3c:5d:8c:fe:ce:50:29:22:3e:f6:19:a5:aa:a2:9e:5d:46:2e:b4:b8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-memory-l1-1-0.pdb

Exports

Exports

CreateFileMappingW
FlushViewOfFile
MapViewOfFile
MapViewOfFileEx
OpenFileMappingW
ReadProcessMemory
UnmapViewOfFile
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualProtect
VirtualProtectEx
VirtualQuery
VirtualQueryEx
WriteProcessMemory

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-core-namedpipe-l1-1-0.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:8b:4c:06:71:0c:20:2c:df:3b:00:00:00:00:00:8b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:728D-C45F-F9EB,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:ea:58:61:13:c7:c2:74:47:88:a5:b6:14:ce:52:4e:c2:cf:34:43:ef:2a:1f:7d:2c:c6:cd:3e:47:0e:26:3c
Signer

Actual PE Digest

07:ea:58:61:13:c7:c2:74:47:88:a5:b6:14:ce:52:4e:c2:cf:34:43:ef:2a:1f:7d:2c:c6:cd:3e:47:0e:26:3c

Digest Algorithm

sha256

PE Digest Matches

true

25:58:68:ca:2d:10:e9:13:da:e9:43:d2:16:b8:4c:64:72:b9:75:eb
Signer

Actual PE Digest

25:58:68:ca:2d:10:e9:13:da:e9:43:d2:16:b8:4c:64:72:b9:75:eb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-namedpipe-l1-1-0.pdb

Exports

Exports

ConnectNamedPipe
CreateNamedPipeW
CreatePipe
DisconnectNamedPipe
GetNamedPipeClientComputerNameW
ImpersonateNamedPipeClient
PeekNamedPipe
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW

Sections

.text
Size: 1024B - Virtual size: 929B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-core-processenvironment-l1-1-0.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:8b:4c:06:71:0c:20:2c:df:3b:00:00:00:00:00:8b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:728D-C45F-F9EB,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

84:4d:fe:f5:d7:5b:2f:9e:6b:aa:84:57:e4:44:05:dd:95:76:5c:aa:5f:16:82:14:ed:2e:b2:5a:2d:82:e8:ce
Signer

Actual PE Digest

84:4d:fe:f5:d7:5b:2f:9e:6b:aa:84:57:e4:44:05:dd:95:76:5c:aa:5f:16:82:14:ed:2e:b2:5a:2d:82:e8:ce

Digest Algorithm

sha256

PE Digest Matches

true

18:73:cf:d1:e8:22:35:c2:ca:65:5a:66:e9:17:36:ab:04:ee:8d:38
Signer

Actual PE Digest

18:73:cf:d1:e8:22:35:c2:ca:65:5a:66:e9:17:36:ab:04:ee:8d:38

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-processenvironment-l1-1-0.pdb

Exports

Exports

ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetCommandLineA
GetCommandLineW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetStdHandle
SearchPathW
SetCurrentDirectoryA
SetCurrentDirectoryW
SetEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetStdHandle
SetStdHandleEx

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-core-processthreads-l1-1-0.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:8b:4c:06:71:0c:20:2c:df:3b:00:00:00:00:00:8b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:728D-C45F-F9EB,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4b:38:07:eb:51:99:ac:e1:f6:ea:06:e0:5a:fd:f6:b4:21:12:35:c0:f9:84:4c:7e:34:89:0e:69:0e:56:03:ca
Signer

Actual PE Digest

4b:38:07:eb:51:99:ac:e1:f6:ea:06:e0:5a:fd:f6:b4:21:12:35:c0:f9:84:4c:7e:34:89:0e:69:0e:56:03:ca

Digest Algorithm

sha256

PE Digest Matches

true

fb:5f:b7:09:c1:a9:3a:1c:e0:6b:1e:c8:fe:99:23:28:67:a1:db:8f
Signer

Actual PE Digest

fb:5f:b7:09:c1:a9:3a:1c:e0:6b:1e:c8:fe:99:23:28:67:a1:db:8f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-processthreads-l1-1-0.pdb

Exports

Exports

CreateProcessA
CreateProcessAsUserW
CreateProcessW
CreateRemoteThread
CreateRemoteThreadEx
CreateThread
DeleteProcThreadAttributeList
ExitProcess
ExitThread
FlushProcessWriteBuffers
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetExitCodeProcess
GetExitCodeThread
GetPriorityClass
GetProcessId
GetProcessIdOfThread
GetProcessTimes
GetProcessVersion
GetStartupInfoW
GetThreadId
GetThreadPriority
GetThreadPriorityBoost
InitializeProcThreadAttributeList
OpenProcessToken
OpenThread
OpenThreadToken
ProcessIdToSessionId
QueryProcessAffinityUpdateMode
QueueUserAPC
ResumeThread
SetPriorityClass
SetProcessAffinityUpdateMode
SetProcessShutdownParameters
SetThreadPriority
SetThreadPriorityBoost
SetThreadStackGuarantee
SetThreadToken
SuspendThread
SwitchToThread
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UpdateProcThreadAttribute

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-core-processthreads-l1-1-1.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:90:3e:83:56:9d:f3:ba:ae:e8:00:00:00:00:00:90
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e0:e9:b4:0e:8e:fd:2f:28:fd:c8:9d:54:75:60:d1:a3:4a:4b:c9:0a:bd:95:54:ad:34:d8:c0:06:56:58:d1:ce
Signer

Actual PE Digest

e0:e9:b4:0e:8e:fd:2f:28:fd:c8:9d:54:75:60:d1:a3:4a:4b:c9:0a:bd:95:54:ad:34:d8:c0:06:56:58:d1:ce

Digest Algorithm

sha256

PE Digest Matches

true

1b:14:b5:2a:73:aa:02:45:e2:34:7b:de:73:9a:1c:33:db:00:43:a6
Signer

Actual PE Digest

1b:14:b5:2a:73:aa:02:45:e2:34:7b:de:73:9a:1c:33:db:00:43:a6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-processthreads-l1-1-1.pdb

Exports

Exports

FlushInstructionCache
GetCurrentProcessorNumber
GetCurrentProcessorNumberEx
GetCurrentThreadStackLimits
GetProcessHandleCount
GetProcessMitigationPolicy
GetThreadContext
GetThreadIdealProcessorEx
GetThreadTimes
IsProcessorFeaturePresent
OpenProcess
SetProcessMitigationPolicy
SetThreadContext
SetThreadIdealProcessorEx

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-core-profile-l1-1-0.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:90:3e:83:56:9d:f3:ba:ae:e8:00:00:00:00:00:90
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:35:66:9e:b4:83:8c:8e:5a:8e:0f:5a:d9:c8:7a:52:62:6e:e1:71:85:f3:fd:e2:6a:25:5f:53:2d:e2:0a:96
Signer

Actual PE Digest

69:35:66:9e:b4:83:8c:8e:5a:8e:0f:5a:d9:c8:7a:52:62:6e:e1:71:85:f3:fd:e2:6a:25:5f:53:2d:e2:0a:96

Digest Algorithm

sha256

PE Digest Matches

true

30:b1:3d:ef:3c:d5:97:85:d0:c2:43:ff:44:54:f0:3d:37:c4:08:6a
Signer

Actual PE Digest

30:b1:3d:ef:3c:d5:97:85:d0:c2:43:ff:44:54:f0:3d:37:c4:08:6a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-profile-l1-1-0.pdb

Exports

Exports

QueryPerformanceCounter
QueryPerformanceFrequency

Sections

.text
Size: 512B - Virtual size: 485B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-core-rtlsupport-l1-1-0.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:8b:4c:06:71:0c:20:2c:df:3b:00:00:00:00:00:8b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:728D-C45F-F9EB,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8e:de:8b:bd:c3:73:22:ca:80:00:db:46:43:bc:b3:92:04:96:20:5c:eb:1d:da:52:c3:40:fb:5d:f6:ca:f3:31
Signer

Actual PE Digest

8e:de:8b:bd:c3:73:22:ca:80:00:db:46:43:bc:b3:92:04:96:20:5c:eb:1d:da:52:c3:40:fb:5d:f6:ca:f3:31

Digest Algorithm

sha256

PE Digest Matches

true

12:7c:3b:5e:dc:8c:5b:ce:dd:73:ea:10:99:cf:53:63:d5:41:19:16
Signer

Actual PE Digest

12:7c:3b:5e:dc:8c:5b:ce:dd:73:ea:10:99:cf:53:63:d5:41:19:16

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-rtlsupport-l1-1-0.pdb

Exports

Exports

RtlCaptureContext
RtlCaptureStackBackTrace
RtlUnwind

Sections

.text
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-core-string-l1-1-0.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:8e:a8:19:d7:3f:36:8b:7a:40:00:00:00:00:00:8e
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2b:eb:bb:eb:41:e9:3e:c6:ea:f8:58:c8:5e:4e:4f:0f:62:07:2b:d2:5f:a4:35:76:fb:9f:6c:73:05:49:ab:54
Signer

Actual PE Digest

2b:eb:bb:eb:41:e9:3e:c6:ea:f8:58:c8:5e:4e:4f:0f:62:07:2b:d2:5f:a4:35:76:fb:9f:6c:73:05:49:ab:54

Digest Algorithm

sha256

PE Digest Matches

true

0e:21:e0:cd:e9:a4:c1:7a:ee:b9:21:e8:2f:a7:f4:cf:68:74:1a:6b
Signer

Actual PE Digest

0e:21:e0:cd:e9:a4:c1:7a:ee:b9:21:e8:2f:a7:f4:cf:68:74:1a:6b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-string-l1-1-0.pdb

Exports

Exports

CompareStringEx
CompareStringOrdinal
CompareStringW
FoldStringW
GetStringTypeExW
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte

Sections

.text
Size: 1024B - Virtual size: 770B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-core-synch-l1-1-0.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:8c:ff:f2:e5:18:1e:16:21:22:00:00:00:00:00:8c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:5847-F761-4F70,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

83:42:d2:04:f0:d5:2f:9c:8f:a2:c8:ba:4e:f0:f2:ff:57:16:24:af:e7:f7:82:24:a4:c8:db:40:4b:63:10:d7
Signer

Actual PE Digest

83:42:d2:04:f0:d5:2f:9c:8f:a2:c8:ba:4e:f0:f2:ff:57:16:24:af:e7:f7:82:24:a4:c8:db:40:4b:63:10:d7

Digest Algorithm

sha256

PE Digest Matches

true

c7:31:28:96:7b:d3:d1:22:6b:e8:65:21:de:91:25:f9:d9:74:cb:3c
Signer

Actual PE Digest

c7:31:28:96:7b:d3:d1:22:6b:e8:65:21:de:91:25:f9:d9:74:cb:3c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-synch-l1-1-0.pdb

Exports

Exports

AcquireSRWLockExclusive
AcquireSRWLockShared
CancelWaitableTimer
CreateEventA
CreateEventExA
CreateEventExW
CreateEventW
CreateMutexA
CreateMutexExA
CreateMutexExW
CreateMutexW
CreateSemaphoreExW
CreateWaitableTimerExW
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSRWLock
LeaveCriticalSection
OpenEventA
OpenEventW
OpenMutexW
OpenSemaphoreW
OpenWaitableTimerW
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
ResetEvent
SetCriticalSectionSpinCount
SetEvent
SetWaitableTimer
SetWaitableTimerEx
SleepEx
TryAcquireSRWLockExclusive
TryAcquireSRWLockShared
TryEnterCriticalSection
WaitForMultipleObjectsEx
WaitForSingleObject
WaitForSingleObjectEx

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-core-synch-l1-2-0.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:8e:a8:19:d7:3f:36:8b:7a:40:00:00:00:00:00:8e
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bb:53:cd:c0:91:12:c8:a8:dd:a7:47:b5:a7:b5:c5:63:1d:eb:bf:2f:fb:23:32:ae:ef:1f:fa:e6:f6:f7:62:31
Signer

Actual PE Digest

bb:53:cd:c0:91:12:c8:a8:dd:a7:47:b5:a7:b5:c5:63:1d:eb:bf:2f:fb:23:32:ae:ef:1f:fa:e6:f6:f7:62:31

Digest Algorithm

sha256

PE Digest Matches

true

14:bc:93:db:d9:97:84:04:e8:5d:6c:9f:d7:66:48:fb:84:ba:6a:d8
Signer

Actual PE Digest

14:bc:93:db:d9:97:84:04:e8:5d:6c:9f:d7:66:48:fb:84:ba:6a:d8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-synch-l1-2-0.pdb

Exports

Exports

DeleteSynchronizationBarrier
EnterSynchronizationBarrier
InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce
InitOnceInitialize
InitializeConditionVariable
InitializeSynchronizationBarrier
SignalObjectAndWait
Sleep
SleepConditionVariableCS
SleepConditionVariableSRW
WaitOnAddress
WakeAllConditionVariable
WakeByAddressAll
WakeByAddressSingle
WakeConditionVariable

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-core-sysinfo-l1-1-0.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:8b:4c:06:71:0c:20:2c:df:3b:00:00:00:00:00:8b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:728D-C45F-F9EB,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a4:79:48:66:a1:a4:46:db:6a:87:06:a4:f5:36:92:d4:e5:0d:64:c3:77:65:51:8c:79:36:0c:a7:63:aa:a6:68
Signer

Actual PE Digest

a4:79:48:66:a1:a4:46:db:6a:87:06:a4:f5:36:92:d4:e5:0d:64:c3:77:65:51:8c:79:36:0c:a7:63:aa:a6:68

Digest Algorithm

sha256

PE Digest Matches

true

c8:2f:66:78:7f:30:2d:09:00:68:d5:e8:d8:a5:8b:d0:4e:0e:63:f9
Signer

Actual PE Digest

c8:2f:66:78:7f:30:2d:09:00:68:d5:e8:d8:a5:8b:d0:4e:0e:63:f9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-sysinfo-l1-1-0.pdb

Exports

Exports

GetComputerNameExA
GetComputerNameExW
GetLocalTime
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryA
GetSystemWindowsDirectoryW
GetTickCount
GetTickCount64
GetVersion
GetVersionExA
GetVersionExW
GetWindowsDirectoryA
GetWindowsDirectoryW
GlobalMemoryStatusEx
SetLocalTime

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-core-timezone-l1-1-0.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:90:3e:83:56:9d:f3:ba:ae:e8:00:00:00:00:00:90
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

68:37:e6:81:a0:14:23:41:7b:95:ea:50:b2:a9:2d:60:84:1c:2a:89:08:9f:21:70:be:d9:80:71:a9:c7:88:0f
Signer

Actual PE Digest

68:37:e6:81:a0:14:23:41:7b:95:ea:50:b2:a9:2d:60:84:1c:2a:89:08:9f:21:70:be:d9:80:71:a9:c7:88:0f

Digest Algorithm

sha256

PE Digest Matches

true

00:4b:63:e9:48:76:07:ef:e3:9a:28:79:d9:ce:67:fb:7e:24:f2:45
Signer

Actual PE Digest

00:4b:63:e9:48:76:07:ef:e3:9a:28:79:d9:ce:67:fb:7e:24:f2:45

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-timezone-l1-1-0.pdb

Exports

Exports

FileTimeToSystemTime
GetDynamicTimeZoneInformation
GetTimeZoneInformation
GetTimeZoneInformationForYear
SetDynamicTimeZoneInformation
SetTimeZoneInformation
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime

Sections

.text
Size: 1024B - Virtual size: 1003B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-core-util-l1-1-0.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:8e:a8:19:d7:3f:36:8b:7a:40:00:00:00:00:00:8e
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e7:01:e6:86:51:6f:a1:d7:53:f7:09:f0:3a:2f:03:59:2a:be:5e:3f:a4:ff:23:ef:10:55:1a:0a:24:2a:b8:f0
Signer

Actual PE Digest

e7:01:e6:86:51:6f:a1:d7:53:f7:09:f0:3a:2f:03:59:2a:be:5e:3f:a4:ff:23:ef:10:55:1a:0a:24:2a:b8:f0

Digest Algorithm

sha256

PE Digest Matches

true

5b:87:3d:27:8c:06:54:e0:c1:88:da:1f:49:de:7d:df:f6:ac:b1:ae
Signer

Actual PE Digest

5b:87:3d:27:8c:06:54:e0:c1:88:da:1f:49:de:7d:df:f6:ac:b1:ae

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-util-l1-1-0.pdb

Exports

Exports

Beep
DecodePointer
DecodeSystemPointer
EncodePointer
EncodeSystemPointer

Sections

.text
Size: 1024B - Virtual size: 585B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-crt-conio-l1-1-0.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:90:3e:83:56:9d:f3:ba:ae:e8:00:00:00:00:00:90
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e2:36:fe:cf:37:e3:52:75:3d:46:1b:a3:3b:16:d1:1b:db:2c:f5:50:7b:9a:b8:6c:c2:5e:fc:4a:18:a7:4e:ad
Signer

Actual PE Digest

e2:36:fe:cf:37:e3:52:75:3d:46:1b:a3:3b:16:d1:1b:db:2c:f5:50:7b:9a:b8:6c:c2:5e:fc:4a:18:a7:4e:ad

Digest Algorithm

sha256

PE Digest Matches

true

7c:c9:0a:32:a0:8a:42:9e:98:19:e9:e9:14:e9:a0:e7:5b:be:b2:53
Signer

Actual PE Digest

7c:c9:0a:32:a0:8a:42:9e:98:19:e9:e9:14:e9:a0:e7:5b:be:b2:53

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-conio-l1-1-0.pdb

Exports

Exports

__conio_common_vcprintf
__conio_common_vcprintf_p
__conio_common_vcprintf_s
__conio_common_vcscanf
__conio_common_vcwprintf
__conio_common_vcwprintf_p
__conio_common_vcwprintf_s
__conio_common_vcwscanf
_cgets
_cgets_s
_cgetws
_cgetws_s
_cputs
_cputws
_getch
_getch_nolock
_getche
_getche_nolock
_getwch
_getwch_nolock
_getwche
_getwche_nolock
_putch
_putch_nolock
_putwch
_putwch_nolock
_ungetch
_ungetch_nolock
_ungetwch
_ungetwch_nolock

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-crt-convert-l1-1-0.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:88:15:52:51:cf:17:37:7b:55:00:00:00:00:00:88
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7AFA-E41C-E142,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

43:83:47:43:bd:ca:a5:ea:bb:28:de:64:71:6a:98:3d:2b:41:c4:d3:0f:95:3c:70:19:43:40:53:3d:3d:fa:41
Signer

Actual PE Digest

43:83:47:43:bd:ca:a5:ea:bb:28:de:64:71:6a:98:3d:2b:41:c4:d3:0f:95:3c:70:19:43:40:53:3d:3d:fa:41

Digest Algorithm

sha256

PE Digest Matches

true

63:27:c5:3a:61:c2:23:b2:c5:2d:e4:3b:24:b8:f2:b5:04:75:9a:b2
Signer

Actual PE Digest

63:27:c5:3a:61:c2:23:b2:c5:2d:e4:3b:24:b8:f2:b5:04:75:9a:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-convert-l1-1-0.pdb

Exports

Exports

__toascii
_atodbl
_atodbl_l
_atof_l
_atoflt
_atoflt_l
_atoi64
_atoi64_l
_atoi_l
_atol_l
_atoldbl
_atoldbl_l
_atoll_l
_ecvt
_ecvt_s
_fcvt
_fcvt_s
_gcvt
_gcvt_s
_i64toa
_i64toa_s
_i64tow
_i64tow_s
_itoa
_itoa_s
_itow
_itow_s
_ltoa
_ltoa_s
_ltow
_ltow_s
_strtod_l
_strtof_l
_strtoi64
_strtoi64_l
_strtoimax_l
_strtol_l
_strtold_l
_strtoll_l
_strtoui64
_strtoui64_l
_strtoul_l
_strtoull_l
_strtoumax_l
_ui64toa
_ui64toa_s
_ui64tow
_ui64tow_s
_ultoa
_ultoa_s
_ultow
_ultow_s
_wcstod_l
_wcstof_l
_wcstoi64
_wcstoi64_l
_wcstoimax_l
_wcstol_l
_wcstold_l
_wcstoll_l
_wcstombs_l
_wcstombs_s_l
_wcstoui64
_wcstoui64_l
_wcstoul_l
_wcstoull_l
_wcstoumax_l
_wctomb_l
_wctomb_s_l
_wtof
_wtof_l
_wtoi
_wtoi64
_wtoi64_l
_wtoi_l
_wtol
_wtol_l
_wtoll
_wtoll_l
atof
atoi
atol
atoll
btowc
c16rtomb
c32rtomb
mbrtoc16
mbrtoc32
mbrtowc
mbsrtowcs
mbsrtowcs_s
mbstowcs
mbstowcs_s
mbtowc
strtod
strtof
strtoimax
strtol
strtold
strtoll
strtoul
strtoull
strtoumax
wcrtomb
wcrtomb_s
wcsrtombs
wcsrtombs_s
wcstod
wcstof
wcstoimax
wcstol
wcstold
wcstoll
wcstombs
wcstombs_s
wcstoul
wcstoull
wcstoumax
wctob
wctomb
wctomb_s
wctrans

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-crt-environment-l1-1-0.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:8b:4c:06:71:0c:20:2c:df:3b:00:00:00:00:00:8b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:728D-C45F-F9EB,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b9:9f:79:d7:34:ac:88:e6:61:b1:01:a6:7e:64:65:9a:2a:87:66:6c:1c:16:e3:6b:46:d7:58:19:3d:3f:38:ba
Signer

Actual PE Digest

b9:9f:79:d7:34:ac:88:e6:61:b1:01:a6:7e:64:65:9a:2a:87:66:6c:1c:16:e3:6b:46:d7:58:19:3d:3f:38:ba

Digest Algorithm

sha256

PE Digest Matches

true

b3:18:07:5e:49:96:fa:22:68:17:8f:d2:00:51:99:75:8e:e5:42:5a
Signer

Actual PE Digest

b3:18:07:5e:49:96:fa:22:68:17:8f:d2:00:51:99:75:8e:e5:42:5a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-environment-l1-1-0.pdb

Exports

Exports

__p__environ
__p__wenviron
_dupenv_s
_putenv
_putenv_s
_searchenv
_searchenv_s
_wdupenv_s
_wgetcwd
_wgetdcwd
_wgetenv
_wgetenv_s
_wputenv
_wputenv_s
_wsearchenv
_wsearchenv_s
getenv
getenv_s

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-crt-filesystem-l1-1-0.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:8b:4c:06:71:0c:20:2c:df:3b:00:00:00:00:00:8b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:728D-C45F-F9EB,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d7:07:e4:07:39:68:e2:c2:b1:68:cf:dc:85:b6:a9:b0:e7:2e:76:b4:03:0e:1a:b4:66:8a:94:69:7d:1c:a4:da
Signer

Actual PE Digest

d7:07:e4:07:39:68:e2:c2:b1:68:cf:dc:85:b6:a9:b0:e7:2e:76:b4:03:0e:1a:b4:66:8a:94:69:7d:1c:a4:da

Digest Algorithm

sha256

PE Digest Matches

true

90:1a:b0:58:a8:13:64:d5:5e:e3:fc:84:58:6f:76:f2:6f:41:85:46
Signer

Actual PE Digest

90:1a:b0:58:a8:13:64:d5:5e:e3:fc:84:58:6f:76:f2:6f:41:85:46

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-filesystem-l1-1-0.pdb

Exports

Exports

_access
_access_s
_chdir
_chdrive
_chmod
_findclose
_findfirst32
_findfirst32i64
_findfirst64
_findfirst64i32
_findnext32
_findnext32i64
_findnext64
_findnext64i32
_fstat32
_fstat32i64
_fstat64
_fstat64i32
_fullpath
_getdiskfree
_getdrive
_getdrives
_lock_file
_makepath
_makepath_s
_mkdir
_rmdir
_splitpath
_splitpath_s
_stat32
_stat32i64
_stat64
_stat64i32
_umask
_umask_s
_unlink
_unlock_file
_waccess
_waccess_s
_wchdir
_wchmod
_wfindfirst32
_wfindfirst32i64
_wfindfirst64
_wfindfirst64i32
_wfindnext32
_wfindnext32i64
_wfindnext64
_wfindnext64i32
_wfullpath
_wmakepath
_wmakepath_s
_wmkdir
_wremove
_wrename
_wrmdir
_wsplitpath
_wsplitpath_s
_wstat32
_wstat32i64
_wstat64
_wstat64i32
_wunlink
remove
rename

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-crt-heap-l1-1-0.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:90:3e:83:56:9d:f3:ba:ae:e8:00:00:00:00:00:90
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:34:5d:66:06:6c:b7:bb:97:c2:e0:4b:f6:66:9a:44:f5:3f:87:8f:a3:cd:f6:b3:8b:13:11:d5:1e:cd:2d:11
Signer

Actual PE Digest

02:34:5d:66:06:6c:b7:bb:97:c2:e0:4b:f6:66:9a:44:f5:3f:87:8f:a3:cd:f6:b3:8b:13:11:d5:1e:cd:2d:11

Digest Algorithm

sha256

PE Digest Matches

true

2a:0e:97:ae:7c:78:28:28:43:c0:0b:28:fb:84:29:d4:a3:43:00:c6
Signer

Actual PE Digest

2a:0e:97:ae:7c:78:28:28:43:c0:0b:28:fb:84:29:d4:a3:43:00:c6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-heap-l1-1-0.pdb

Exports

Exports

_aligned_free
_aligned_malloc
_aligned_msize
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_offset_recalloc
_aligned_realloc
_aligned_recalloc
_callnewh
_calloc_base
_expand
_free_base
_get_heap_handle
_heapchk
_heapmin
_heapwalk
_malloc_base
_msize
_query_new_handler
_query_new_mode
_realloc_base
_recalloc
_set_new_mode
calloc
free
malloc
realloc

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-crt-locale-l1-1-0.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:90:3e:83:56:9d:f3:ba:ae:e8:00:00:00:00:00:90
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bd:73:da:9b:3f:27:d4:66:d4:19:af:bd:11:2b:53:68:6e:50:a0:45:c6:f2:b1:f8:17:41:50:75:f1:53:c7:26
Signer

Actual PE Digest

bd:73:da:9b:3f:27:d4:66:d4:19:af:bd:11:2b:53:68:6e:50:a0:45:c6:f2:b1:f8:17:41:50:75:f1:53:c7:26

Digest Algorithm

sha256

PE Digest Matches

true

dc:79:e8:39:14:83:7f:28:15:45:94:b4:31:33:06:3a:f9:9b:00:17
Signer

Actual PE Digest

dc:79:e8:39:14:83:7f:28:15:45:94:b4:31:33:06:3a:f9:9b:00:17

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-locale-l1-1-0.pdb

Exports

Exports

___lc_codepage_func
___lc_collate_cp_func
___lc_locale_name_func
___mb_cur_max_func
___mb_cur_max_l_func
__initialize_lconv_for_unsigned_char
__pctype_func
__pwctype_func
_configthreadlocale
_create_locale
_free_locale
_get_current_locale
_getmbcp
_lock_locales
_setmbcp
_unlock_locales
_wcreate_locale
_wsetlocale
localeconv
setlocale

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-crt-math-l1-1-0.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:8b:4c:06:71:0c:20:2c:df:3b:00:00:00:00:00:8b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:728D-C45F-F9EB,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bd:b8:b2:cf:ba:76:eb:b0:b7:6c:a1:16:0b:07:95:e2:bb:c7:47:58:7e:3e:c9:2f:44:72:4e:7b:c6:ce:df:46
Signer

Actual PE Digest

bd:b8:b2:cf:ba:76:eb:b0:b7:6c:a1:16:0b:07:95:e2:bb:c7:47:58:7e:3e:c9:2f:44:72:4e:7b:c6:ce:df:46

Digest Algorithm

sha256

PE Digest Matches

true

d8:f6:68:b2:40:39:ab:b0:c6:cd:6f:db:fa:49:ad:5c:c2:02:54:07
Signer

Actual PE Digest

d8:f6:68:b2:40:39:ab:b0:c6:cd:6f:db:fa:49:ad:5c:c2:02:54:07

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-math-l1-1-0.pdb

Exports

Exports

_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_Cbuild
_Cmulcc
_Cmulcr
_FCbuild
_FCmulcc
_FCmulcr
_LCbuild
_LCmulcc
_LCmulcr
__libm_sse2_acos
__libm_sse2_acosf
__libm_sse2_asin
__libm_sse2_asinf
__libm_sse2_atan
__libm_sse2_atan2
__libm_sse2_atanf
__libm_sse2_cos
__libm_sse2_cosf
__libm_sse2_exp
__libm_sse2_expf
__libm_sse2_log
__libm_sse2_log10
__libm_sse2_log10f
__libm_sse2_logf
__libm_sse2_pow
__libm_sse2_powf
__libm_sse2_sin
__libm_sse2_sinf
__libm_sse2_tan
__libm_sse2_tanf
__setusermatherr
_cabs
_chgsign
_chgsignf
_copysign
_copysignf
_d_int
_dclass
_dexp
_dlog
_dnorm
_dpcomp
_dpoly
_dscale
_dsign
_dsin
_dtest
_dunscale
_except1
_fd_int
_fdclass
_fdexp
_fdlog
_fdnorm
_fdopen
_fdpcomp
_fdpoly
_fdscale
_fdsign
_fdsin
_fdtest
_fdunscale
_finite
_fpclass
_ftol
_hypot
_hypotf
_isnan
_j0
_j1
_jn
_ld_int
_ldclass
_ldexp
_ldlog
_ldpcomp
_ldpoly
_ldscale
_ldsign
_ldsin
_ldtest
_ldunscale
_libm_sse2_acos_precise
_libm_sse2_asin_precise
_libm_sse2_atan_precise
_libm_sse2_cos_precise
_libm_sse2_exp_precise
_libm_sse2_log10_precise
_libm_sse2_log_precise
_libm_sse2_pow_precise
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
_libm_sse2_tan_precise
_logb
_nextafter
_scalb
_set_SSE2_enable
_y0
_y1
_yn
acos
acosh
acoshf
acoshl
asin
asinh
asinhf
asinhl
atan
atan2
atanh
atanhf
atanhl
cabs
cabsf
cabsl
cacos
cacosf
cacosh
cacoshf
cacoshl
cacosl
carg
cargf
cargl
casin
casinf
casinh
casinhf
casinhl
casinl
catan
catanf
catanh
catanhf
catanhl
catanl
cbrt
cbrtf
cbrtl
ccos
ccosf
ccosh
ccoshf
ccoshl
ccosl
ceil
cexp
cexpf
cexpl
cimag
cimagf
cimagl
clog
clog10
clog10f
clog10l
clogf
clogl
conj
conjf
conjl
copysign
copysignf
copysignl
cos
cosh
cpow
cpowf
cpowl
cproj
cprojf
cprojl
creal
crealf
creall
csin
csinf
csinh
csinhf
csinhl
csinl
csqrt
csqrtf
csqrtl
ctan
ctanf
ctanh
ctanhf
ctanhl
ctanl
erf
erfc
erfcf
erfcl
erff
erfl
exp
exp2
exp2f
exp2l
expm1
expm1f
expm1l
fabs
fdim
fdimf
fdiml
floor
fma
fmaf
fmal
fmax
fmaxf
fmaxl
fmin
fminf
fminl
fmod
frexp
hypot
ilogb
ilogbf
ilogbl
ldexp
lgamma
lgammaf
lgammal
llrint
llrintf
llrintl
llround
llroundf
llroundl
log
log10
log1p
log1pf
log1pl
log2
log2f
log2l
logb
logbf
logbl
lrint
lrintf
lrintl
lround
lroundf
lroundl
modf
nan
nanf
nanl
nearbyint
nearbyintf
nearbyintl
nextafter
nextafterf
nextafterl
nexttoward
nexttowardf
nexttowardl
norm
normf
norml
pow
powf
remainder
remainderf
remainderl
remquo
remquof
remquol
rint
rintf
rintl
round
roundf
roundl
scalbln
scalblnf
scalblnl
scalbn
scalbnf
scalbnl
sin
sinh
sqrt
tan
tanh
tgamma
tgammaf
tgammal
trunc
truncf
truncl

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-crt-multibyte-l1-1-0.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:90:3e:83:56:9d:f3:ba:ae:e8:00:00:00:00:00:90
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

91:54:c3:ff:9d:93:66:43:5f:96:c2:4b:ad:2a:1d:ef:c7:ec:48:60:53:7f:f4:c6:f0:5a:80:31:4f:09:87:1c
Signer

Actual PE Digest

91:54:c3:ff:9d:93:66:43:5f:96:c2:4b:ad:2a:1d:ef:c7:ec:48:60:53:7f:f4:c6:f0:5a:80:31:4f:09:87:1c

Digest Algorithm

sha256

PE Digest Matches

true

19:40:d7:21:48:1a:87:56:ff:36:94:b9:4a:09:88:15:03:60:30:38
Signer

Actual PE Digest

19:40:d7:21:48:1a:87:56:ff:36:94:b9:4a:09:88:15:03:60:30:38

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-multibyte-l1-1-0.pdb

Exports

Exports

__p__mbcasemap
__p__mbctype
_ismbbalnum
_ismbbalnum_l
_ismbbalpha
_ismbbalpha_l
_ismbbblank
_ismbbblank_l
_ismbbgraph
_ismbbgraph_l
_ismbbkalnum
_ismbbkalnum_l
_ismbbkana
_ismbbkana_l
_ismbbkprint
_ismbbkprint_l
_ismbbkpunct
_ismbbkpunct_l
_ismbblead
_ismbblead_l
_ismbbprint
_ismbbprint_l
_ismbbpunct
_ismbbpunct_l
_ismbbtrail
_ismbbtrail_l
_ismbcalnum
_ismbcalnum_l
_ismbcalpha
_ismbcalpha_l
_ismbcblank
_ismbcblank_l
_ismbcdigit
_ismbcdigit_l
_ismbcgraph
_ismbcgraph_l
_ismbchira
_ismbchira_l
_ismbckata
_ismbckata_l
_ismbcl0
_ismbcl0_l
_ismbcl1
_ismbcl1_l
_ismbcl2
_ismbcl2_l
_ismbclegal
_ismbclegal_l
_ismbclower
_ismbclower_l
_ismbcprint
_ismbcprint_l
_ismbcpunct
_ismbcpunct_l
_ismbcspace
_ismbcspace_l
_ismbcsymbol
_ismbcsymbol_l
_ismbcupper
_ismbcupper_l
_ismbslead
_ismbslead_l
_ismbstrail
_ismbstrail_l
_mbbtombc
_mbbtombc_l
_mbbtype
_mbbtype_l
_mbcasemap
_mbccpy
_mbccpy_l
_mbccpy_s
_mbccpy_s_l
_mbcjistojms
_mbcjistojms_l
_mbcjmstojis
_mbcjmstojis_l
_mbclen
_mbclen_l
_mbctohira
_mbctohira_l
_mbctokata
_mbctokata_l
_mbctolower
_mbctolower_l
_mbctombb
_mbctombb_l
_mbctoupper
_mbctoupper_l
_mblen_l
_mbsbtype
_mbsbtype_l
_mbscat_s
_mbscat_s_l
_mbschr
_mbschr_l
_mbscmp
_mbscmp_l
_mbscoll
_mbscoll_l
_mbscpy_s
_mbscpy_s_l
_mbscspn
_mbscspn_l
_mbsdec
_mbsdec_l
_mbsdup
_mbsicmp
_mbsicmp_l
_mbsicoll
_mbsicoll_l
_mbsinc
_mbsinc_l
_mbslen
_mbslen_l
_mbslwr
_mbslwr_l
_mbslwr_s
_mbslwr_s_l
_mbsnbcat
_mbsnbcat_l
_mbsnbcat_s
_mbsnbcat_s_l
_mbsnbcmp
_mbsnbcmp_l
_mbsnbcnt
_mbsnbcnt_l
_mbsnbcoll
_mbsnbcoll_l
_mbsnbcpy
_mbsnbcpy_l
_mbsnbcpy_s
_mbsnbcpy_s_l
_mbsnbicmp
_mbsnbicmp_l
_mbsnbicoll
_mbsnbicoll_l
_mbsnbset
_mbsnbset_l
_mbsnbset_s
_mbsnbset_s_l
_mbsncat
_mbsncat_l
_mbsncat_s
_mbsncat_s_l
_mbsnccnt
_mbsnccnt_l
_mbsncmp
_mbsncmp_l
_mbsncoll
_mbsncoll_l
_mbsncpy
_mbsncpy_l
_mbsncpy_s
_mbsncpy_s_l
_mbsnextc
_mbsnextc_l
_mbsnicmp
_mbsnicmp_l
_mbsnicoll
_mbsnicoll_l
_mbsninc
_mbsninc_l
_mbsnlen
_mbsnlen_l
_mbsnset
_mbsnset_l
_mbsnset_s
_mbsnset_s_l
_mbspbrk
_mbspbrk_l
_mbsrchr
_mbsrchr_l
_mbsrev
_mbsrev_l
_mbsset
_mbsset_l
_mbsset_s
_mbsset_s_l
_mbsspn
_mbsspn_l
_mbsspnp
_mbsspnp_l
_mbsstr
_mbsstr_l
_mbstok
_mbstok_l
_mbstok_s
_mbstok_s_l
_mbstowcs_l
_mbstowcs_s_l
_mbstrlen
_mbstrlen_l
_mbstrnlen
_mbstrnlen_l
_mbsupr
_mbsupr_l
_mbsupr_s
_mbsupr_s_l
_mbtowc_l

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-crt-private-l1-1-0.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:90:3e:83:56:9d:f3:ba:ae:e8:00:00:00:00:00:90
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cc:26:1a:d2:54:aa:54:95:7c:ec:b2:01:55:c2:66:48:33:76:17:33:6b:5c:93:fb:89:fb:37:6c:95:26:d0:c3
Signer

Actual PE Digest

cc:26:1a:d2:54:aa:54:95:7c:ec:b2:01:55:c2:66:48:33:76:17:33:6b:5c:93:fb:89:fb:37:6c:95:26:d0:c3

Digest Algorithm

sha256

PE Digest Matches

true

d1:09:fa:28:f1:ce:33:e6:5e:c7:76:82:90:43:b7:18:63:d8:cf:af
Signer

Actual PE Digest

d1:09:fa:28:f1:ce:33:e6:5e:c7:76:82:90:43:b7:18:63:d8:cf:af

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-private-l1-1-0.pdb

Exports

Exports

_CreateFrameInfo
_CxxThrowException
_EH_prolog
_FindAndUnlinkFrame
_IsExceptionObjectToBeDestroyed
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_SetWinRTOutOfMemoryExceptionCallback
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
__current_exception
__current_exception_context
__dcrt_get_wide_environment_from_os
__dcrt_initial_narrow_environment
__intrinsic_abnormal_termination
__intrinsic_setjmp
__processing_throw
__report_gsfailure
__std_exception_copy
__std_exception_destroy
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__unDName
__unDNameEx
__uncaught_exception
_chkesp
_except_handler2
_except_handler3
_except_handler4_common
_get_purecall_handler
_get_unexpected
_global_unwind2
_is_exception_typeof
_local_unwind2
_local_unwind4
_longjmpex
_o__CIacos
_o__CIasin
_o__CIatan
_o__CIatan2
_o__CIcos
_o__CIcosh
_o__CIexp
_o__CIfmod
_o__CIlog
_o__CIlog10
_o__CIpow
_o__CIsin
_o__CIsinh
_o__CIsqrt
_o__CItan
_o__CItanh
_o__Getdays
_o__Getmonths
_o__Gettnames
_o__Strftime
_o__W_Getdays
_o__W_Getmonths
_o__W_Gettnames
_o__Wcsftime
_o____lc_codepage_func
_o____lc_collate_cp_func
_o____lc_locale_name_func
_o____mb_cur_max_func
_o___acrt_iob_func
_o___conio_common_vcprintf
_o___conio_common_vcprintf_p
_o___conio_common_vcprintf_s
_o___conio_common_vcscanf
_o___conio_common_vcwprintf
_o___conio_common_vcwprintf_p
_o___conio_common_vcwprintf_s
_o___conio_common_vcwscanf
_o___daylight
_o___dstbias
_o___fpe_flt_rounds
_o___libm_sse2_acos
_o___libm_sse2_acosf
_o___libm_sse2_asin
_o___libm_sse2_asinf
_o___libm_sse2_atan
_o___libm_sse2_atan2
_o___libm_sse2_atanf
_o___libm_sse2_cos
_o___libm_sse2_cosf
_o___libm_sse2_exp
_o___libm_sse2_expf
_o___libm_sse2_log
_o___libm_sse2_log10
_o___libm_sse2_log10f
_o___libm_sse2_logf
_o___libm_sse2_pow
_o___libm_sse2_powf
_o___libm_sse2_sin
_o___libm_sse2_sinf
_o___libm_sse2_tan
_o___libm_sse2_tanf
_o___p___argc
_o___p___argv
_o___p___wargv
_o___p__acmdln
_o___p__commode
_o___p__environ
_o___p__fmode
_o___p__mbcasemap
_o___p__mbctype
_o___p__pgmptr
_o___p__wcmdln
_o___p__wenviron
_o___p__wpgmptr
_o___pctype_func
_o___pwctype_func
_o___std_exception_copy
_o___std_exception_destroy
_o___std_type_info_destroy_list
_o___std_type_info_name
_o___stdio_common_vfprintf
_o___stdio_common_vfprintf_p
_o___stdio_common_vfprintf_s
_o___stdio_common_vfscanf
_o___stdio_common_vfwprintf
_o___stdio_common_vfwprintf_p
_o___stdio_common_vfwprintf_s
_o___stdio_common_vfwscanf
_o___stdio_common_vsnprintf_s
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsprintf_p
_o___stdio_common_vsprintf_s
_o___stdio_common_vsscanf
_o___stdio_common_vswprintf
_o___stdio_common_vswprintf_p
_o___stdio_common_vswprintf_s
_o___stdio_common_vswscanf
_o___timezone
_o___tzname
_o___wcserror
_o__access
_o__access_s
_o__aligned_free
_o__aligned_malloc
_o__aligned_msize
_o__aligned_offset_malloc
_o__aligned_offset_realloc
_o__aligned_offset_recalloc
_o__aligned_realloc
_o__aligned_recalloc
_o__atodbl
_o__atodbl_l
_o__atof_l
_o__atoflt
_o__atoflt_l
_o__atoi64
_o__atoi64_l
_o__atoi_l
_o__atol_l
_o__atoldbl
_o__atoldbl_l
_o__atoll_l
_o__beep
_o__beginthread
_o__beginthreadex
_o__cabs
_o__callnewh
_o__calloc_base
_o__cexit
_o__cgets
_o__cgets_s
_o__cgetws
_o__cgetws_s
_o__chdir
_o__chdrive
_o__chmod
_o__chsize
_o__chsize_s
_o__close
_o__commit
_o__configthreadlocale
_o__configure_narrow_argv
_o__configure_wide_argv
_o__controlfp_s
_o__cputs
_o__cputws
_o__creat
_o__create_locale
_o__crt_atexit
_o__ctime32_s
_o__ctime64_s
_o__cwait
_o__d_int
_o__dclass
_o__difftime32
_o__difftime64
_o__dlog
_o__dnorm
_o__dpcomp
_o__dpoly
_o__dscale
_o__dsign
_o__dsin
_o__dtest
_o__dunscale
_o__dup
_o__dup2
_o__dupenv_s
_o__ecvt
_o__ecvt_s
_o__endthread
_o__endthreadex
_o__eof
_o__errno
_o__except1
_o__execute_onexit_table
_o__execv
_o__execve
_o__execvp
_o__execvpe
_o__exit
_o__expand
_o__fclose_nolock
_o__fcloseall
_o__fcvt
_o__fcvt_s
_o__fd_int
_o__fdclass
_o__fdexp
_o__fdlog
_o__fdopen
_o__fdpcomp
_o__fdpoly
_o__fdscale
_o__fdsign
_o__fdsin
_o__fflush_nolock
_o__fgetc_nolock
_o__fgetchar
_o__fgetwc_nolock
_o__fgetwchar
_o__filelength
_o__filelengthi64
_o__fileno
_o__findclose
_o__findfirst32
_o__findfirst32i64
_o__findfirst64
_o__findfirst64i32
_o__findnext32
_o__findnext32i64
_o__findnext64
_o__findnext64i32
_o__flushall
_o__fpclass
_o__fputc_nolock
_o__fputchar
_o__fputwc_nolock
_o__fputwchar
_o__fread_nolock
_o__fread_nolock_s
_o__free_base
_o__free_locale
_o__fseek_nolock
_o__fseeki64
_o__fseeki64_nolock
_o__fsopen
_o__fstat32
_o__fstat32i64
_o__fstat64
_o__fstat64i32
_o__ftell_nolock
_o__ftelli64
_o__ftelli64_nolock
_o__ftime32
_o__ftime32_s
_o__ftime64
_o__ftime64_s
_o__fullpath
_o__futime32
_o__futime64
_o__fwrite_nolock
_o__gcvt
_o__gcvt_s
_o__get_daylight
_o__get_doserrno
_o__get_dstbias
_o__get_errno
_o__get_fmode
_o__get_heap_handle
_o__get_initial_narrow_environment
_o__get_initial_wide_environment
_o__get_invalid_parameter_handler
_o__get_narrow_winmain_command_line
_o__get_osfhandle
_o__get_pgmptr
_o__get_stream_buffer_pointers
_o__get_terminate
_o__get_thread_local_invalid_parameter_handler
_o__get_timezone
_o__get_tzname
_o__get_wide_winmain_command_line
_o__get_wpgmptr
_o__getc_nolock
_o__getch
_o__getch_nolock
_o__getche
_o__getche_nolock
_o__getcwd
_o__getdcwd
_o__getdiskfree
_o__getdllprocaddr
_o__getdrive
_o__getdrives
_o__getmbcp
_o__getsystime
_o__getw
_o__getwc_nolock
_o__getwch
_o__getwch_nolock
_o__getwche
_o__getwche_nolock
_o__getws
_o__getws_s
_o__gmtime32
_o__gmtime32_s
_o__gmtime64
_o__gmtime64_s
_o__heapchk
_o__heapmin
_o__hypot
_o__hypotf
_o__i64toa
_o__i64toa_s
_o__i64tow
_o__i64tow_s
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__isatty
_o__isctype
_o__isctype_l
_o__isleadbyte_l
_o__ismbbalnum
_o__ismbbalnum_l
_o__ismbbalpha
_o__ismbbalpha_l
_o__ismbbblank
_o__ismbbblank_l
_o__ismbbgraph
_o__ismbbgraph_l
_o__ismbbkalnum
_o__ismbbkalnum_l
_o__ismbbkana
_o__ismbbkana_l
_o__ismbbkprint
_o__ismbbkprint_l
_o__ismbbkpunct
_o__ismbbkpunct_l
_o__ismbblead
_o__ismbblead_l
_o__ismbbprint
_o__ismbbprint_l
_o__ismbbpunct
_o__ismbbpunct_l
_o__ismbbtrail
_o__ismbbtrail_l
_o__ismbcalnum
_o__ismbcalnum_l
_o__ismbcalpha
_o__ismbcalpha_l
_o__ismbcblank
_o__ismbcblank_l
_o__ismbcdigit
_o__ismbcdigit_l
_o__ismbcgraph
_o__ismbcgraph_l
_o__ismbchira
_o__ismbchira_l
_o__ismbckata
_o__ismbckata_l
_o__ismbcl0
_o__ismbcl0_l
_o__ismbcl1
_o__ismbcl1_l
_o__ismbcl2
_o__ismbcl2_l
_o__ismbclegal
_o__ismbclegal_l
_o__ismbclower
_o__ismbclower_l
_o__ismbcprint
_o__ismbcprint_l
_o__ismbcpunct
_o__ismbcpunct_l
_o__ismbcspace
_o__ismbcspace_l
_o__ismbcsymbol
_o__ismbcsymbol_l
_o__ismbcupper
_o__ismbcupper_l
_o__ismbslead
_o__ismbslead_l
_o__ismbstrail
_o__ismbstrail_l
_o__iswctype_l
_o__itoa
_o__itoa_s
_o__itow
_o__itow_s
_o__j0
_o__j1
_o__jn
_o__kbhit
_o__ld_int
_o__ldclass
_o__ldexp
_o__ldlog
_o__ldpcomp
_o__ldpoly
_o__ldscale
_o__ldsign
_o__ldsin
_o__ldtest
_o__ldunscale
_o__lfind
_o__lfind_s
_o__libm_sse2_acos_precise
_o__libm_sse2_asin_precise
_o__libm_sse2_atan_precise
_o__libm_sse2_cos_precise
_o__libm_sse2_exp_precise
_o__libm_sse2_log10_precise
_o__libm_sse2_log_precise
_o__libm_sse2_pow_precise
_o__libm_sse2_sin_precise
_o__libm_sse2_sqrt_precise
_o__libm_sse2_tan_precise
_o__loaddll
_o__localtime32
_o__localtime32_s
_o__localtime64
_o__localtime64_s
_o__lock_file
_o__locking
_o__logb
_o__lsearch
_o__lsearch_s
_o__lseek
_o__lseeki64
_o__ltoa
_o__ltoa_s
_o__ltow
_o__ltow_s
_o__makepath
_o__makepath_s
_o__malloc_base
_o__mbbtombc
_o__mbbtombc_l
_o__mbbtype
_o__mbbtype_l
_o__mbccpy
_o__mbccpy_l
_o__mbccpy_s
_o__mbccpy_s_l
_o__mbcjistojms
_o__mbcjistojms_l
_o__mbcjmstojis
_o__mbcjmstojis_l
_o__mbclen
_o__mbclen_l
_o__mbctohira
_o__mbctohira_l
_o__mbctokata
_o__mbctokata_l
_o__mbctolower
_o__mbctolower_l
_o__mbctombb
_o__mbctombb_l
_o__mbctoupper
_o__mbctoupper_l

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-crt-process-l1-1-0.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:88:15:52:51:cf:17:37:7b:55:00:00:00:00:00:88
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7AFA-E41C-E142,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:b3:3a:4f:3b:87:09:21:0f:75:cc:b8:8b:e4:e8:e6:ce:c3:97:5e:3e:40:2d:cf:6e:59:f1:45:3c:ef:26:bb
Signer

Actual PE Digest

6a:b3:3a:4f:3b:87:09:21:0f:75:cc:b8:8b:e4:e8:e6:ce:c3:97:5e:3e:40:2d:cf:6e:59:f1:45:3c:ef:26:bb

Digest Algorithm

sha256

PE Digest Matches

true

41:f6:95:9d:9e:0e:45:9d:16:55:6f:f8:34:72:25:df:61:65:e1:e8
Signer

Actual PE Digest

41:f6:95:9d:9e:0e:45:9d:16:55:6f:f8:34:72:25:df:61:65:e1:e8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-process-l1-1-0.pdb

Exports

Exports

_beep
_cwait
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_loaddll
_spawnl
_spawnle
_spawnlp
_spawnlpe
_spawnv
_spawnve
_spawnvp
_spawnvpe
_unloaddll
_wexecl
_wexecle
_wexeclp
_wexeclpe
_wexecv
_wexecve
_wexecvp
_wexecvpe
_wspawnl
_wspawnle
_wspawnlp
_wspawnlpe
_wspawnv
_wspawnve
_wspawnvp
_wspawnvpe

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-crt-runtime-l1-1-0.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:8d:40:3b:3c:2f:ad:c6:7b:b8:00:00:00:00:00:8d
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

06/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:148C-C4B9-2066,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a1:50:0f:eb:36:fe:d4:96:65:83:34:4b:e6:25:f0:27:52:0e:fc:fd:30:d9:e0:32:bf:58:23:79:ad:35:cb:54
Signer

Actual PE Digest

a1:50:0f:eb:36:fe:d4:96:65:83:34:4b:e6:25:f0:27:52:0e:fc:fd:30:d9:e0:32:bf:58:23:79:ad:35:cb:54

Digest Algorithm

sha256

PE Digest Matches

true

3a:65:5c:a4:45:13:03:9d:38:04:82:b5:76:d6:69:5d:86:c8:74:ea
Signer

Actual PE Digest

3a:65:5c:a4:45:13:03:9d:38:04:82:b5:76:d6:69:5d:86:c8:74:ea

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-runtime-l1-1-0.pdb

Exports

Exports

_Exit
__control87_2
__doserrno
__fpe_flt_rounds
__fpecode
__p___argc
__p___argv
__p___wargv
__p__acmdln
__p__pgmptr
__p__wcmdln
__p__wpgmptr
__pxcptinfoptrs
__sys_errlist
__sys_nerr
__threadhandle
__threadid
__wcserror
__wcserror_s
_assert
_beginthread
_beginthreadex
_c_exit
_cexit
_clearfp
_configure_narrow_argv
_configure_wide_argv
_control87
_controlfp
_controlfp_s
_crt_at_quick_exit
_crt_atexit
_crt_debugger_hook
_endthread
_endthreadex
_errno
_execute_onexit_table
_exit
_fpieee_flt
_fpreset
_get_doserrno
_get_errno
_get_initial_narrow_environment
_get_initial_wide_environment
_get_invalid_parameter_handler
_get_narrow_winmain_command_line
_get_pgmptr
_get_terminate
_get_thread_local_invalid_parameter_handler
_get_wide_winmain_command_line
_get_wpgmptr
_getdllprocaddr
_getpid
_initialize_narrow_environment
_initialize_onexit_table
_initialize_wide_environment
_initterm
_initterm_e
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
_invoke_watson
_query_app_type
_register_onexit_function
_register_thread_local_exe_atexit_callback
_resetstkoflw
_seh_filter_dll
_seh_filter_exe
_set_abort_behavior
_set_app_type
_set_controlfp
_set_doserrno
_set_errno
_set_error_mode
_set_invalid_parameter_handler
_set_new_handler
_set_thread_local_invalid_parameter_handler
_seterrormode
_sleep
_statusfp
_statusfp2
_strerror
_strerror_s
_wassert
_wcserror
_wcserror_s
_wperror
_wsystem
abort
exit
feclearexcept
fegetenv
fegetexceptflag
fegetround
feholdexcept
fesetenv
fesetexceptflag
fesetround
fetestexcept
perror
quick_exit
raise
set_terminate
signal
strerror
strerror_s
system
terminate

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-crt-stdio-l1-1-0.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:8c:ff:f2:e5:18:1e:16:21:22:00:00:00:00:00:8c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:5847-F761-4F70,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c5:15:4c:73:91:5d:7b:b4:ba:96:39:1a:93:47:1e:29:8d:5c:18:08:ee:0c:40:80:c5:a6:13:46:c7:e0:7c:d4
Signer

Actual PE Digest

c5:15:4c:73:91:5d:7b:b4:ba:96:39:1a:93:47:1e:29:8d:5c:18:08:ee:0c:40:80:c5:a6:13:46:c7:e0:7c:d4

Digest Algorithm

sha256

PE Digest Matches

true

4b:3f:52:44:c4:37:b1:28:12:08:06:07:b9:17:0e:2b:72:51:57:44
Signer

Actual PE Digest

4b:3f:52:44:c4:37:b1:28:12:08:06:07:b9:17:0e:2b:72:51:57:44

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-stdio-l1-1-0.pdb

Exports

Exports

__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfprintf_p
__stdio_common_vfprintf_s
__stdio_common_vfscanf
__stdio_common_vfwprintf
__stdio_common_vfwprintf_p
__stdio_common_vfwprintf_s
__stdio_common_vfwscanf
__stdio_common_vsnprintf_s
__stdio_common_vsnwprintf_s
__stdio_common_vsprintf
__stdio_common_vsprintf_p
__stdio_common_vsprintf_s
__stdio_common_vsscanf
__stdio_common_vswprintf
__stdio_common_vswprintf_p
__stdio_common_vswprintf_s
__stdio_common_vswscanf
_chsize
_chsize_s
_close
_commit
_creat
_dup
_dup2
_eof
_fclose_nolock
_fcloseall
_fflush_nolock
_fgetc_nolock
_fgetchar
_fgetwc_nolock
_fgetwchar
_filelength
_filelengthi64
_fileno
_flushall
_fputc_nolock
_fputchar
_fputwc_nolock
_fputwchar
_fread_nolock
_fread_nolock_s
_fseek_nolock
_fseeki64
_fseeki64_nolock
_fsopen
_ftell_nolock
_ftelli64
_ftelli64_nolock
_fwrite_nolock
_get_fmode
_get_osfhandle
_get_printf_count_output
_get_stream_buffer_pointers
_getc_nolock
_getcwd
_getdcwd
_getmaxstdio
_getw
_getwc_nolock
_getws
_getws_s
_isatty
_kbhit
_locking
_lseek
_lseeki64
_mktemp
_mktemp_s
_open
_open_osfhandle
_pclose
_pipe
_popen
_putc_nolock
_putw
_putwc_nolock
_putws
_read
_rmtmp
_set_fmode
_set_printf_count_output
_setmaxstdio
_setmode
_sopen
_sopen_dispatch
_sopen_s
_tell
_telli64
_tempnam
_ungetc_nolock
_ungetwc_nolock
_wcreat
_wfdopen
_wfopen
_wfopen_s
_wfreopen
_wfreopen_s
_wfsopen
_wmktemp
_wmktemp_s
_wopen
_wpopen
_write
_wsopen
_wsopen_dispatch
_wsopen_s
_wtempnam
_wtmpnam
_wtmpnam_s
clearerr
clearerr_s
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fgetwc
fgetws
fopen
fopen_s
fputc
fputs
fputwc
fputws
fread
fread_s
freopen
freopen_s
fseek
fsetpos
ftell
fwrite
getc
getchar
gets
gets_s
getwc
getwchar
putc
putchar
puts
putwc
putwchar
rewind
setbuf
setvbuf
tmpfile
tmpfile_s
tmpnam
tmpnam_s
ungetc
ungetwc

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-crt-string-l1-1-0.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:8e:a8:19:d7:3f:36:8b:7a:40:00:00:00:00:00:8e
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:e2:a8:3e:58:f6:9f:19:61:ec:d6:7c:63:b0:a3:42:80:c7:35:c5:38:6f:42:4c:f1:76:26:4a:bf:e7:63:ca
Signer

Actual PE Digest

79:e2:a8:3e:58:f6:9f:19:61:ec:d6:7c:63:b0:a3:42:80:c7:35:c5:38:6f:42:4c:f1:76:26:4a:bf:e7:63:ca

Digest Algorithm

sha256

PE Digest Matches

true

20:2f:5d:e8:9b:76:2d:69:7f:ef:96:02:b9:7f:23:12:1a:b0:ce:29
Signer

Actual PE Digest

20:2f:5d:e8:9b:76:2d:69:7f:ef:96:02:b9:7f:23:12:1a:b0:ce:29

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-string-l1-1-0.pdb

Exports

Exports

__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__strncnt
__wcsncnt
_isalnum_l
_isalpha_l
_isblank_l
_iscntrl_l
_isctype
_isctype_l
_isdigit_l
_isgraph_l
_isleadbyte_l
_islower_l
_isprint_l
_ispunct_l
_isspace_l
_isupper_l
_iswalnum_l
_iswalpha_l
_iswblank_l
_iswcntrl_l
_iswcsym_l
_iswcsymf_l
_iswctype_l
_iswdigit_l
_iswgraph_l
_iswlower_l
_iswprint_l
_iswpunct_l
_iswspace_l
_iswupper_l
_iswxdigit_l
_isxdigit_l
_memccpy
_memicmp
_memicmp_l
_strcoll_l
_strdup
_stricmp
_stricmp_l
_stricoll
_stricoll_l
_strlwr
_strlwr_l
_strlwr_s
_strlwr_s_l
_strncoll
_strncoll_l
_strnicmp
_strnicmp_l
_strnicoll
_strnicoll_l
_strnset
_strnset_s
_strrev
_strset
_strset_s
_strupr
_strupr_l
_strupr_s
_strupr_s_l
_strxfrm_l
_tolower
_tolower_l
_toupper
_toupper_l
_towlower_l
_towupper_l
_wcscoll_l
_wcsdup
_wcsicmp
_wcsicmp_l
_wcsicoll
_wcsicoll_l
_wcslwr
_wcslwr_l
_wcslwr_s
_wcslwr_s_l
_wcsncoll
_wcsncoll_l
_wcsnicmp
_wcsnicmp_l
_wcsnicoll
_wcsnicoll_l
_wcsnset
_wcsnset_s
_wcsrev
_wcsset
_wcsset_s
_wcsupr
_wcsupr_l
_wcsupr_s
_wcsupr_s_l
_wcsxfrm_l
_wctype
is_wctype
isalnum
isalpha
isblank
iscntrl
isdigit
isgraph
isleadbyte
islower
isprint
ispunct
isspace
isupper
iswalnum
iswalpha
iswascii
iswblank
iswcntrl
iswctype
iswdigit
iswgraph
iswlower
iswprint
iswpunct
iswspace
iswupper
iswxdigit
isxdigit
mblen
mbrlen
memcpy_s
memmove_s
memset
strcat
strcat_s
strcmp
strcoll
strcpy
strcpy_s
strcspn
strlen
strncat
strncat_s
strncmp
strncpy
strncpy_s
strnlen
strpbrk
strspn
strtok
strtok_s
strxfrm
tolower
toupper
towctrans
towlower
towupper
wcscat
wcscat_s
wcscmp
wcscoll
wcscpy
wcscpy_s
wcscspn
wcslen
wcsncat
wcsncat_s
wcsncmp
wcsncpy
wcsncpy_s
wcsnlen
wcspbrk
wcsspn
wcstok
wcstok_s
wcsxfrm
wctype
wmemcpy_s
wmemmove_s

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-crt-time-l1-1-0.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:88:15:52:51:cf:17:37:7b:55:00:00:00:00:00:88
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7AFA-E41C-E142,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

57:67:d4:d9:13:9d:eb:b8:56:db:26:60:5d:eb:6d:03:30:5e:56:d0:d0:20:11:db:07:0d:ef:6e:d7:fe:71:2f
Signer

Actual PE Digest

57:67:d4:d9:13:9d:eb:b8:56:db:26:60:5d:eb:6d:03:30:5e:56:d0:d0:20:11:db:07:0d:ef:6e:d7:fe:71:2f

Digest Algorithm

sha256

PE Digest Matches

true

62:50:f5:b8:1f:4c:fe:29:42:25:ec:db:f1:cf:00:07:14:0c:1f:dd
Signer

Actual PE Digest

62:50:f5:b8:1f:4c:fe:29:42:25:ec:db:f1:cf:00:07:14:0c:1f:dd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-time-l1-1-0.pdb

Exports

Exports

_Getdays
_Getmonths
_Gettnames
_Strftime
_W_Getdays
_W_Getmonths
_W_Gettnames
_Wcsftime
__daylight
__dstbias
__timezone
__tzname
_ctime32
_ctime32_s
_ctime64
_ctime64_s
_difftime32
_difftime64
_ftime32
_ftime32_s
_ftime64
_ftime64_s
_futime32
_futime64
_get_daylight
_get_dstbias
_get_timezone
_get_tzname
_getsystime
_gmtime32
_gmtime32_s
_gmtime64
_gmtime64_s
_localtime32
_localtime32_s
_localtime64
_localtime64_s
_mkgmtime32
_mkgmtime64
_mktime32
_mktime64
_setsystime
_strdate
_strdate_s
_strftime_l
_strtime
_strtime_s
_time32
_time64
_timespec32_get
_timespec64_get
_tzset
_utime32
_utime64
_wasctime
_wasctime_s
_wcsftime_l
_wctime32
_wctime32_s
_wctime64
_wctime64_s
_wstrdate
_wstrdate_s
_wstrtime
_wstrtime_s
_wutime32
_wutime64
asctime
asctime_s
clock
strftime
wcsftime

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/api-ms-win-crt-utility-l1-1-0.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:8c:ff:f2:e5:18:1e:16:21:22:00:00:00:00:00:8c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:5847-F761-4F70,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:05:ef:65:e5:0e:63:0e:6a:0f:fd:aa:ad:ef:11:de:1a:68:07:c7:58:c1:41:b0:9f:f6:5b:ef:a6:80:70:dd
Signer

Actual PE Digest

1b:05:ef:65:e5:0e:63:0e:6a:0f:fd:aa:ad:ef:11:de:1a:68:07:c7:58:c1:41:b0:9f:f6:5b:ef:a6:80:70:dd

Digest Algorithm

sha256

PE Digest Matches

true

f6:00:db:34:fb:29:84:a3:27:92:fb:ca:4e:d5:9d:9e:06:16:ff:6d
Signer

Actual PE Digest

f6:00:db:34:fb:29:84:a3:27:92:fb:ca:4e:d5:9d:9e:06:16:ff:6d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-utility-l1-1-0.pdb

Exports

Exports

_abs64
_byteswap_uint64
_byteswap_ulong
_byteswap_ushort
_lfind
_lfind_s
_lrotl
_lrotr
_lsearch
_lsearch_s
_rotl
_rotl64
_rotr
_rotr64
_swab
abs
bsearch
bsearch_s
div
imaxabs
imaxdiv
labs
ldiv
llabs
lldiv
qsort
qsort_s
rand
rand_s
srand

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
styles/qwindowsvistastyle.dll
.dll windows:6 windows x64 arch:x64

6006470fe3311c5f7f65c47787351964

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:0e:2f:8f:9e:1b:8b:e5:18:d5:fe:2b:69:cf:cc:b1
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

09/03/2023, 00:00

Not After

11/03/2025, 23:59

Subject

CN=Oracle America\, Inc.,O=Oracle America\, Inc.,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d2:14:23:24:b3:74:55:38:23:8b:f8:3d:91:a0:1f:5f:6c:2b:8c:e7:de:5b:63:b1:16:14:f2:c8:46:8a:65:42
Signer

Actual PE Digest

d2:14:23:24:b3:74:55:38:23:8b:f8:3d:91:a0:1f:5f:6c:2b:8c:e7:de:5b:63:b1:16:14:f2:c8:46:8a:65:42

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

r:\tinderbox\win-qt-5.15\out\qtbase\plugins\styles\qwindowsvistastyle.pdb

Imports

qt5widgetsvbox

?qt_metacast@QWindowsStyle@@UEAAPEAXPEBD@Z
?staticMetaObject@QWindowsStyle@@2UQMetaObject@@B
?qt_metacall@QBlendStyleAnimation@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@QBlendStyleAnimation@@UEAAPEAXPEBD@Z
?staticMetaObject@QBlendStyleAnimation@@2UQMetaObject@@B
?staticMetaObject@QLabel@@2UQMetaObject@@B
?staticMetaObject@QSpinBox@@2UQMetaObject@@B
?staticMetaObject@QHeaderView@@2UQMetaObject@@B
?staticMetaObject@QScrollBar@@2UQMetaObject@@B
?staticMetaObject@QComboBox@@2UQMetaObject@@B
?qt_metacall@QWindowsStyle@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?staticMetaObject@QAbstractButton@@2UQMetaObject@@B
?staticMetaObject@QRubberBand@@2UQMetaObject@@B
?staticMetaObject@QTabWidget@@2UQMetaObject@@B
?staticMetaObject@QTabBar@@2UQMetaObject@@B
?staticMetaObject@QSlider@@2UQMetaObject@@B
?staticMetaObject@QAbstractSpinBox@@2UQMetaObject@@B
?drawDial@QStyleHelper@@YAXPEBVQStyleOptionSlider@@PEAVQPainter@@@Z
?dpiScaled@QStyleHelper@@YANNN@Z
?dpi@QStyleHelper@@YANPEBVQStyleOption@@@Z
?getHWNDForWidget@QApplicationPrivate@@SAPEAUHWND__@@PEBVQWidget@@@Z
?staticMetaObject@QToolButton@@2UQMetaObject@@B
?globalStrut@QApplication@@SA?AVQSize@@XZ
?isDarkMode@QWindowsStylePrivate@@SA_NXZ
??1QStyleOptionToolButton@@QEAA@XZ
??0QStyleOptionToolButton@@QEAA@AEBV0@@Z
??1QStyleOptionTab@@QEAA@XZ
??0QStyleOptionTab@@QEAA@XZ
??0QStyleOptionButton@@QEAA@XZ
??0QStyleOptionTabWidgetFrame@@QEAA@AEBV0@@Z
?documentMode@QTabWidget@@QEBA_NXZ
?testAttribute_helper@QWidget@@AEBA_NW4WidgetAttribute@Qt@@@Z
?backingStore@QWidget@@QEBAPEAVQBackingStore@@XZ
?windowType@QWidget@@QEBA?AW4WindowType@Qt@@XZ
?parentWidget@QWidget@@QEBAPEAV1@XZ
?setWindowOpacity@QWidget@@QEAAXN@Z
?palette@QWidget@@QEBAAEBVQPalette@@XZ
?nativeParentWidget@QWidget@@QEBAPEAV1@XZ
?window@QWidget@@QEBAPEAV1@XZ
?rect@QWidget@@QEBA?AVQRect@@XZ
?isEnabled@QWidget@@QEBA_NXZ
?isWindow@QWidget@@QEBA_NXZ
?isTopLevel@QWidget@@QEBA_NXZ
??0QWindowsStyle@@IEAA@AEAVQWindowsStylePrivate@@@Z
?styleHint@QWindowsStyle@@UEBAHW4StyleHint@QStyle@@PEBVQStyleOption@@PEBVQWidget@@PEAVQStyleHintReturn@@@Z
?unpolish@QWindowsStyle@@UEAAXPEAVQWidget@@@Z
?polish@QWindowsStyle@@UEAAXPEAVQWidget@@@Z
?unpolish@QWindowsStyle@@UEAAXPEAVQApplication@@@Z
?polish@QWindowsStyle@@UEAAXPEAVQApplication@@@Z
??1QWindowsStyle@@UEAA@XZ
?sliderPositionFromValue@QStyle@@SAHHHHH_N@Z
?standardPalette@QStyle@@UEBA?AVQPalette@@XZ
?staticMetaObject@QCommandLinkButton@@2UQMetaObject@@B
?staticMetaObject@QTableView@@2UQMetaObject@@B
?staticMetaObject@QInputDialog@@2UQMetaObject@@B
?staticMetaObject@QDialogButtonBox@@2UQMetaObject@@B
?staticMetaObject@QMessageBox@@2UQMetaObject@@B
?staticMetaObject@QTreeView@@2UQMetaObject@@B
?staticMetaObject@QListView@@2UQMetaObject@@B
?staticMetaObject@QAbstractItemView@@2UQMetaObject@@B
?staticMetaObject@QDockWidget@@2UQMetaObject@@B
?staticMetaObject@QGroupBox@@2UQMetaObject@@B
?staticMetaObject@QLineEdit@@2UQMetaObject@@B
?staticMetaObject@QProgressStyleAnimation@@2UQMetaObject@@B
?updateCurrentTime@QStyleAnimation@@MEAAXH@Z
?updateCurrentTime@QBlendStyleAnimation@@MEAAXH@Z
?tabLayout@QCommonStylePrivate@@UEBAXPEBVQStyleOptionTab@@PEBVQWidget@@PEAVQRect@@2@Z
?qt_metacast@QProgressStyleAnimation@@UEAAPEAXPEBD@Z
?qt_metacall@QProgressStyleAnimation@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?metaObject@QProgressStyleAnimation@@UEBAPEBUQMetaObject@@XZ
?layoutSpacing@QCommonStyle@@UEBAHW4ControlType@QSizePolicy@@0W4Orientation@Qt@@PEBVQStyleOption@@PEBVQWidget@@@Z
?itemTextRect@QStyle@@UEBA?AVQRect@@AEBVQFontMetrics@@AEBV2@H_NAEBVQString@@@Z
?itemPixmapRect@QStyle@@UEBA?AVQRect@@AEBV2@HAEBVQPixmap@@@Z
?isUpdateNeeded@QProgressStyleAnimation@@MEBA_NXZ
?generatedIconPixmap@QCommonStyle@@UEBA?AVQPixmap@@W4Mode@QIcon@@AEBV2@PEBVQStyleOption@@@Z
?eventFilter@QWindowsStyle@@MEAA_NPEAVQObject@@PEAVQEvent@@@Z
?duration@QStyleAnimation@@UEBAHXZ
?drawItemText@QStyle@@UEBAXPEAVQPainter@@AEBVQRect@@HAEBVQPalette@@_NAEBVQString@@W4ColorRole@4@@Z
?drawItemPixmap@QStyle@@UEBAXPEAVQPainter@@AEBVQRect@@HAEBVQPixmap@@@Z
?hasAncestor@QStyleHelper@@YA_NPEAVQObject@@W4Role@QAccessible@@@Z
?isInstanceOf@QStyleHelper@@YA_NPEAVQObject@@W4Role@QAccessible@@@Z
?dpiScaled@QStyleHelper@@YANNPEBVQStyleOption@@@Z
?selectionBehavior@QAbstractItemView@@QEBA?AW4SelectionBehavior@1@XZ
?selectionMode@QAbstractItemView@@QEBA?AW4SelectionMode@1@XZ
?viewport@QAbstractScrollArea@@QEBAPEAVQWidget@@XZ
?isFloating@QDockWidget@@QEBA_NXZ
?windowIcon@QApplication@@SA?AVQIcon@@XZ
?font@QApplication@@SA?AVQFont@@PEBD@Z
??1QWindowsStylePrivate@@UEAA@XZ
?nativeMetricScaleFactor@QWindowsStylePrivate@@SANPEBVQWidget@@@Z
??0QWindowsStylePrivate@@QEAA@XZ
?stopAnimation@QCommonStylePrivate@@QEBAXPEBVQObject@@@Z
?startAnimation@QCommonStylePrivate@@QEBAXPEAVQStyleAnimation@@@Z
?animation@QCommonStylePrivate@@QEBAPEAVQStyleAnimation@@PEBVQObject@@@Z
??1QStyleOptionGroupBox@@QEAA@XZ
??0QStyleOptionGroupBox@@QEAA@AEBV0@@Z
??1QStyleOptionComboBox@@QEAA@XZ
??0QStyleOptionComboBox@@QEAA@AEBV0@@Z
??0QStyleOptionSpinBox@@QEAA@AEBV0@@Z
??4QStyleOptionSlider@@QEAAAEAV0@AEBV0@@Z
??0QStyleOptionComplex@@QEAA@HH@Z
??1QStyleOptionViewItem@@QEAA@XZ
??0QStyleOptionViewItem@@QEAA@AEBV0@@Z
??1QStyleOptionMenuItem@@QEAA@XZ
??0QStyleOptionMenuItem@@QEAA@AEBV0@@Z
??0QStyleOptionToolBar@@QEAA@AEBV0@@Z
??1QStyleOptionButton@@QEAA@XZ
??0QStyleOptionButton@@QEAA@AEBV0@@Z
??0QStyleOptionFocusRect@@QEAA@XZ
??4QStyleOption@@QEAAAEAV0@AEBV0@@Z
??1QStyleOption@@QEAA@XZ
??0QStyleOption@@QEAA@AEBV0@@Z
?setAttribute@QWidget@@QEAAXW4WidgetAttribute@Qt@@_N@Z
?setContentsMargins@QWidget@@QEAAXHHHH@Z
?isActiveWindow@QWidget@@QEBA_NXZ
?windowIcon@QWidget@@QEBA?AVQIcon@@XZ
?setFont@QWidget@@QEAAXAEBVQFont@@@Z
?setPalette@QWidget@@QEAAXAEBVQPalette@@@Z
??1QBlendStyleAnimation@@UEAA@XZ
?currentImage@QBlendStyleAnimation@@QEBA?AVQImage@@XZ
?setEndImage@QBlendStyleAnimation@@QEAAXAEBVQImage@@@Z
?setStartImage@QBlendStyleAnimation@@QEAAXAEBVQImage@@@Z
??0QBlendStyleAnimation@@QEAA@W4Type@0@PEAVQObject@@@Z
??0QProgressStyleAnimation@@QEAA@HPEAVQObject@@@Z
?setStartTime@QStyleAnimation@@QEAAXAEBVQTime@@@Z
?startTime@QStyleAnimation@@QEBA?AVQTime@@XZ
?setDuration@QStyleAnimation@@QEAAXH@Z
??1QStyleAnimation@@UEAA@XZ
?standardIcon@QWindowsStyle@@UEBA?AVQIcon@@W4StandardPixmap@QStyle@@PEBVQStyleOption@@PEBVQWidget@@@Z
?standardPixmap@QWindowsStyle@@UEBA?AVQPixmap@@W4StandardPixmap@QStyle@@PEBVQStyleOption@@PEBVQWidget@@@Z
?pixelMetric@QWindowsStyle@@UEBAHW4PixelMetric@QStyle@@PEBVQStyleOption@@PEBVQWidget@@@Z
?sizeFromContents@QWindowsStyle@@UEBA?AVQSize@@W4ContentsType@QStyle@@PEBVQStyleOption@@AEBV2@PEBVQWidget@@@Z
?drawComplexControl@QWindowsStyle@@UEBAXW4ComplexControl@QStyle@@PEBVQStyleOptionComplex@@PEAVQPainter@@PEBVQWidget@@@Z
?subElementRect@QWindowsStyle@@UEBA?AVQRect@@W4SubElement@QStyle@@PEBVQStyleOption@@PEBVQWidget@@@Z
?drawControl@QWindowsStyle@@UEBAXW4ControlElement@QStyle@@PEBVQStyleOption@@PEAVQPainter@@PEBVQWidget@@@Z
?drawPrimitive@QWindowsStyle@@UEBAXW4PrimitiveElement@QStyle@@PEBVQStyleOption@@PEAVQPainter@@PEBVQWidget@@@Z
?polish@QWindowsStyle@@UEAAXAEAVQPalette@@@Z
?subControlRect@QCommonStyle@@UEBA?AVQRect@@W4ComplexControl@QStyle@@PEBVQStyleOptionComplex@@W4SubControl@4@PEBVQWidget@@@Z
?hitTestComplexControl@QCommonStyle@@UEBA?AW4SubControl@QStyle@@W4ComplexControl@3@PEBVQStyleOptionComplex@@AEBVQPoint@@PEBVQWidget@@@Z
?subElementRect@QCommonStyle@@UEBA?AVQRect@@W4SubElement@QStyle@@PEBVQStyleOption@@PEBVQWidget@@@Z
?drawControl@QCommonStyle@@UEBAXW4ControlElement@QStyle@@PEBVQStyleOption@@PEAVQPainter@@PEBVQWidget@@@Z
?proxy@QStyle@@QEBAPEBV1@XZ
?visualPos@QStyle@@SA?AVQPoint@@W4LayoutDirection@Qt@@AEBVQRect@@AEBV2@@Z
?visualRect@QStyle@@SA?AVQRect@@W4LayoutDirection@Qt@@AEBV2@1@Z
??1QStylePlugin@@UEAA@XZ
??0QStylePlugin@@QEAA@PEAVQObject@@@Z
?qt_metacall@QStylePlugin@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@QStylePlugin@@UEAAPEAXPEBD@Z
?staticMetaObject@QStylePlugin@@2UQMetaObject@@B

qt5guivbox

?paintDevice@QBackingStore@@QEAAPEAVQPaintDevice@@XZ
?handle@QWindow@@QEBAPEAVQPlatformWindow@@XZ
?type@QWindow@@QEBA?AW4WindowType@Qt@@XZ
?isTopLevel@QWindow@@QEBA_NXZ
?winId@QWindow@@QEBA_KXZ
?systemClip@QPaintEngine@@QEBA?AVQRegion@@XZ
?paintDevice@QPaintEngine@@QEBAPEAVQPaintDevice@@XZ
?paintEngine@QPainter@@QEBAPEAVQPaintEngine@@XZ
?eraseRect@QPainter@@QEAAXAEBVQRectF@@@Z
?drawImage@QPainter@@QEAAXAEBVQRectF@@AEBVQImage@@0V?$QFlags@W4ImageConversionFlag@Qt@@@@@Z
?size@QBackingStore@@QEBA?AVQSize@@XZ
?drawPoints@QPainter@@QEAAXPEBVQPoint@@H@Z
?translate@QPainter@@QEAAXAEBVQPoint@@@Z
?deviceTransform@QPainter@@QEBAAEBVQTransform@@XZ
?hasClipping@QPainter@@QEBA_NXZ
?setClipping@QPainter@@QEAAX_N@Z
?clipRegion@QPainter@@QEBA?AVQRegion@@XZ
?opacity@QPainter@@QEBANXZ
?setBackground@QPainter@@QEAAXAEBVQBrush@@@Z
?setBrush@QPainter@@QEAAXW4BrushStyle@Qt@@@Z
?font@QPainter@@QEBAAEBVQFont@@XZ
?drawRects@QPainter@@QEAAXPEBVQRectF@@H@Z
?devicePixelRatioF@QPaintDevice@@QEBANXZ
??0QColor@@QEAA@W4GlobalColor@Qt@@@Z
??0QColor@@QEAA@HHHH@Z
??0QColor@@QEAA@I@Z
?rgba@QColor@@QEBAIXZ
?fromRgb@QColor@@SA?AV1@I@Z
?darker@QColor@@QEBA?AV1@H@Z
??9QColor@@QEBA_NAEBV0@@Z
??0QRegion@@QEAA@AEBVQRect@@W4RegionType@0@@Z
??1QRegion@@QEAA@XZ
??4QRegion@@QEAAAEAV0@$$QEAV0@@Z
??ZQRegion@@QEAAAEAV0@AEBV0@@Z
??_6QRegion@@QEAAAEAV0@AEBV0@@Z
??0QImage@@QEAA@AEBVQSize@@W4Format@0@@Z
??1QImage@@UEAA@XZ
?width@QImage@@QEBAHXZ
?height@QImage@@QEBAHXZ
?rect@QImage@@QEBA?AVQRect@@XZ
?setDevicePixelRatio@QImage@@QEAAXN@Z
?fill@QImage@@QEAAXI@Z
?fill@QImage@@QEAAXW4GlobalColor@Qt@@@Z
??0QPixmap@@QEAA@XZ
??0QPixmap@@QEAA@AEBVQSize@@@Z
??1QPixmap@@UEAA@XZ
??4QPixmap@@QEAAAEAV0@$$QEAV0@@Z
?isNull@QPixmap@@QEBA_NXZ
?width@QPixmap@@QEBAHXZ
?height@QPixmap@@QEBAHXZ
?fill@QPixmap@@QEAAXAEBVQColor@@@Z
?devicePixelRatio@QPixmap@@QEBANXZ
?fromImage@QPixmap@@SA?AV1@AEBVQImage@@V?$QFlags@W4ImageConversionFlag@Qt@@@@@Z
??0QIcon@@QEAA@XZ
??1QIcon@@QEAA@XZ
?pixmap@QIcon@@QEBA?AVQPixmap@@AEBVQSize@@W4Mode@1@W4State@1@@Z
?actualSize@QIcon@@QEBA?AVQSize@@AEBV2@W4Mode@1@W4State@1@@Z
?isNull@QIcon@@QEBA_NXZ
?cacheKey@QIcon@@QEBA_JXZ
?addPixmap@QIcon@@QEAAXAEBVQPixmap@@W4Mode@1@W4State@1@@Z
??0QBrush@@QEAA@AEBVQColor@@W4BrushStyle@Qt@@@Z
??0QBrush@@QEAA@AEBV0@@Z
??0QBrush@@QEAA@AEBVQGradient@@@Z
??1QBrush@@QEAA@XZ
??4QBrush@@QEAAAEAV0@$$QEAV0@@Z
?style@QBrush@@QEBA?AW4BrushStyle@Qt@@XZ
?color@QBrush@@QEBAAEBVQColor@@XZ
?setColorAt@QGradient@@QEAAXNAEBVQColor@@@Z
??0QLinearGradient@@QEAA@NNNN@Z
??1QLinearGradient@@QEAA@XZ
??0QPalette@@QEAA@XZ
??0QPalette@@QEAA@AEBV0@@Z
??1QPalette@@QEAA@XZ
??4QPalette@@QEAAAEAV0@AEBV0@@Z
?color@QPalette@@QEBAAEBVQColor@@W4ColorGroup@1@W4ColorRole@1@@Z
?brush@QPalette@@QEBAAEBVQBrush@@W4ColorGroup@1@W4ColorRole@1@@Z
?setBrush@QPalette@@QEAAXW4ColorGroup@1@W4ColorRole@1@AEBVQBrush@@@Z
?color@QPalette@@QEBAAEBVQColor@@W4ColorRole@1@@Z
?devicePixelRatio@QGuiApplication@@QEBANXZ
??0QFont@@QEAA@AEBV0@@Z
??1QFont@@QEAA@XZ
?family@QFont@@QEBA?AVQString@@XZ
?setFamily@QFont@@QEAAXAEBVQString@@@Z
?setWeight@QFont@@QEAAXH@Z
??1QFontMetrics@@QEAA@XZ
?elidedText@QFontMetrics@@QEBA?AVQString@@AEBV2@W4TextElideMode@Qt@@HH@Z
??0QPen@@QEAA@AEBVQBrush@@NW4PenStyle@Qt@@W4PenCapStyle@3@W4PenJoinStyle@3@@Z
??0QPen@@QEAA@AEBV0@@Z
??1QPen@@QEAA@XZ
??0QPainter@@QEAA@PEAVQPaintDevice@@@Z
??1QPainter@@QEAA@XZ
?end@QPainter@@QEAA_NXZ
?setCompositionMode@QPainter@@QEAAXW4CompositionMode@1@@Z
?setFont@QPainter@@QEAAXAEBVQFont@@@Z
?fontMetrics@QPainter@@QEBA?AVQFontMetrics@@XZ
?setPen@QPainter@@QEAAXAEBVQColor@@@Z
?setPen@QPainter@@QEAAXAEBVQPen@@@Z
?pen@QPainter@@QEBAAEBVQPen@@XZ
?setBrush@QPainter@@QEAAXAEBVQBrush@@@Z
?brushOrigin@QPainter@@QEBA?AVQPoint@@XZ
?setBrushOrigin@QPainter@@QEAAXAEBVQPointF@@@Z
?setClipRect@QPainter@@QEAAXAEBVQRect@@W4ClipOperation@Qt@@@Z
?setClipRegion@QPainter@@QEAAXAEBVQRegion@@W4ClipOperation@Qt@@@Z
?save@QPainter@@QEAAXXZ
?restore@QPainter@@QEAAXXZ
?rotate@QPainter@@QEAAXN@Z
?translate@QPainter@@QEAAXAEBVQPointF@@@Z
?drawLines@QPainter@@QEAAXPEBVQLine@@H@Z
?drawRects@QPainter@@QEAAXPEBVQRect@@H@Z
?drawPixmap@QPainter@@QEAAXAEBVQRectF@@AEBVQPixmap@@0@Z
?drawPixmap@QPainter@@QEAAXAEBVQPointF@@AEBVQPixmap@@@Z
?drawPixmap@QPainter@@QEAAXAEBVQRect@@AEBVQPixmap@@@Z
?drawImage@QPainter@@QEAAXAEBVQRect@@AEBVQImage@@@Z
?drawText@QPainter@@QEAAXAEBVQRect@@HAEBVQString@@PEAV2@@Z
?fillRect@QPainter@@QEAAXAEBVQRect@@AEBVQBrush@@@Z
?find@QPixmapCache@@SA_NAEBVQString@@PEAVQPixmap@@@Z
?insert@QPixmapCache@@SA_NAEBVQString@@AEBVQPixmap@@@Z
?isActive@QPainter@@QEBA_NXZ
?green@QColor@@QEBAHXZ
?blue@QColor@@QEBAHXZ
??0QRegion@@QEAA@XZ
??0QRegion@@QEAA@AEBV0@@Z
??0QRegion@@QEAA@$$QEAV0@@Z
??4QRegion@@QEAAAEAV0@AEBV0@@Z
?isEmpty@QRegion@@QEBA_NXZ
?begin@QRegion@@QEBAPEBVQRect@@XZ
?end@QRegion@@QEBAPEBVQRect@@XZ
?translated@QRegion@@QEBA?AV1@HH@Z
?boundingRect@QRegion@@QEBA?AVQRect@@XZ
?rectCount@QRegion@@QEBAHXZ
??HQRegion@@QEBA?BV0@AEBVQRect@@@Z
??_5QRegion@@QEAAAEAV0@AEBV0@@Z
??YQRegion@@QEAAAEAV0@AEBVQRect@@@Z
??_4QRegion@@QEAAAEAV0@AEBV0@@Z
??_4QRegion@@QEAAAEAV0@AEBVQRect@@@Z
??0QTransform@@QEAA@XZ
?type@QTransform@@QEBA?AW4TransformationType@1@XZ
?rotate@QTransform@@QEAAAEAV1@NW4Axis@Qt@@@Z
??0QImage@@QEAA@XZ
??0QImage@@QEAA@PEAEHHW4Format@0@P6AXPEAX@Z2@Z
??4QImage@@QEAAAEAV0@$$QEAV0@@Z
?copy@QImage@@QEBA?AV1@AEBVQRect@@@Z
?scaled@QImage@@QEBA?AV1@AEBVQSize@@W4AspectRatioMode@Qt@@W4TransformationMode@4@@Z
?transformed@QImage@@QEBA?AV1@AEBVQTransform@@W4TransformationMode@Qt@@@Z
?mirrored_helper@QImage@@IEBA?AV1@_N0@Z
??0QPixmap@@QEAA@AEBV0@@Z
?toImage@QPixmap@@QEBA?AVQImage@@XZ
?copy@QPixmap@@QEBA?AV1@AEBVQRect@@@Z
??0QIcon@@QEAA@AEBVQPixmap@@@Z
??0QIcon@@QEAA@AEBV0@@Z
?paint@QIcon@@QEBAXPEAVQPainter@@AEBVQRect@@V?$QFlags@W4AlignmentFlag@Qt@@@@W4Mode@1@W4State@1@@Z
?allWindows@QGuiApplication@@SA?AV?$QList@PEAVQWindow@@@@XZ
?platformNativeInterface@QGuiApplication@@SAPEAVQPlatformNativeInterface@@XZ
?device@QPainter@@QEBAPEAVQPaintDevice@@XZ
?red@QColor@@QEBAHXZ

qt5corevbox

?rehash@QHashData@@QEAAXH@Z
?detach_helper@QHashData@@QEAAPEAU1@P6AXPEAUNode@1@PEAX@ZP6AX0@ZHH@Z
?allocateNode@QHashData@@QEAAPEAXH@Z
?toRect@QRectF@@QEBA?AVQRect@@XZ
?translated@QRectF@@QEBA?AV1@AEBVQPointF@@@Z
??0QRectF@@QEAA@AEBVQPointF@@AEBVQSizeF@@@Z
?translated@QRect@@QEBA?AV1@HH@Z
?dispose@QListData@@SAXPEAUData@1@@Z
?invokeMethod@QMetaObject@@SA_NPEAVQObject@@PEBDW4ConnectionType@Qt@@VQGenericReturnArgument@@VQGenericArgument@@444444444@Z
?toPoint@QPointF@@QEBA?AVQPoint@@XZ
?number@QString@@SA?AV1@NDH@Z
?number@QString@@SA?AV1@HH@Z
?fromWCharArray@QString@@SA?AV1@PEB_WH@Z
?toLocal8Bit@QString@@QEHAA?AVQByteArray@@XZ
?append@QString@@QEAAAEAV1@AEBV1@@Z
?append@QString@@QEAAAEAV1@VQChar@@@Z
??0QString@@QEAA@$$QEAV0@@Z
??0QString@@QEAA@XZ
?constData@QByteArray@@QEBAPEBDXZ
??1QByteArray@@QEAA@XZ
?qErrnoWarning@@YAXPEBDZZ
?warning@QMessageLogger@@QEBAXPEBDZZ
??0QMessageLogger@@QEAA@PEBDH0@Z
?shared_null@QHashData@@2U1@B
?compare@QString@@QEBAHVQLatin1String@@W4CaseSensitivity@Qt@@@Z
?updateState@QAbstractAnimation@@MEAAXW4State@1@0@Z
?updateDirection@QAbstractAnimation@@MEAAXW4Direction@1@@Z
?event@QAbstractAnimation@@MEAA_NPEAVQEvent@@@Z
?currentTime@QTime@@SA?AV1@XZ
?msecsTo@QTime@@QEBAHAEBV1@@Z
?instance@QCoreApplication@@SAPEAV1@XZ
?toRect@QVariant@@QEBA?AVQRect@@XZ
?toBool@QVariant@@QEBA_NXZ
?toInt@QVariant@@QEBAHPEA_N@Z
??0QVariant@@QEAA@AEBVQRect@@@Z
??0QVariant@@QEAA@_N@Z
??0QVariant@@QEAA@H@Z
??1QVariant@@QEAA@XZ
?free_helper@QHashData@@QEAAXP6AXPEAUNode@1@@Z@Z
??0QRectF@@QEAA@AEBVQRect@@@Z
??UQRect@@QEBA?AV0@AEBV0@@Z
?size@QRect@@QEBA?AVQSize@@XZ
?adjusted@QRect@@QEBA?AV1@HHHH@Z
?transposed@QRect@@QEBA?AV1@XZ
?moveCenter@QRect@@QEAAXAEBVQPoint@@@Z
?center@QRect@@QEBA?AVQPoint@@XZ
??0QRect@@QEAA@AEBVQPoint@@AEBVQSize@@@Z
??0QRect@@QEAA@AEBVQPoint@@0@Z
?toSize@QSizeF@@QEBA?AVQSize@@XZ
?inherits@QObject@@QEBA_NPEBD@Z
?property@QObject@@QEBA?AVQVariant@@PEBD@Z
?setProperty@QObject@@QEAA_NPEBDAEBVQVariant@@@Z
?qt_qFindChild_helper@@YAPEAVQObject@@PEBV1@AEBVQString@@AEBUQMetaObject@@V?$QFlags@W4FindChildOption@Qt@@@@@Z
?cast@QMetaObject@@QEBAPEBVQObject@@PEBV2@@Z
?cast@QMetaObject@@QEBAPEAVQObject@@PEAV2@@Z
?fromLatin1@QString@@SA?AV1@PEBDH@Z
?mid@QString@@QEBA?AV1@HH@Z
?left@QString@@QEBA?AV1@H@Z
?indexOf@QString@@QEBAHVQChar@@HW4CaseSensitivity@Qt@@@Z
?arg@QString@@QEBA?AV1@HHHVQChar@@@Z
??4QString@@QEAAAEAV0@$$QEAV0@@Z
??1QString@@QEAA@XZ
??0QString@@QEAA@AEBV0@@Z
??0QString@@QEAA@VQLatin1String@@@Z
??0QChar@@QEAA@UQLatin1Char@@@Z
?compare@QOperatingSystemVersion@@CAHAEBV1@0@Z
?current@QOperatingSystemVersion@@SA?AV1@XZ
?timerEvent@QObject@@MEAAXPEAVQTimerEvent@@@Z
?eventFilter@QObject@@UEAA_NPEAV1@PEAVQEvent@@@Z
?event@QObject@@UEAA_NPEAVQEvent@@@Z
?disconnectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?customEvent@QObject@@MEAAXPEAVQEvent@@@Z
?connectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?childEvent@QObject@@MEAAXPEAVQChildEvent@@@Z
?getAndRef@ExternalRefCountData@QtSharedPointer@@SAPEAU12@PEBVQObject@@@Z
?dynamicMetaObject@QObjectData@@QEBAPEAUQMetaObject@@XZ
?Windows8@QOperatingSystemVersion@@2V1@B

uxtheme

GetCurrentThemeName
IsAppThemed
IsThemeActive
SetWindowTheme
OpenThemeData
IsThemeBackgroundPartiallyTransparent
GetThemeBackgroundRegion
ord47
CloseThemeData
GetThemeTransitionDuration
GetThemePropertyOrigin
GetThemeMargins
GetThemeEnumValue
GetThemeInt
GetThemeColor
GetThemePartSize
GetThemeBool

user32

GetDesktopWindow
GetSysColor
ReleaseDC
GetDC
DestroyWindow
DefWindowProcW
SystemParametersInfoW
GetSystemMetrics

gdi32

GetRegionData
CreateCompatibleDC
GdiFlush
CreateDIBSection
SelectObject
SelectClipRgn
CombineRgn
DeleteObject
DeleteDC
CreateRectRgn

kernel32

lstrcmpW
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead

vcruntime140

wcsrchr
memcpy
memset
__C_specific_handler
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__std_type_info_destroy_list

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_seh_filter_dll
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
_initialize_onexit_table

Exports

Exports

qt_plugin_instance
qt_plugin_query_metadata

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 512B - Virtual size: 109B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vcredist2015_2017_2019_2022_x64.exe
.exe windows:5 windows x86 arch:x86

1a5cdbf711fee14b077e599d13fddab2

Code Sign

33:00:00:03:3e:63:3a:86:bf:41:73:d7:e0:00:00:00:00:03:3e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/02/2023, 20:10

Not After

31/01/2024, 20:10

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ad:6a:d1:8f:ba:07:71:a5:ec:f5:69:52:a1:7d:d5:39:3f:75:0e:a0:5f:29:5c:1e:e7:1e:d4:4b:3b:68:53:fe
Signer

Actual PE Digest

ad:6a:d1:8f:ba:07:71:a5:ec:f5:69:52:a1:7d:d5:39:3f:75:0e:a0:5f:29:5c:1e:e7:1e:d4:4b:3b:68:53:fe

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

C:\agent\_work\8\s\build\ship\x86\burn.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
InitiateSystemShutdownExW
GetUserNameW
RegQueryValueExW
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
DecryptFileW
CreateWellKnownSid
InitializeAcl
SetEntriesInAclW
ChangeServiceConfigW
CloseServiceHandle
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
SetNamedSecurityInfoW
CheckTokenMembership
AllocateAndInitializeSid
SetEntriesInAclA
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
GetTokenInformation
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
QueryServiceConfigW

user32

GetMessageW
PostMessageW
IsWindow
WaitForInputIdle
PostQuitMessage
PeekMessageW
MsgWaitForMultipleObjects
PostThreadMessageW
GetMonitorInfoW
MonitorFromPoint
IsDialogMessageW
LoadCursorW
LoadBitmapW
SetWindowLongW
GetWindowLongW
GetCursorPos
MessageBoxW
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcW
DispatchMessageW
TranslateMessage

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

gdi32

CreateCompatibleDC
DeleteObject
SelectObject
StretchBlt
GetObjectW
DeleteDC

shell32

SHGetFolderPathW
CommandLineToArgvW
ShellExecuteExW

ole32

CoUninitialize
CoInitializeEx
CoInitialize
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoInitializeSecurity
CLSIDFromProgID

kernel32

GetCommandLineA
GetCPInfo
GetOEMCP
CloseHandle
CreateFileW
GetProcAddress
LocalFree
HeapSetInformation
GetLastError
GetModuleHandleW
FormatMessageW
lstrlenA
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
Sleep
GetLocalTime
GetModuleFileNameW
ExpandEnvironmentStringsW
GetTempPathW
GetTempFileNameW
CreateDirectoryW
GetFullPathNameW
CompareStringW
GetCurrentProcessId
WriteFile
SetFilePointer
LoadLibraryW
GetSystemDirectoryW
CreateFileA
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
FindClose
GetCommandLineW
GetCurrentDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
MoveFileExW
GetCurrentProcess
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
ReleaseMutex
GetEnvironmentStringsW
TlsGetValue
TlsSetValue
TlsFree
CreateProcessW
GetVersionExW
VerSetConditionMask
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
GetNativeSystemInfo
GetModuleHandleExW
GetWindowsDirectoryW
GetSystemWow64DirectoryW
GetComputerNameW
VerifyVersionInfoW
GetVolumePathNameW
GetDateFormatW
GetSystemDefaultLangID
GetUserDefaultLangID
GetStringTypeW
ReadFile
SetFilePointerEx
DuplicateHandle
InterlockedExchange
InterlockedCompareExchange
CreateEventW
ProcessIdToSessionId
OpenProcess
GetProcessId
WaitForSingleObject
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
CreateThread
GetExitCodeThread
SetEvent
WaitForMultipleObjects
InterlockedIncrement
InterlockedDecrement
ResetEvent
SetEndOfFile
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CompareStringA
GetExitCodeProcess
SetThreadExecutionState
CopyFileExW
MapViewOfFile
UnmapViewOfFile
CreateMutexW
CreateFileMappingW
GetThreadLocale
IsValidCodePage
FreeEnvironmentStringsW
TlsAlloc
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DecodePointer
WriteConsoleW
GetModuleHandleA
GlobalAlloc
GlobalFree
GetFileSizeEx
CopyFileW
VirtualAlloc
VirtualFree
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SystemTimeToFileTime
GetSystemInfo
VirtualProtect
VirtualQuery
SetCurrentDirectoryW
FindFirstFileExW
GetFileType
GetACP
ExitProcess
GetStdHandle
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind
SetLastError
LoadLibraryExA

rpcrt4

UuidCreate

Sections

.text
Size: 294KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vcredist2015_2017_2019_2022_x86.exe
.exe windows:5 windows x86 arch:x86

1a5cdbf711fee14b077e599d13fddab2

Code Sign

33:00:00:03:3e:63:3a:86:bf:41:73:d7:e0:00:00:00:00:03:3e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/02/2023, 20:10

Not After

31/01/2024, 20:10

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cc:5c:d4:22:f5:74:09:03:cd:1b:9a:6d:39:b1:35:ed:bd:89:e8:11:53:95:bf:00:ab:81:6b:93:f4:32:13:91
Signer

Actual PE Digest

cc:5c:d4:22:f5:74:09:03:cd:1b:9a:6d:39:b1:35:ed:bd:89:e8:11:53:95:bf:00:ab:81:6b:93:f4:32:13:91

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

C:\agent\_work\8\s\build\ship\x86\burn.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
InitiateSystemShutdownExW
GetUserNameW
RegQueryValueExW
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
DecryptFileW
CreateWellKnownSid
InitializeAcl
SetEntriesInAclW
ChangeServiceConfigW
CloseServiceHandle
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
SetNamedSecurityInfoW
CheckTokenMembership
AllocateAndInitializeSid
SetEntriesInAclA
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
GetTokenInformation
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
QueryServiceConfigW

user32

GetMessageW
PostMessageW
IsWindow
WaitForInputIdle
PostQuitMessage
PeekMessageW
MsgWaitForMultipleObjects
PostThreadMessageW
GetMonitorInfoW
MonitorFromPoint
IsDialogMessageW
LoadCursorW
LoadBitmapW
SetWindowLongW
GetWindowLongW
GetCursorPos
MessageBoxW
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcW
DispatchMessageW
TranslateMessage

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

gdi32

CreateCompatibleDC
DeleteObject
SelectObject
StretchBlt
GetObjectW
DeleteDC

shell32

SHGetFolderPathW
CommandLineToArgvW
ShellExecuteExW

ole32

CoUninitialize
CoInitializeEx
CoInitialize
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoInitializeSecurity
CLSIDFromProgID

kernel32

GetCommandLineA
GetCPInfo
GetOEMCP
CloseHandle
CreateFileW
GetProcAddress
LocalFree
HeapSetInformation
GetLastError
GetModuleHandleW
FormatMessageW
lstrlenA
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
Sleep
GetLocalTime
GetModuleFileNameW
ExpandEnvironmentStringsW
GetTempPathW
GetTempFileNameW
CreateDirectoryW
GetFullPathNameW
CompareStringW
GetCurrentProcessId
WriteFile
SetFilePointer
LoadLibraryW
GetSystemDirectoryW
CreateFileA
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
FindClose
GetCommandLineW
GetCurrentDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
MoveFileExW
GetCurrentProcess
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
ReleaseMutex
GetEnvironmentStringsW
TlsGetValue
TlsSetValue
TlsFree
CreateProcessW
GetVersionExW
VerSetConditionMask
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
GetNativeSystemInfo
GetModuleHandleExW
GetWindowsDirectoryW
GetSystemWow64DirectoryW
GetComputerNameW
VerifyVersionInfoW
GetVolumePathNameW
GetDateFormatW
GetSystemDefaultLangID
GetUserDefaultLangID
GetStringTypeW
ReadFile
SetFilePointerEx
DuplicateHandle
InterlockedExchange
InterlockedCompareExchange
CreateEventW
ProcessIdToSessionId
OpenProcess
GetProcessId
WaitForSingleObject
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
CreateThread
GetExitCodeThread
SetEvent
WaitForMultipleObjects
InterlockedIncrement
InterlockedDecrement
ResetEvent
SetEndOfFile
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CompareStringA
GetExitCodeProcess
SetThreadExecutionState
CopyFileExW
MapViewOfFile
UnmapViewOfFile
CreateMutexW
CreateFileMappingW
GetThreadLocale
IsValidCodePage
FreeEnvironmentStringsW
TlsAlloc
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DecodePointer
WriteConsoleW
GetModuleHandleA
GlobalAlloc
GlobalFree
GetFileSizeEx
CopyFileW
VirtualAlloc
VirtualFree
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SystemTimeToFileTime
GetSystemInfo
VirtualProtect
VirtualQuery
SetCurrentDirectoryW
FindFirstFileExW
GetFileType
GetACP
ExitProcess
GetStdHandle
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind
SetLastError
LoadLibraryExA

rpcrt4

UuidCreate

Sections

.text
Size: 294KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: soft

Password: soft

1c96f2efe71023f5ad261708250613e3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

d3d9

gdiplus

dxgi

bcrypt

ws2_32

normaliz

crypt32

wldap32

Sections

.text Size: 853KB - Virtual size: 852KB

.rdata Size: 222KB - Virtual size: 222KB

.data Size: 5.2MB - Virtual size: 5.3MB

.pdata Size: 33KB - Virtual size: 32KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 5KB - Virtual size: 4KB

Password: soft

1851ff453adce0cef5274e320d5bed3c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 67KB - Virtual size: 66KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 2KB - Virtual size: 6KB

.pdata Size: 4KB - Virtual size: 3KB

.gfids Size: 512B - Virtual size: 148B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

Password: soft

Code Sign

33:00:00:00:8b:4c:06:71:0c:20:2c:df:3b:00:00:00:00:00:8bCertificate

Extended Key Usages

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:efCertificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

54:e4:c9:61:9c:84:5c:b4:62:6a:0e:25:2c:db:a7:f8:ca:50:eb:ad:d5:c9:8f:e2:34:e9:25:72:67:6c:a2:d3Signer

9e:4d:cb:b3:85:ee:4a:a9:0d:81:b3:9c:a8:49:fd:92:a3:3a:2a:11Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 1016B

Password: soft

.text
Size: 853KB - Virtual size: 852KB

.rdata
Size: 222KB - Virtual size: 222KB

.data
Size: 5.2MB - Virtual size: 5.3MB

.pdata
Size: 33KB - Virtual size: 32KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 67KB - Virtual size: 66KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 2KB - Virtual size: 6KB

.pdata
Size: 4KB - Virtual size: 3KB

.gfids
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB

33:00:00:00:8b:4c:06:71:0c:20:2c:df:3b:00:00:00:00:00:8b
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

54:e4:c9:61:9c:84:5c:b4:62:6a:0e:25:2c:db:a7:f8:ca:50:eb:ad:d5:c9:8f:e2:34:e9:25:72:67:6c:a2:d3
Signer

9e:4d:cb:b3:85:ee:4a:a9:0d:81:b3:9c:a8:49:fd:92:a3:3a:2a:11
Signer

.text
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 1016B

33:00:00:00:8b:4c:06:71:0c:20:2c:df:3b:00:00:00:00:00:8b
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

93:9d:1c:fb:5b:32:f9:be:d8:42:dc:25:a6:5d:64:62:62:ad:2f:57:7f:d5:53:ca:1c:97:be:b4:2d:73:10:db
Signer

ba:cc:fd:99:68:c3:e4:fd:b5:1d:1f:9a:da:d5:f7:2c:64:bf:36:ec
Signer

.text
Size: 1024B - Virtual size: 544B

.rsrc
Size: 1024B - Virtual size: 1016B

33:00:00:00:8c:ff:f2:e5:18:1e:16:21:22:00:00:00:00:00:8c
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

be:1a:42:9c:e7:75:10:38:7e:63:dc:a8:91:40:08:23:10:62:8d:c3:8a:58:0e:42:ad:7f:25:51:2f:0c:11:89
Signer

20:0c:44:dd:ab:64:b5:78:36:1f:ad:7d:69:a9:62:0c:26:fb:d8:b8
Signer

.text
Size: 1024B - Virtual size: 555B

.rsrc
Size: 1024B - Virtual size: 1016B

33:00:00:00:90:3e:83:56:9d:f3:ba:ae:e8:00:00:00:00:00:90
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate