Sandboxie-Classic-x64-v5[.]61[.]2[.]exe

Resubmissions

18/09/2024, 19:59

240918-yqdvea1dpp 7

18/09/2024, 19:55

240918-ynl31a1cqm 7

Sharing

Copy URL Twitter E-mail

General

Target

Sandboxie-Classic-x64-v5.61.2.exe
Size

2.7MB
MD5

0918ebfcf58bd3a5823e88832e57cfc6
SHA1

2bf27edb06d4edd601c565a1b234090676f5e345
SHA256

d0b37d3762e7f7c19d8b5f46112dd5c1c8f51adbcece54b41ad2de1a82ecfbe0
SHA512

f77d2a491dd6e6b83b3c834235bff77b5f13c4bb426a9b51c43109eceb63ba87e7895461caa089341ecdb1ba8c7a031327bcc89ff50dec058fd45d553105706e
SSDEEP

49152:UNeeCLwZsjXFnzpKlhckLlf1LlQSSN5GnvGa4Ay7s6jrlg7MDMIO3X4v/fsjvYzy:ObZsj1nzpKFLldRk1jrlqMq4vMjlL

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/System.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

Sandboxie-Classic-x64-v5.61.2.exe
.exe windows:4 windows x86 arch:x86

ab6770b0a8635b9d92a5838920cfe770

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

60:56:27:08:9c:e6:58:cf:82:e4:8d:04
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/04/2021, 21:51

Not After

28/10/2023, 16:27

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederoesterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4b:b3:e0:e7:93:81:bb:19:43:64:23:2a:8e:72:47:a7:b9:1c:40:81:b4:a2:d2:69:4c:58:68:6b:12:fb:98:86
Signer

Actual PE Digest

4b:b3:e0:e7:93:81:bb:19:43:64:23:2a:8e:72:47:a7:b9:1c:40:81:b4:a2:d2:69:4c:58:68:6b:12:fb:98:86

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileAttributesA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CompareFileTime
SearchPathA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
CreateDirectoryA
lstrcmpiA
GetTempPathA
GetCommandLineA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
LoadLibraryA
SetFileTime
CloseHandle
GlobalFree
lstrcmpA
ExpandEnvironmentStringsA
GetExitCodeProcess
GlobalAlloc
WaitForSingleObject
ExitProcess
GetWindowsDirectoryA
GetProcAddress
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
ReadFile
FindClose
GetPrivateProfileStringA
WritePrivateProfileStringA
WriteFile
MulDiv
LoadLibraryExA
GetModuleHandleA
MultiByteToWideChar
FreeLibrary

user32

GetWindowRect
EnableMenuItem
GetSystemMenu
ScreenToClient
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetForegroundWindow
PostQuitMessage
RegisterClassA
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
DestroyWindow
OpenClipboard
TrackPopupMenu
SendMessageTimeoutA
GetDC
LoadImageA
GetDlgItem
FindWindowExA
IsWindow
SetClipboardData
SetWindowLongA
EmptyClipboard
SetTimer
CreateDialogParamA
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegDeleteValueA
SetFileSecurityA
RegOpenKeyExA
RegDeleteKeyA
RegEnumValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_Destroy
ord17
ImageList_AddMasked

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

738dc9bb91549f627cf1953c2000e1d6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentDirectoryA
MultiByteToWideChar
SetCurrentDirectoryA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalAlloc
GlobalUnlock
GlobalLock

user32

GetDlgCtrlID
CloseClipboard
GetClipboardData
MapWindowPoints
LoadCursorA
GetClientRect
SetWindowRgn
LoadIconA
GetWindowLongA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
SetCursor
PtInRect
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
EnableMenuItem
DrawTextA
GetSystemMenu
OpenClipboard
LoadImageA

gdi32

SetTextColor
DeleteObject
CombineRgn
CreateRectRgn
GetDIBits
SelectObject
CreateCompatibleDC
GetObjectA

shell32

SHGetPathFromIDListA
ShellExecuteA
SHBrowseForFolderA
SHGetDesktopFolder

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallType.ini
$PLUGINSDIR/KmdUtil.exe
.exe windows:6 windows x64 arch:x64

cfef260b9644428cd41ee0aea32d903e

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

60:56:27:08:9c:e6:58:cf:82:e4:8d:04
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/04/2021, 21:51

Not After

28/10/2023, 16:27

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederoesterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7f:1b:60:8d:4c:2d:28:49:3a:68:de:6a:47:7a:7d:51:f8:98:7a:08:84:14:23:c3:62:ac:7c:01:d7:1e:4d:f7
Signer

Actual PE Digest

7f:1b:60:8d:4c:2d:28:49:3a:68:de:6a:47:7a:7d:51:f8:98:7a:08:84:14:23:c3:62:ac:7c:01:d7:1e:4d:f7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\x64\SbieRelease\KmdUtil.pdb

Imports

ntdll

NtUnloadDriver
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlInitUnicodeString

psapi

EnumProcessModules
GetModuleBaseNameW
EnumProcesses

sbiedll

SbieApi_GetVersion
SbieApi_QueryConf
SbieApi_IsBoxEnabled
Sbie_snwprintf
SbieApi_Call
SbieApi_Ioctl

kernel32

InitializeSListHead
GetCommandLineW
GetLastError
SetLastError
Sleep
GetModuleFileNameW
LoadLibraryW
LocalAlloc
LocalFree
FormatMessageW
CloseHandle
GetCurrentProcess
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcessId
ExitProcess
TerminateProcess
ProcessIdToSessionId
OpenProcess
GetModuleHandleW
GetProcAddress
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStdHandle
GetFileType
GetStartupInfoW
FindClose
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
FreeLibrary
LoadLibraryExW
LCMapStringW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
SetFilePointerEx
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
HeapSize
HeapReAlloc
RaiseException
CreateFileW
WriteConsoleW
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FindFirstFileExW
FindNextFileW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
QueryPerformanceCounter
FlsAlloc
GetModuleHandleExW

user32

RegisterClassW
DefWindowProcW
PostMessageW
SystemParametersInfoW
DispatchMessageW
GetMessageW
MessageBoxW
LoadIconW
CreateWindowExW
LoadCursorW
GetWindow
GetParent
GetDesktopWindow
GetWindowLongW
GetWindowRect
GetFocus
SetFocus
ShowWindow
DestroyWindow
SendMessageW

gdi32

CreateFontIndirectW
GetStockObject

advapi32

DeleteService
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegSetValueExW
OpenSCManagerW
ControlService
CreateServiceW
StartServiceW
CloseServiceHandle
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
OpenServiceW

shell32

CommandLineToArgvW

Sections

.text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

4e5f0ae8071ae04cdb537283701198ff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetACP
GlobalFree
GetModuleHandleA
lstrcpynA
lstrcmpA
MulDiv
GlobalAlloc
lstrlenA
lstrcpyA

user32

SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
SetWindowTextA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

DeleteObject
CreateFontIndirectA
GetDeviceCaps

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SbieDll.dll
.dll windows:6 windows x64 arch:x64

facf04f3f66aaf37837a8f063396e979

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

60:56:27:08:9c:e6:58:cf:82:e4:8d:04
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/04/2021, 21:51

Not After

28/10/2023, 16:27

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederoesterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3a:8e:62:1c:d5:2e:ac:5a:67:ca:6d:02:4f:70:5c:f6:dd:d4:7a:63:66:de:69:91:e5:42:bc:71:65:cc:a4:73
Signer

Actual PE Digest

3a:8e:62:1c:d5:2e:ac:5a:67:ca:6d:02:4f:70:5c:f6:dd:d4:7a:63:66:de:69:91:e5:42:bc:71:65:cc:a4:73

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SbieDll.pdb

Imports

ntdll

NtSetInformationJobObject
NtAssignProcessToJobObject
NtReadVirtualMemory
NtOpenJobObject
NtCreateJobObject
NtUnmapViewOfSection
NtMapViewOfSection
RtlEqualSid
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAceEx
RtlCreateAcl
NtAdjustPrivilegesToken
NtFilterToken
NtDuplicateObject
NtSetInformationToken
NtOpenThread
NtOpenProcess
RtlConvertSidToUnicodeString
RtlSetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
NtSetSecurityObject
NtQuerySecurityObject
RtlNtStatusToDosError
NtProtectVirtualMemory
NtLoadDriver
LdrQueryImageFileExecutionOptions
LdrQueryProcessModuleInformation
LdrUnloadDll
LdrLoadDll
NtYieldExecution
NtNotifyChangeMultipleKeys
NtNotifyChangeKey
NtEnumerateValueKey
NtQueryMultipleValueKey
NtSaveKey
NtLoadKey2
NtLoadKey
NtDeleteKey
NtSetInformationKey
NtQueryKey
NtImpersonateAnonymousToken
NtImpersonateThread
NtDuplicateToken
NtQueryInformationToken
NtOpenThreadToken
NtOpenSection
NtCreateSection
NtOpenSemaphore
NtCreateSemaphore
NtOpenMutant
NtCreateMutant
NtOpenEvent
NtCreateEvent
NtCreateSymbolicLinkObject
NtImpersonateClientOfPort
NtSecureConnectPort
NtCreatePort
RtlUnicodeStringToAnsiString
NtOpenProcessToken
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitString
NtQueryInformationProcess
NtSetInformationThread
RtlSetThreadErrorMode
RtlGetFullPathName_U
RtlSetCurrentDirectory_U
RtlGetCurrentDirectory_U
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
RtlCompareUnicodeString
NtQuerySystemInformation
NtSetInformationProcess
NtQueryVolumeInformationFile
NtCreateNamedPipeFile
NtCreateMailslotFile
NtFsControlFile
NtDeviceIoControlFile
NtWriteFile
NtReadFile
NtDeleteFile
NtSetInformationFile
NtQueryFullAttributesFile
NtQueryAttributesFile
NtQueryInformationFile
NtQueryDirectoryFile
NtOpenFile
NtCreateFile
NtOpenDirectoryObject
NtQueryObject
DbgPrint
NtAllocateVirtualMemory
LdrGetProcedureAddress
NtDeleteValueKey
NtSetValueKey
NtEnumerateKey
NtCreateKey
NtOpenKey
NtQueryValueKey
RtlInitUnicodeString
NtRequestWaitReplyPort
NtRegisterThreadTerminatePort
NtConnectPort
NtClose
NtQueryVirtualMemory
strstr
__C_specific_handler
memcpy
memset
_wcsicmp
__chkstk
_wcsnicmp
towlower
wcsstr
wcschr
_itow
memmove
wcscpy_s
wcsncpy
_wcslwr
wcstol
_wtoi
wcsncmp
memcmp
wcsrchr
_ultow
wcstoul
_wtoi64
strchr
strncmp
wcsncpy_s
tolower
_stricmp
iswctype
_strlwr

kernel32

ExpandEnvironmentStringsW
SetLocaleInfoW
SetLocaleInfoA
PostQueuedCompletionStatus
EnumResourceNamesW
FormatMessageW
LoadLibraryExW
GetVersionExW
GetLongPathNameW
GetFullPathNameW
WinExec
OpenProcess
CreateProcessA
TerminateProcess
QueueUserWorkItem
CreateFileA
SizeofResource
WriteProcessMemory
ReadProcessMemory
VirtualAllocEx
DuplicateHandle
GetProcessId
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
GetWindowsDirectoryW
HeapDestroy
HeapCreate
SetThreadPriority
GetExitCodeProcess
OpenEventW
DeleteCriticalSection
RaiseException
GlobalAddAtomW
UnmapViewOfFile
MapViewOfFileEx
GetThreadTimes
SleepEx
GetTickCount64
FindResourceA
FindResourceW
LockResource
LoadResource
GlobalLock
GlobalUnlock
GlobalSize
GetConsoleWindow
SetConsoleTitleW
SetConsoleTitleA
GetConsoleTitleW
GetConsoleTitleA
AllocConsole
GetStartupInfoW
OpenThread
WaitForMultipleObjects
WideCharToMultiByte
GetSystemInfo
GetSystemWindowsDirectoryW
ReplaceFileW
MoveFileWithProgressW
MoveFileExW
GetPrivateProfileStringW
GetTickCount
QueueUserAPC
OpenMutexW
CreateMutexW
ReleaseMutex
TryEnterCriticalSection
GetFileSizeEx
GetFileAttributesW
FindNextChangeNotification
FindFirstChangeNotificationW
DeleteFileW
CreateDirectoryW
GetEnvironmentVariableW
GetEnvironmentStringsW
QueryPerformanceFrequency
QueryPerformanceCounter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsSetValue
TlsGetValue
TlsAlloc
GetModuleHandleA
ProcessIdToSessionId
GetCurrentProcessId
Sleep
SetEvent
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
OutputDebugStringW
GetModuleFileNameW
CreateProcessW
CreateThread
ExitProcess
SetEnvironmentVariableW
GetCommandLineW
LocalFree
LocalAlloc
GetSystemTimeAsFileTime
LoadLibraryW
GetModuleHandleW
FreeLibrary
CreateEventW
WaitForSingleObject
GlobalFree
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery
VirtualProtectEx
VirtualQueryEx
SetLastError
CreateFileW
ReadFile
SetFilePointerEx
CloseHandle
GetProcAddress
GlobalAlloc

Exports

Exports

File_GetName
Key_GetName
SbieApi_Call
SbieApi_CheckInternetAccess
SbieApi_DisableForceProcess
SbieApi_EnumBoxes
SbieApi_EnumBoxesEx
SbieApi_EnumProcessEx
SbieApi_GetBlockedDll
SbieApi_GetFileName
SbieApi_GetHomePath
SbieApi_GetMessage
SbieApi_GetUnmountHive
SbieApi_GetVersion
SbieApi_GetVersionEx
SbieApi_HookTramp
SbieApi_Ioctl
SbieApi_IsBoxEnabled
SbieApi_Log
SbieApi_LogEx
SbieApi_LogMsgEx
SbieApi_LogMsgExt
SbieApi_MonitorControl
SbieApi_MonitorGetEx
SbieApi_MonitorPut
SbieApi_MonitorPut2
SbieApi_MonitorPutMsg
SbieApi_OpenProcess
SbieApi_ProcessExemptionControl
SbieApi_QueryBoxPath
SbieApi_QueryConf
SbieApi_QueryConfBool
SbieApi_QueryPathList
SbieApi_QueryProcess
SbieApi_QueryProcessEx
SbieApi_QueryProcessEx2
SbieApi_QueryProcessInfo
SbieApi_QueryProcessInfoEx
SbieApi_QueryProcessPath
SbieApi_ReloadConf
SbieApi_SessionLeader
SbieApi_SetUserName
SbieApi_vLogEx
SbieDll_AssocQueryCommand
SbieDll_AssocQueryProgram
SbieDll_CallServer
SbieDll_CallServerQueue
SbieDll_CheckPatternInList
SbieDll_CheckProcessLocalSystem
SbieDll_CheckStringInList
SbieDll_ComCreateProxy
SbieDll_ComCreateStub
SbieDll_DeviceChange
SbieDll_DisableCHPE
SbieDll_DisableElevationHook
SbieDll_ExpandAndRunProgram
SbieDll_FormatMessage
SbieDll_FormatMessage0
SbieDll_FormatMessage1
SbieDll_FormatMessage2
SbieDll_FreeMem
SbieDll_GetBorderColor
SbieDll_GetDrivePath
SbieDll_GetHandlePath
SbieDll_GetLanguage
SbieDll_GetServiceRegistryValue
SbieDll_GetSettingsForName
SbieDll_GetSettingsForName_bool
SbieDll_GetStartError
SbieDll_GetStringForStringList
SbieDll_GetSysFunction
SbieDll_GetTokenElevationType
SbieDll_GetUserPathEx
SbieDll_Hook
SbieDll_HookInit
SbieDll_InitPStore
SbieDll_InjectLow
SbieDll_InjectLow_InitHelper
SbieDll_InjectLow_InitSyscalls
SbieDll_InjectLow_SendHandle
SbieDll_IsBoxedService
SbieDll_IsDirectory
SbieDll_IsDllSkipHook
SbieDll_IsOpenCOM
SbieDll_IsOpenClsid
SbieDll_IsReservedFileName
SbieDll_KillAll
SbieDll_KillOne
SbieDll_MatchImage
SbieDll_OpenProcess
SbieDll_PortName
SbieDll_QueryConf
SbieDll_QueueCreate
SbieDll_QueueGetReq
SbieDll_QueueGetRpl
SbieDll_QueuePutReq
SbieDll_QueuePutRpl
SbieDll_RegisterDllCallback
SbieDll_RunFromHome
SbieDll_RunSandboxed
SbieDll_RunStartExe
SbieDll_StartBoxedService
SbieDll_StartCOM
SbieDll_StartSbieSvc
SbieDll_TranslateNtToDosPath
SbieDll_UnHookModule
SbieDll_UpdateConf
Sbie_snprintf
Sbie_snwprintf

Sections

.text
Size: 577KB - Virtual size: 576KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SbieMsg.dll
.dll windows:6 windows x64 arch:x64

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

60:56:27:08:9c:e6:58:cf:82:e4:8d:04
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/04/2021, 21:51

Not After

28/10/2023, 16:27

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederoesterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b8:97:0a:3d:05:85:b8:de:88:47:01:0a:33:f5:1b:6b:89:50:07:89:99:f4:2a:2c:50:91:2f:6f:bd:03:89:f1
Signer

Actual PE Digest

b8:97:0a:3d:05:85:b8:de:88:47:01:0a:33:f5:1b:6b:89:50:07:89:99:f4:2a:2c:50:91:2f:6f:bd:03:89:f1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SbieMsg.pdb

Sections

.rdata
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

f2ac1ab587d5531d5f1bf76c094aef4c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
GlobalAlloc
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 510B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Warning.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
32/SbieDll.dll
.dll windows:6 windows x86 arch:x86

49497c493ea03407836418250b92612a

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

60:56:27:08:9c:e6:58:cf:82:e4:8d:04
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/04/2021, 21:51

Not After

28/10/2023, 16:27

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederoesterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c2:14:19:71:4d:06:76:dc:b2:c1:9d:bd:f4:a5:a1:b6:2e:31:8e:bd:34:49:29:7f:59:39:d8:26:23:85:cc:fa
Signer

Actual PE Digest

c2:14:19:71:4d:06:76:dc:b2:c1:9d:bd:f4:a5:a1:b6:2e:31:8e:bd:34:49:29:7f:59:39:d8:26:23:85:cc:fa

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\Win32\SbieRelease\SbieDll.pdb

Imports

ntdll

RtlUnwind
NtSetInformationJobObject
NtClose
NtAssignProcessToJobObject
NtOpenJobObject
NtCreateJobObject
NtUnmapViewOfSection
NtMapViewOfSection
RtlEqualSid
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAceEx
RtlCreateAcl
NtAdjustPrivilegesToken
NtFilterToken
NtDuplicateObject
NtSetInformationToken
NtOpenThread
NtOpenProcess
RtlConvertSidToUnicodeString
RtlSetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
NtSetSecurityObject
NtQuerySecurityObject
NtQueryVirtualMemory
RtlNtStatusToDosError
NtLoadDriver
LdrQueryImageFileExecutionOptions
LdrQueryProcessModuleInformation
LdrUnloadDll
LdrLoadDll
NtYieldExecution
NtNotifyChangeMultipleKeys
NtNotifyChangeKey
NtEnumerateValueKey
NtQueryMultipleValueKey
NtSaveKey
NtLoadKey2
NtLoadKey
NtDeleteKey
NtSetInformationKey
NtQueryKey
NtImpersonateAnonymousToken
NtImpersonateThread
NtDuplicateToken
NtQueryInformationToken
NtOpenThreadToken
NtOpenSection
NtCreateSection
NtOpenSemaphore
NtCreateSemaphore
NtOpenMutant
NtCreateMutant
NtOpenEvent
NtCreateEvent
NtCreateSymbolicLinkObject
NtImpersonateClientOfPort
NtSecureConnectPort
NtCreatePort
NtAllocateVirtualMemory
RtlUnicodeStringToAnsiString
NtOpenProcessToken
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitString
NtQueryInformationProcess
NtSetInformationThread
RtlSetThreadErrorMode
RtlGetFullPathName_U
RtlSetCurrentDirectory_U
RtlGetCurrentDirectory_U
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
RtlCompareUnicodeString
NtQuerySystemInformation
NtSetInformationProcess
NtQueryVolumeInformationFile
NtCreateNamedPipeFile
NtCreateMailslotFile
NtFsControlFile
NtDeviceIoControlFile
NtWriteFile
NtReadFile
NtDeleteFile
NtSetInformationFile
NtQueryFullAttributesFile
NtQueryAttributesFile
NtQueryInformationFile
NtQueryDirectoryFile
NtOpenFile
NtCreateFile
NtOpenDirectoryObject
NtQueryObject
DbgPrint
NtProtectVirtualMemory
LdrGetProcedureAddress
NtDeleteValueKey
NtSetValueKey
NtEnumerateKey
NtCreateKey
NtOpenKey
NtQueryValueKey
RtlInitUnicodeString
NtRequestWaitReplyPort
NtRegisterThreadTerminatePort
NtConnectPort
strstr
memcpy
memset
_wcsicmp
_chkstk
_wcsnicmp
towlower
wcsstr
wcschr
_itow
memmove
wcscpy_s
wcsncpy
_wcslwr
wcstol
_wtoi
wcsncmp
_stricmp
wcsrchr
_alldiv
_allmul
_ultow
wcstoul
_wtoi64
strchr
strncmp
wcsncpy_s
tolower
iswctype
_strlwr

kernel32

CreateEventW
SetLocaleInfoW
SetLocaleInfoA
PostQueuedCompletionStatus
EnumResourceNamesW
FormatMessageW
LoadLibraryExW
GetVersionExW
GetLongPathNameW
GetFullPathNameW
WinExec
OpenProcess
CreateProcessA
TerminateProcess
QueueUserWorkItem
CreateFileA
SizeofResource
WriteProcessMemory
ReadProcessMemory
DuplicateHandle
GetProcessId
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
GetWindowsDirectoryW
HeapDestroy
HeapCreate
SetThreadPriority
GetExitCodeProcess
OpenEventW
DeleteCriticalSection
RaiseException
GlobalAddAtomW
UnmapViewOfFile
MapViewOfFileEx
GetThreadTimes
SleepEx
GetTickCount64
FindResourceA
FindResourceW
LockResource
LoadResource
GlobalLock
GlobalUnlock
GlobalSize
GetConsoleWindow
SetConsoleTitleW
SetConsoleTitleA
GetConsoleTitleW
GetConsoleTitleA
AllocConsole
GetStartupInfoW
OpenThread
WaitForMultipleObjects
WideCharToMultiByte
GetSystemInfo
ReplaceFileW
MoveFileWithProgressW
MoveFileExW
GetPrivateProfileStringW
GetSystemWindowsDirectoryW
GetTickCount
QueueUserAPC
OpenMutexW
CreateMutexW
ReleaseMutex
TryEnterCriticalSection
GetFileSizeEx
GetFileAttributesW
FindNextChangeNotification
FindFirstChangeNotificationW
DeleteFileW
CreateDirectoryW
GetEnvironmentVariableW
GetEnvironmentStringsW
QueryPerformanceFrequency
QueryPerformanceCounter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsSetValue
TlsGetValue
TlsAlloc
GetModuleHandleA
ProcessIdToSessionId
GetCurrentProcessId
Sleep
SetEvent
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
OutputDebugStringW
GetModuleFileNameW
CreateProcessW
CreateThread
ExitProcess
SetEnvironmentVariableW
GetCommandLineW
LocalFree
LocalAlloc
GetSystemTimeAsFileTime
LoadLibraryW
GetModuleHandleW
FreeLibrary
ExpandEnvironmentStringsW
WaitForSingleObject
GlobalFree
GlobalAlloc
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery
VirtualProtectEx
VirtualQueryEx
SetLastError
CreateFileW
ReadFile
SetFilePointerEx
CloseHandle
GetProcAddress

Exports

Exports

SbieApi_Call
SbieApi_CheckInternetAccess
SbieApi_DisableForceProcess
SbieApi_EnumBoxes
SbieApi_EnumProcessEx
SbieApi_GetFileName
SbieApi_GetHomePath
SbieApi_GetMessage
SbieApi_GetUnmountHive
SbieApi_GetVersion
SbieApi_GetVersionEx
SbieApi_HookTramp
SbieApi_IsBoxEnabled
SbieApi_Log
SbieApi_LogEx
SbieApi_MonitorControl
SbieApi_MonitorGetEx
SbieApi_MonitorPut
SbieApi_MonitorPut2
SbieApi_OpenProcess
SbieApi_QueryBoxPath
SbieApi_QueryConf
SbieApi_QueryConfBool
SbieApi_QueryPathList
SbieApi_QueryProcess
SbieApi_QueryProcessEx
SbieApi_QueryProcessInfo
SbieApi_QueryProcessPath
SbieApi_ReloadConf
SbieApi_SessionLeader
SbieApi_SetUserName
SbieDll_AssocQueryCommand
SbieDll_AssocQueryProgram
SbieDll_CallServer
SbieDll_ComCreateProxy
SbieDll_ComCreateStub
SbieDll_DeviceChange
SbieDll_DisableElevationHook
SbieDll_ExpandAndRunProgram
SbieDll_FormatMessage
SbieDll_FormatMessage0
SbieDll_FormatMessage1
SbieDll_FormatMessage2
SbieDll_FreeMem
SbieDll_GetDrivePath
SbieDll_GetHandlePath
SbieDll_GetLanguage
SbieDll_GetServiceRegistryValue
SbieDll_GetStartError
SbieDll_GetTokenElevationType
SbieDll_GetUserPathEx
SbieDll_Hook
SbieDll_InitPStore
SbieDll_IsBoxedService
SbieDll_IsDirectory
SbieDll_IsOpenCOM
SbieDll_IsOpenClsid
SbieDll_KillAll
SbieDll_KillOne
SbieDll_PortName
SbieDll_QueueCreate
SbieDll_QueueGetReq
SbieDll_QueueGetRpl
SbieDll_QueuePutReq
SbieDll_QueuePutRpl
SbieDll_RegisterDllCallback
SbieDll_RunFromHome
SbieDll_RunSandboxed
SbieDll_StartBoxedService
SbieDll_StartCOM
SbieDll_StartSbieSvc
SbieDll_TranslateNtToDosPath
SbieDll_UpdateConf
Sbie_snprintf
Sbie_snwprintf
_File_GetName@20
_Key_GetName@20
_SbieApi_CheckInternetAccess@12
_SbieApi_DisableForceProcess@8
_SbieApi_EnumBoxes@8
_SbieApi_EnumBoxesEx@12
_SbieApi_EnumProcessEx@20
_SbieApi_GetBlockedDll@8
_SbieApi_GetFileName@12
_SbieApi_GetHomePath@16
_SbieApi_GetMessage@24
_SbieApi_GetUnmountHive@4
_SbieApi_GetVersion@4
_SbieApi_GetVersionEx@8
_SbieApi_HookTramp@8
_SbieApi_Ioctl@4
_SbieApi_IsBoxEnabled@4
_SbieApi_LogMsgEx@16
_SbieApi_LogMsgExt@8
_SbieApi_MonitorControl@8
_SbieApi_MonitorGetEx@16
_SbieApi_MonitorPut2@12
_SbieApi_MonitorPut@8
_SbieApi_MonitorPutMsg@8
_SbieApi_OpenProcess@8
_SbieApi_ProcessExemptionControl@16
_SbieApi_QueryBoxPath@28
_SbieApi_QueryConf@20
_SbieApi_QueryConfBool@12
_SbieApi_QueryPathList@20
_SbieApi_QueryProcess@20
_SbieApi_QueryProcessEx2@28
_SbieApi_QueryProcessEx@24
_SbieApi_QueryProcessInfo@8
_SbieApi_QueryProcessInfoEx@16
_SbieApi_QueryProcessPath@28
_SbieApi_ReloadConf@8
_SbieApi_SessionLeader@8
_SbieApi_SetUserName@8
_SbieApi_vLogEx@16
_SbieDll_AssocQueryCommand@4
_SbieDll_AssocQueryProgram@4
_SbieDll_CallServer@4
_SbieDll_CallServerQueue@16
_SbieDll_CheckPatternInList@16
_SbieDll_CheckProcessLocalSystem@4
_SbieDll_CheckStringInList@12
_SbieDll_ComCreateProxy@16
_SbieDll_ComCreateStub@16
_SbieDll_DeviceChange@8
_SbieDll_DisableCHPE@0
_SbieDll_DisableElevationHook@0
_SbieDll_ExpandAndRunProgram@4
_SbieDll_FormatMessage0@4
_SbieDll_FormatMessage1@8
_SbieDll_FormatMessage2@12
_SbieDll_FormatMessage@8
_SbieDll_FreeMem@4
_SbieDll_GetBorderColor@16
_SbieDll_GetDrivePath@4
_SbieDll_GetHandlePath@12
_SbieDll_GetLanguage@4
_SbieDll_GetServiceRegistryValue@12
_SbieDll_GetSettingsForName@24
_SbieDll_GetSettingsForName_bool@16
_SbieDll_GetStartError@0
_SbieDll_GetStringForStringList@20
_SbieDll_GetSysFunction@4
_SbieDll_GetTokenElevationType@0
_SbieDll_GetUserPathEx@4
_SbieDll_Hook@16
_SbieDll_HookInit@0
_SbieDll_InitPStore@0
_SbieDll_InjectLow@12
_SbieDll_InjectLow_InitHelper@0
_SbieDll_InjectLow_InitSyscalls@4
_SbieDll_InjectLow_SendHandle@4
_SbieDll_IsBoxedService@4
_SbieDll_IsDirectory@4
_SbieDll_IsDllSkipHook@4
_SbieDll_IsOpenCOM@0
_SbieDll_IsOpenClsid@12
_SbieDll_IsReservedFileName@4
_SbieDll_KillAll@8
_SbieDll_KillOne@4
_SbieDll_MatchImage@12
_SbieDll_OpenProcess@8
_SbieDll_PortName@0
_SbieDll_QueryConf@20
_SbieDll_QueueCreate@8
_SbieDll_QueueGetReq@24
_SbieDll_QueueGetRpl@16
_SbieDll_QueuePutReq@20
_SbieDll_QueuePutRpl@16
_SbieDll_RegisterDllCallback@4
_SbieDll_RunFromHome@16
_SbieDll_RunSandboxed@24
_SbieDll_RunStartExe@8
_SbieDll_StartBoxedService@8
_SbieDll_StartCOM@4
_SbieDll_StartSbieSvc@4
_SbieDll_TranslateNtToDosPath@4
_SbieDll_UnHookModule@4
_SbieDll_UpdateConf@20

Sections

.text
Size: 487KB - Virtual size: 487KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
32/SbieSvc.exe
.exe windows:6 windows x86 arch:x86

a0a7856b044f1ee7401ed787d18fef71

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

60:56:27:08:9c:e6:58:cf:82:e4:8d:04
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/04/2021, 21:51

Not After

28/10/2023, 16:27

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederoesterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7a:83:b0:3a:48:2d:e5:2e:cb:ed:f5:88:2d:3c:10:d3:31:40:70:5c:89:3f:c2:28:30:38:4c:a8:01:6c:90:9b
Signer

Actual PE Digest

7a:83:b0:3a:48:2d:e5:2e:cb:ed:f5:88:2d:3c:10:d3:31:40:70:5c:89:3f:c2:28:30:38:4c:a8:01:6c:90:9b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\Win32\SbieRelease\SbieSvc.pdb

Imports

sbiedll

_SbieDll_FormatMessage0@4
_SbieDll_GetLanguage@4
_SbieApi_OpenProcess@8
_SbieApi_ReloadConf@8
_SbieApi_SessionLeader@8
_SbieDll_CheckPatternInList@16
_SbieDll_CheckStringInList@12
_SbieApi_EnumBoxes@8
_SbieDll_DisableCHPE@0
_SbieDll_GetSettingsForName_bool@16
_SbieApi_CheckInternetAccess@12
_SbieDll_QueuePutRpl@16
_SbieDll_QueueGetReq@24
_SbieDll_QueueCreate@8
_SbieDll_FreeMem@4
_SbieDll_KillOne@4
_SbieApi_QueryPathList@20
_SbieApi_GetHomePath@16
_SbieApi_QueryProcessPath@28
_SbieDll_GetStringForStringList@20
_SbieDll_InjectLow@12
_SbieDll_InjectLow_InitSyscalls@4
_SbieDll_InjectLow_InitHelper@0
_SbieDll_PortName@0
_SbieDll_FormatMessage2@12
_SbieDll_GetServiceRegistryValue@12
_SbieDll_TranslateNtToDosPath@4
_SbieDll_RunStartExe@8
_SbieApi_GetUnmountHive@4
_SbieApi_SetUserName@8
_SbieApi_QueryConfBool@12
_SbieApi_QueryConf@20
_SbieApi_EnumProcessEx@20
_SbieApi_QueryBoxPath@28
_SbieApi_QueryProcessInfo@8
_SbieApi_QueryProcessEx2@28
_SbieApi_GetMessage@24
_SbieApi_GetVersionEx@8
SbieApi_Call
_SbieDll_RunSandboxed@24
_SbieApi_IsBoxEnabled@4
_SbieDll_IsOpenClsid@12
_SbieDll_ComCreateStub@16
_SbieDll_RunFromHome@16
_SbieApi_QueryProcess@20
SbieApi_LogEx
SbieApi_Log

ntdll

NtReplyWaitReceivePort
NtRequestPort
NtCreatePort
NtUnloadKey
NtOpenKey
NtClose
NtAcceptConnectPort
RtlInitUnicodeString
RtlUnwind
NtLoadDriver
RtlCreateVirtualAccountSid
RtlSetDaclSecurityDescriptor
NtCreateFile
NtSetInformationFile
NtDuplicateObject
NtOpenProcess
NtAdjustPrivilegesToken
NtSetInformationProcess
NtOpenDirectoryObject
NtReadFile
NtCompleteConnectPort
NtImpersonateClientOfPort
RtlNtStatusToDosError
NtRequestWaitReplyPort
NtConnectPort
NtFilterToken
NtDuplicateToken
NtQueryInformationToken
NtOpenThreadToken
NtOpenProcessToken
NtSetInformationThread
NtAllocateVirtualMemory
RtlInitializeSid
RtlSubAuthoritySid
NtSetInformationToken
NtQueryInformationProcess
RtlCreateSecurityDescriptor
NtLoadKey
NtQuerySystemInformation
NtWriteFile

kernel32

GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileType
GetStringTypeW
GetStdHandle
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
EncodePointer
VirtualQuery
InitializeSListHead
GetSystemTimeAsFileTime
CloseHandle
GetLastError
HeapCreate
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
SetEvent
WaitForSingleObject
CreateMutexW
OpenMutexW
CreateEventW
OpenEventW
Sleep
WaitForMultipleObjects
ExitProcess
TerminateProcess
FreeEnvironmentStringsW
GetCurrentThread
GetTickCount
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
LocalFree
GetEnvironmentVariableW
SetCurrentDirectoryW
GetFullPathNameW
GetPrivateProfileStringW
CreateFileW
SetFilePointer
WriteFile
SetLastError
DeviceIoControl
GetProcessTimes
GetCurrentProcess
GetCurrentProcessId
SetThreadPriority
TerminateThread
OpenProcess
GetLocalTime
GetVersionExW
VirtualAlloc
VirtualFree
LocalAlloc
GetSystemWindowsDirectoryW
DuplicateHandle
ResetEvent
QueueUserAPC
GetCurrentThreadId
OpenThread
ProcessIdToSessionId
IsProcessInJob
CreateJobObjectW
AssignProcessToJobObject
TerminateJobObject
SetInformationJobObject
QueryInformationJobObject
GetModuleHandleW
GetProcAddress
LoadLibraryW
GlobalSize
RegisterWaitForSingleObject
UnregisterWait
AllocConsole
GetConsoleWindow
GetConsoleProcessList
GetFileSizeEx
OutputDebugStringW
RaiseException
InitializeCriticalSectionAndSpinCount
GetCommandLineW
GetSystemInfo
GetFinalPathNameByHandleW
CancelIo
DefineDosDeviceW
TlsAlloc
TlsGetValue
TlsSetValue
ResumeThread
WriteProcessMemory
GetModuleFileNameW
QueueUserWorkItem
GetExitCodeProcess
DeleteFileW
GetFileAttributesW
ReadFile
SetEndOfFile
SetFileAttributesW
GetWindowsDirectoryW
CopyFileW
MultiByteToWideChar
WideCharToMultiByte
SuspendThread
CreateProcessW
ReadProcessMemory
MulDiv
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
LCMapStringW
GetEnvironmentStringsW
SetStdHandle
SetFilePointerEx
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
DecodePointer
CreateThread
WriteConsoleW

user32

GetMonitorInfoW
EndPaint
BeginPaint
ShowWindow
RegisterClassExW
PackDDElParam
GetRawInputDeviceInfoW
GetRawInputDeviceInfoA
UserHandleGrantAccess
GetWindowInfo
MonitorFromWindow
ChangeDisplaySettingsExW
ChangeDisplaySettingsExA
GetIconInfo
GetWindow
GetWindowThreadProcessId
GetClassNameW
GetClassNameA
EnumThreadWindows
EnumWindows
GetShellWindow
FindWindowExW
FindWindowExA
FindWindowW
FindWindowA
EnumChildWindows
GetParent
GetDesktopWindow
GetClassLongW
GetClassLongA
GetWindowLongW
GetWindowLongA
ClipCursor
MapWindowPoints
ScreenToClient
ClientToScreen
SetCursorPos
GetWindowRect
GetClientRect
GetPropW
GetPropA
SetPropW
ReleaseDC
GetDC
SetForegroundWindow
IsWindowEnabled
IsWindowUnicode
KillTimer
EnumClipboardFormats
PostMessageW
wsprintfW
GetMessageW
DispatchMessageW
SetTimer
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
CreateDesktopW
SetThreadDesktop
GetThreadDesktop
CreateWindowStationW
SetProcessWindowStation
GetProcessWindowStation
SendMessageA
GetClipboardData
GetClipboardSequenceNumber
IsZoomed
SendMessageW
SendMessageTimeoutW
SendNotifyMessageA
IsIconic
IsWindowVisible
SetWindowPos
IsWindow
CreateWindowExW
RegisterClassW
DefWindowProcW
DestroyWindow
PostMessageA
SendNotifyMessageW

advapi32

LookupAccountSidW
GetTokenInformation
AdjustTokenPrivileges
OpenProcessToken
DuplicateTokenEx
OpenThreadToken
CreateProcessAsUserW
LookupPrivilegeValueW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupAccountNameW
LsaFreeMemory
LsaManageSidNameMapping
CloseServiceHandle
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
GetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetTokenInformation
SetSecurityInfo
ControlService
EnumServicesStatusExW
StartServiceW
OpenEventLogW
ReportEventW
RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW
RevertToSelf
SetThreadToken
AddAccessAllowedAce
DuplicateToken
GetLengthSid
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
QueryServiceConfigW
QueryServiceConfig2W
AccessCheck
GetSecurityInfo
EnumServicesStatusW

psapi

EnumProcessModules
GetModuleFileNameExW
GetModuleBaseNameW

ole32

CoSetProxyBlanket
CoInitializeEx
CoGetClassObject
CoMarshalInterface
CoUnmarshalInterface
CoInitializeSecurity
CoQueryProxyBlanket
CoInitialize
CoCopyProxy
StringFromGUID2
CoTaskMemFree
CoGetObject
CoRegisterClassObject
CoRevokeClassObject
CreateStreamOnHGlobal

crypt32

CryptProtectData
CryptUnprotectData

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

gdi32

CreateCompatibleDC
TextOutW
SetTextColor
SetBkColor
SelectObject
GetDeviceCaps
CreateFontW
GetEnhMetaFileBits
GetMetaFileBitsEx
DeleteDC
CreateSolidBrush
GetDIBits

netapi32

NetUseAdd

wtsapi32

WTSQueryUserToken

rpcrt4

UuidFromStringW
RpcStringFreeW
RpcMgmtEpEltInqDone
RpcMgmtEpEltInqNextW
RpcMgmtEpEltInqBegin
RpcBindingToStringBindingW

bcrypt

BCryptOpenAlgorithmProvider
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptVerifySignature
BCryptDestroyKey
BCryptImportKeyPair
BCryptGetProperty
BCryptCloseAlgorithmProvider

Sections

.text
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KmdUtil.exe
.exe windows:6 windows x64 arch:x64

cfef260b9644428cd41ee0aea32d903e

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

60:56:27:08:9c:e6:58:cf:82:e4:8d:04
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/04/2021, 21:51

Not After

28/10/2023, 16:27

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederoesterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7f:1b:60:8d:4c:2d:28:49:3a:68:de:6a:47:7a:7d:51:f8:98:7a:08:84:14:23:c3:62:ac:7c:01:d7:1e:4d:f7
Signer

Actual PE Digest

7f:1b:60:8d:4c:2d:28:49:3a:68:de:6a:47:7a:7d:51:f8:98:7a:08:84:14:23:c3:62:ac:7c:01:d7:1e:4d:f7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\x64\SbieRelease\KmdUtil.pdb

Imports

ntdll

NtUnloadDriver
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlInitUnicodeString

psapi

EnumProcessModules
GetModuleBaseNameW
EnumProcesses

sbiedll

SbieApi_GetVersion
SbieApi_QueryConf
SbieApi_IsBoxEnabled
Sbie_snwprintf
SbieApi_Call
SbieApi_Ioctl

kernel32

InitializeSListHead
GetCommandLineW
GetLastError
SetLastError
Sleep
GetModuleFileNameW
LoadLibraryW
LocalAlloc
LocalFree
FormatMessageW
CloseHandle
GetCurrentProcess
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcessId
ExitProcess
TerminateProcess
ProcessIdToSessionId
OpenProcess
GetModuleHandleW
GetProcAddress
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStdHandle
GetFileType
GetStartupInfoW
FindClose
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
FreeLibrary
LoadLibraryExW
LCMapStringW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
SetFilePointerEx
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
HeapSize
HeapReAlloc
RaiseException
CreateFileW
WriteConsoleW
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FindFirstFileExW
FindNextFileW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
QueryPerformanceCounter
FlsAlloc
GetModuleHandleExW

user32

RegisterClassW
DefWindowProcW
PostMessageW
SystemParametersInfoW
DispatchMessageW
GetMessageW
MessageBoxW
LoadIconW
CreateWindowExW
LoadCursorW
GetWindow
GetParent
GetDesktopWindow
GetWindowLongW
GetWindowRect
GetFocus
SetFocus
ShowWindow
DestroyWindow
SendMessageW

gdi32

CreateFontIndirectW
GetStockObject

advapi32

DeleteService
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegSetValueExW
OpenSCManagerW
ControlService
CreateServiceW
StartServiceW
CloseServiceHandle
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
OpenServiceW

shell32

CommandLineToArgvW

Sections

.text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LICENSE.TXT
Manifest0.txt
Manifest1.txt
.xml
Manifest2.txt
.xml
SandboxieBITS.exe
.exe windows:6 windows x64 arch:x64

db9a2f5765f3292f1fe56e79665ef080

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

60:56:27:08:9c:e6:58:cf:82:e4:8d:04
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/04/2021, 21:51

Not After

28/10/2023, 16:27

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederoesterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

de:11:2f:3d:91:43:3e:1a:46:30:b2:d3:12:23:84:e7:ed:f6:8b:dc:ce:fc:3a:89:fd:db:43:b9:2e:d9:fd:db
Signer

Actual PE Digest

de:11:2f:3d:91:43:3e:1a:46:30:b2:d3:12:23:84:e7:ed:f6:8b:dc:ce:fc:3a:89:fd:db:43:b9:2e:d9:fd:db

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SandboxieBITS.pdb

Imports

advapi32

SetThreadToken
OpenProcessToken
DuplicateTokenEx
LogonUserW
StartServiceCtrlDispatcherW

kernel32

CloseHandle
GetLastError
SetLastError
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetVersionExW
GetModuleHandleW
GetProcAddress
LoadLibraryW
WriteConsoleW
CreateFileW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
HeapSize
SetFilePointerEx
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
TerminateProcess
GetModuleHandleExW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW

user32

MessageBoxW
wsprintfW

ole32

CoImpersonateClient

wtsapi32

WTSQueryUserToken

sbiedll

SbieDll_Hook

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SandboxieCrypto.exe
.exe windows:6 windows x64 arch:x64

9fe67027091d7f633ac615a893110af2

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

60:56:27:08:9c:e6:58:cf:82:e4:8d:04
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/04/2021, 21:51

Not After

28/10/2023, 16:27

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederoesterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c3:3b:85:8c:8f:1c:de:0b:71:31:7f:c9:9d:d8:74:3c:d6:a6:3e:71:de:e8:30:63:8b:6b:2e:2f:c9:88:e0:ef
Signer

Actual PE Digest

c3:3b:85:8c:8f:1c:de:0b:71:31:7f:c9:9d:d8:74:3c:d6:a6:3e:71:de:e8:30:63:8b:6b:2e:2f:c9:88:e0:ef

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SandboxieCrypto.pdb

Imports

sbiedll

SbieDll_Hook

ntdll

RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
RtlCaptureContext
RtlLookupFunctionEntry

kernel32

CloseHandle
DuplicateHandle
GetLastError
SetLastError
HeapAlloc
HeapFree
GetProcessHeap
SetEvent
WaitForSingleObject
CreateMutexW
OpenMutexW
CreateEventW
OpenEventW
CreateFileW
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
GetWindowsDirectoryW
GetVersionExW
GetModuleHandleW
GetProcAddress
LoadLibraryW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
WriteConsoleW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcessId
IsDebuggerPresent
HeapReAlloc
HeapSize
SetFilePointerEx
LCMapStringW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
GetCurrentProcess
ExitProcess
TerminateProcess
GetModuleHandleExW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW

advapi32

StartServiceCtrlDispatcherW
SetServiceStatus
GetTokenInformation
DuplicateToken
AccessCheckByType
OpenProcessToken
SetThreadToken

user32

MessageBoxW
wsprintfW

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SandboxieDcomLaunch.exe
.exe windows:6 windows x64 arch:x64

f0fe48135b22f13314c4a8edae5c1c0c

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

60:56:27:08:9c:e6:58:cf:82:e4:8d:04
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/04/2021, 21:51

Not After

28/10/2023, 16:27

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederoesterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f4:9c:6b:a2:1b:c3:64:6e:26:b8:79:a2:8f:69:13:04:5c:60:93:48:db:bf:e7:ca:6d:d4:32:48:cc:34:58:1c
Signer

Actual PE Digest

f4:9c:6b:a2:1b:c3:64:6e:26:b8:79:a2:8f:69:13:04:5c:60:93:48:db:bf:e7:ca:6d:d4:32:48:cc:34:58:1c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SandboxieDcomLaunch.pdb

Imports

sbiedll

SbieApi_QueryProcess
SbieApi_EnumProcessEx
SbieDll_Hook
SbieDll_IsBoxedService
SbieDll_StartBoxedService

kernel32

SetEvent
WaitForSingleObject
CreateEventW
OpenEventW
GetCurrentProcessId
ExitProcess
CreateThread
GetCurrentThreadId
GetProcessHeap
TlsGetValue
TlsSetValue
OpenProcess
GetVersionExW
CreateFileMappingW
GetModuleHandleW
GetProcAddress
LoadLibraryW
HeapReAlloc
HeapFree
HeapAlloc
SetLastError
GetLastError
CloseHandle
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
CreateFileW
WriteConsoleW
TlsAlloc
GetStartupInfoW
HeapSize
SetFilePointerEx
LCMapStringW
FlsFree
FlsSetValue
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
GetStdHandle
WriteFile
GetModuleFileNameW
GetCurrentProcess
TerminateProcess
GetModuleHandleExW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
FlsAlloc
FlsGetValue

advapi32

StartServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
QueryServiceStatusEx
QueryServiceStatus
OpenServiceW
ControlService
CloseServiceHandle
GetTokenInformation
DuplicateToken
AccessCheckByType
OpenProcessToken
SetThreadToken

ntdll

NtOpenKey
RtlInitUnicodeString
NtQueryValueKey
RtlAdjustPrivilege
NtClose
NtQueryInformationProcess

user32

MessageBoxW
wsprintfW

Sections

.text
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SandboxieRpcSs.exe
.exe windows:6 windows x64 arch:x64

e3dcec587c8f6efa5ccae06b800831ce

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

60:56:27:08:9c:e6:58:cf:82:e4:8d:04
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/04/2021, 21:51

Not After

28/10/2023, 16:27

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederoesterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b5:2e:71:6e:c0:61:d1:c0:3a:7d:eb:26:41:81:70:48:ba:bc:69:d6:93:b6:6d:42:df:41:0e:69:2b:62:69:d5
Signer

Actual PE Digest

b5:2e:71:6e:c0:61:d1:c0:3a:7d:eb:26:41:81:70:48:ba:bc:69:d6:93:b6:6d:42:df:41:0e:69:2b:62:69:d5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SandboxieRpcSs.pdb

Imports

sbiedll

SbieDll_QueuePutRpl
SbieDll_QueueGetReq
SbieDll_QueueCreate
SbieDll_FreeMem
SbieApi_Log
SbieDll_IsDllSkipHook
SbieDll_IsBoxedService
SbieDll_IsOpenCOM
SbieDll_CallServer
SbieDll_Hook
SbieDll_ExpandAndRunProgram
SbieDll_StartBoxedService
SbieDll_KillAll
SbieApi_QueryConfBool
SbieApi_QueryConf
SbieApi_EnumProcessEx
SbieApi_QueryProcess
SbieApi_QueryProcessInfo

ws2_32

listen
bind
gethostbyname
gethostname
WSAStartup
WSASetLastError
WSASocketW

advapi32

StartServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
QueryServiceStatusEx
QueryServiceStatus
OpenServiceW
ControlService
CloseServiceHandle
RegQueryValueExW
RegOpenKeyExW
GetTokenInformation
DuplicateToken
AccessCheckByType
OpenThreadToken
OpenProcessToken
SetThreadToken

kernel32

TerminateProcess
GetCurrentProcess
GetModuleFileNameW
WriteConsoleW
CreateFileW
GetModuleHandleExW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
HeapSize
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
GetModuleHandleW
CloseHandle
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
WaitForSingleObject
CreateEventW
GetProcessTimes
ExitProcess
CreateThread
OpenProcess
GetSystemTimeAsFileTime
RegisterWaitForSingleObject
UnregisterWait
GetLastError
SetLastError
CreateMutexW
OpenMutexW
OpenEventW
GetCurrentProcessId
GetCurrentThreadId
SetThreadPriority
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
GetVersionExW
CreateFileMappingW
GetProcAddress
LoadLibraryW
Sleep
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
WriteFile
SetFilePointerEx
GetStdHandle
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStringTypeW
SetStdHandle
QueryPerformanceCounter
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
FreeEnvironmentStringsW

ntdll

NtOpenKey
NtQueryValueKey
RtlAdjustPrivilege
NtYieldExecution
NtUnmapViewOfSection
NtMapViewOfSection
NtClose
RtlInitUnicodeString

user32

MessageBoxW
wsprintfW
GetWindowThreadProcessId
EnumWindows
GetWindowLongW
CreateWindowExW
RegisterClassW
DefWindowProcW
DispatchMessageW
GetMessageW

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SandboxieWUAU.exe
.exe windows:6 windows x64 arch:x64

eb4ef77383c173f5c9fbc01181d02b56

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

60:56:27:08:9c:e6:58:cf:82:e4:8d:04
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/04/2021, 21:51

Not After

28/10/2023, 16:27

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederoesterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f1:95:25:b5:22:12:d5:e5:d6:fb:9d:7e:5a:e7:25:f5:da:d3:80:11:c5:6f:4a:0e:1b:c7:9c:57:44:a1:85:d8
Signer

Actual PE Digest

f1:95:25:b5:22:12:d5:e5:d6:fb:9d:7e:5a:e7:25:f5:da:d3:80:11:c5:6f:4a:0e:1b:c7:9c:57:44:a1:85:d8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SandboxieWUAU.pdb

Imports

sbiedll

SbieDll_Hook
SbieApi_EnumProcessEx
SbieApi_QueryProcess

ntdll

RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
RtlCaptureContext
RtlLookupFunctionEntry

kernel32

CreateFileW
GetConsoleMode
GetConsoleOutputCP
WriteConsoleW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
DeleteCriticalSection
FlushFileBuffers
HeapReAlloc
HeapSize
HeapFree
SetLastError
GetCurrentThreadId
GetVersionExW
GetLastError
CloseHandle
LoadLibraryW
HeapAlloc
GetProcAddress
GetCurrentProcessId
GetProcessHeap
CreateProcessW
GetModuleHandleW
SetFilePointerEx
LCMapStringW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
GetCurrentProcess
ExitProcess
TerminateProcess
GetModuleHandleExW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SbieCtrl.exe
.exe windows:6 windows x64 arch:x64

937fc193abb54d90f1ec6f40aa2176e7

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

60:56:27:08:9c:e6:58:cf:82:e4:8d:04
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/04/2021, 21:51

Not After

28/10/2023, 16:27

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederoesterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c1:34:c6:4c:5b:35:bb:25:c7:26:3d:9e:fb:e5:18:12:54:12:52:ce:b8:1b:ba:a4:0c:b7:57:de:5e:4f:4a:09
Signer

Actual PE Digest

c1:34:c6:4c:5b:35:bb:25:c7:26:3d:9e:fb:e5:18:12:54:12:52:ce:b8:1b:ba:a4:0c:b7:57:de:5e:4f:4a:09

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SbieCtrl.pdb

Imports

sbiedll

SbieDll_UpdateConf
SbieDll_GetTokenElevationType
SbieDll_KillOne
SbieDll_DeviceChange
SbieApi_ReloadConf
SbieApi_SessionLeader
SbieApi_GetHomePath
SbieApi_MonitorGetEx
SbieApi_MonitorControl
SbieApi_ProcessExemptionControl
SbieApi_GetMessage
SbieDll_FreeMem
SbieDll_CallServer
SbieDll_GetStartError
SbieDll_StartSbieSvc
SbieApi_GetVersionEx
SbieDll_IsReservedFileName
SbieApi_EnumProcessEx
SbieApi_QueryProcessInfo
SbieApi_QueryProcessEx
SbieDll_TranslateNtToDosPath
SbieDll_GetUserPathEx
SbieDll_GetDrivePath
SbieApi_QueryConfBool
SbieApi_QueryConf
SbieApi_GetFileName
SbieApi_QueryBoxPath
SbieDll_KillAll
SbieApi_IsBoxEnabled
SbieApi_EnumBoxesEx
SbieDll_GetBorderColor
SbieApi_DisableForceProcess
SbieApi_Log
SbieDll_RunFromHome
SbieDll_GetLanguage
SbieDll_FormatMessage2
SbieDll_FormatMessage1
SbieDll_FormatMessage0
SbieDll_FormatMessage

ntdll

RtlUnwindEx
VerSetConditionMask
NtOpenKey
NtQueryDirectoryObject
NtOpenDirectoryObject
NtClose
RtlInitUnicodeString
NtQueryFullAttributesFile
NtQueryDirectoryFile
NtCreateFile
RtlPcToFileHeader

psapi

GetModuleFileNameExW

winhttp

WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpConnect
WinHttpOpen
WinHttpSetOption
WinHttpReadData
WinHttpCloseHandle

kernel32

GetCurrentDirectoryW
FlushFileBuffers
GetFileSize
GetFullPathNameW
GetVolumeInformationW
LockFile
SetEndOfFile
SetFilePointer
UnlockFile
DuplicateHandle
GetCurrentProcess
lstrcmpiW
lstrcpyW
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesExW
SystemTimeToTzSpecificLocalTime
VerifyVersionInfoW
GetProfileIntW
SearchPathW
GetTempFileNameW
GetStringTypeW
InitializeCriticalSectionEx
GetCPInfo
ResetEvent
WaitForSingleObjectEx
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
FindResourceExW
IsDebuggerPresent
GetStartupInfoW
LCMapStringW
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
GetTimeZoneInformation
LoadResource
LockResource
SizeofResource
FindResourceW
DecodePointer
RaiseException
GetLastError
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LocalFree
CloseHandle
LocalAlloc
FormatMessageW
GlobalAlloc
GlobalFree
GetTickCount
GetFileAttributesW
GetCurrentThreadId
GetProcAddress
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
InitializeSListHead
OutputDebugStringW
ExitProcess
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
HeapQueryInformation
GetSystemInfo
VirtualAlloc
VirtualQuery
QueryPerformanceFrequency
SetStdHandle
GetFileType
GetStdHandle
FlsAlloc
FileTimeToSystemTime
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetCurrentThread
GlobalGetAtomNameW
lstrcmpA
ResumeThread
SuspendThread
SetThreadPriority
SetEvent
VirtualProtect
CompareStringW
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetModuleHandleExW
GetSystemDirectoryW
EncodePointer
OutputDebugStringA
WideCharToMultiByte
SetLastError
OpenProcess
GetProcessTimes
GetModuleHandleA
GetTempPathW
WriteFile
WaitForMultipleObjects
CreateEventW
CopyFileW
GetModuleFileNameW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
DeleteFileW
GetDriveTypeW
CreateThread
ExpandEnvironmentStringsW
MoveFileW
RemoveDirectoryW
FindNextFileW
FindFirstFileW
FindClose
CreateDirectoryW
FreeLibrary
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
OpenEventW
WaitForSingleObject
LoadLibraryW
MultiByteToWideChar
GetFileTime
GlobalFlags
ProcessIdToSessionId
OpenMutexW
CreateMutexW
GetShortPathNameW
SetCurrentDirectoryW
GetCommandLineW
GetSystemWindowsDirectoryW
GetVersionExW
GetModuleHandleW
GetCurrentProcessId
GlobalSize
ReadFile
GetFileSizeEx
CreateFileW
Sleep
MulDiv
GlobalLock
GlobalUnlock
GetWindowsDirectoryW
RtlCaptureContext

user32

GetWindowRgn
CreateMenu
SubtractRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
GetUpdateRect
CharUpperBuffW
GetDoubleClickTime
CopyAcceleratorTableW
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
WaitMessage
PostThreadMessageW
GetComboBoxInfo
UpdateLayeredWindow
DrawIcon
FrameRect
CopyIcon
SetCursorPos
IsZoomed
DrawFrameControl
DrawEdge
EnumDisplayMonitors
NotifyWinEvent
HideCaret
EnableScrollBar
MessageBeep
DrawFocusRect
GetNextDlgGroupItem
LockWindowUpdate
GetMenuDefaultItem
TrackMouseEvent
CharUpperW
SetParent
GetSystemMenu
UnionRect
SendDlgItemMessageA
CopyImage
RealChildWindowFromPoint
ShowOwnedPopups
ReuseDDElParam
UnpackDDElParam
SetRectEmpty
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
BringWindowToTop
DestroyMenu
MapVirtualKeyW
GetKeyNameTextW
MapDialogRect
GetAsyncKeyState
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
IsDialogMessageW
SetWindowTextW
SendDlgItemMessageW
CheckDlgButton
SetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
WinHelpW
GetScrollInfo
SetScrollInfo
GetTopWindow
GetClassLongPtrW
EqualRect
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetDlgItem
SetWindowPlacement
GetWindowPlacement
IsChild
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetMessageTime
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
GetLastActivePopup
IsWindowEnabled
IntersectRect
InflateRect
FillRect
RemoveMenu
GetMenuState
GetMenuStringW
EnumWindows
GetSysColorBrush
IsWindow
GetIconInfo
CreateIconIndirect
LoadImageW
MonitorFromRect
MonitorFromPoint
SetMenuDefaultItem
ModifyMenuW
AppendMenuW
InsertMenuW
GetMenuItemID
CreatePopupMenu
SetFocus
PostQuitMessage
LoadMenuW
GetActiveWindow
RegisterWindowMessageW
wsprintfW
IsRectEmpty
TabbedTextOutW
GrayStringW
DrawTextExW
SystemParametersInfoW
DrawStateW
DrawTextW
GetMenuItemRect
SetMenuItemInfoW
GetMenuItemInfoW
DeleteMenu
GetMenuItemCount
IsMenu
GetMessagePos
GetMessageW
DrawIconEx
FindWindowExW
SetForegroundWindow
GetDlgCtrlID
IsIconic
InvalidateRect
DestroyCursor
LoadBitmapW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
EnumChildWindows
PtInRect
OffsetRect
SetRect
InvertRect
SetCursor
GetWindowDC
ReleaseCapture
SetCapture
CallWindowProcW
DestroyIcon
ClientToScreen
GetSubMenu
EnableMenuItem
GetKeyState
GetFocus
IsClipboardFormatAvailable
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
GetWindow
RegisterClipboardFormatW
GetTitleBarInfo
GetMonitorInfoW
MonitorFromWindow
LoadIconW
GetWindowThreadProcessId
FindWindowW
SetClassLongPtrW
WindowFromPoint
GetCursorPos
SetWindowRgn
GetForegroundWindow
GetSystemMetrics
SetWindowPos
SetLayeredWindowAttributes
DestroyWindow
EnumThreadWindows
FlashWindowEx
CopyRect
GetSysColor
EndPaint
BeginPaint
KillTimer
SetTimer
ScreenToClient
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
UpdateWindow
MoveWindow
ShowWindow
CreateWindowExW
MessageBoxW
MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW
TranslateMessage
UnregisterClassW
LoadCursorW
GetClassNameW
GetParent
GetDesktopWindow
GetWindowRect
GetClientRect
EnableWindow
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
RegisterClassExW
DefWindowProcW
PostMessageW
SendMessageW
ReleaseDC
GetDC
SetActiveWindow

gdi32

CreateBitmap
MoveToEx
SetViewportExtEx
SetViewportOrgEx
CreateHatchBrush
ExcludeClipRect
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
SetRectRgn
DPtoLP
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesW
CreateDCW
StretchBlt
CreateDIBSection
SetDIBColorTable
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
GetRgnBox
ExtTextOutW
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceW
CopyMetaFileW
GetTextCharsetInfo
CreatePatternBrush
TextOutW
SetTextColor
RectVisible
PtVisible
GetDeviceCaps
GetStockObject
GetTextExtentPoint32W
PatBlt
SelectObject
GetTextMetricsW
DeleteDC
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetBkColor
GetTextColor
CreateSolidBrush
DeleteObject
CreatePolygonRgn
CreateFontIndirectW
SetPixel
GetObjectW
CombineRgn
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SetBkColor
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
CreateEllipticRgn
CreateRectRgn
Ellipse
GetPixel
Rectangle
CreatePen
Escape
GetClipBox
OffsetRgn
GetCurrentObject
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetObjectType

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetOpenFileNameW
ChooseColorW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

EnumServicesStatusW
OpenEventLogW
ReadEventLogW
GetUserNameW
RegCloseKey
RegEnumValueW
RegOpenKeyW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegQueryValueW
RegEnumKeyW
OpenSCManagerW
CloseEventLog
CloseServiceHandle
RegNotifyChangeKeyValue
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetFileInfoW
ShellExecuteExW
Shell_NotifyIconW
DragQueryFileW
DragAcceptFiles
ord165
SHGetFolderPathW
ExtractIconExW
DragFinish
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHAppBarMessage
SHFileOperationW
SHBrowseForFolderW
ShellExecuteW
SHGetDesktopFolder

comctl32

_TrackMouseEvent
ImageList_Draw
ImageList_GetIcon
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_Remove
ImageList_GetIconSize
ImageList_GetImageInfo

shlwapi

PathStripToRootW
StrFormatKBSizeW
PathRemoveFileSpecW
PathIsUNCW
PathFindExtensionW
PathFindFileNameW

uxtheme

OpenThemeData
DrawThemeParentBackground
DrawThemeBackground
GetThemeSysColor
GetWindowTheme
GetCurrentThemeName
GetThemeColor
IsAppThemed
GetThemePartSize
CloseThemeData
DrawThemeText
IsThemeBackgroundPartiallyTransparent

ole32

OleDuplicateData
ReleaseStgMedium
CoUninitialize
CoCreateGuid
CoDisconnectObject
CoInitializeEx
CreateStreamOnHGlobal
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleLockRunning
CoTaskMemAlloc
CoInitialize
CoCreateInstance
GetRunningObjectTable
CreateClassMoniker
CoTaskMemFree
OleCreate
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleSetContainedObject

oleaut32

VarBstrFromDate
VariantCopy
VariantTimeToSystemTime
SystemTimeToVariantTime
LoadTypeLi
VariantChangeType
SysAllocStringLen
SysAllocStringByteLen
SysStringLen
SysFreeString
VariantClear
VariantInit
SysAllocString

gdiplus

GdipImageGetFrameDimensionsCount
GdiplusShutdown
GdipAlloc
GdipFree
GdipLoadImageFromStream
GdipCloneImage
GdipImageSelectActiveFrame
GdipGetImageHeight
GdipDisposeImage
GdipGetImageWidth
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipCreateHBITMAPFromBitmap
GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdiplusStartup
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetPropertyItem

ws2_32

ntohl

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 676KB - Virtual size: 676KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SbieCtrl.exe.sig
SbieDll.dll
.dll windows:6 windows x64 arch:x64

facf04f3f66aaf37837a8f063396e979

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

60:56:27:08:9c:e6:58:cf:82:e4:8d:04
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/04/2021, 21:51

Not After

28/10/2023, 16:27

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederoesterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3a:8e:62:1c:d5:2e:ac:5a:67:ca:6d:02:4f:70:5c:f6:dd:d4:7a:63:66:de:69:91:e5:42:bc:71:65:cc:a4:73
Signer

Actual PE Digest

3a:8e:62:1c:d5:2e:ac:5a:67:ca:6d:02:4f:70:5c:f6:dd:d4:7a:63:66:de:69:91:e5:42:bc:71:65:cc:a4:73

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SbieDll.pdb

Imports

ntdll

NtSetInformationJobObject
NtAssignProcessToJobObject
NtReadVirtualMemory
NtOpenJobObject
NtCreateJobObject
NtUnmapViewOfSection
NtMapViewOfSection
RtlEqualSid
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAceEx
RtlCreateAcl
NtAdjustPrivilegesToken
NtFilterToken
NtDuplicateObject
NtSetInformationToken
NtOpenThread
NtOpenProcess
RtlConvertSidToUnicodeString
RtlSetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
NtSetSecurityObject
NtQuerySecurityObject
RtlNtStatusToDosError
NtProtectVirtualMemory
NtLoadDriver
LdrQueryImageFileExecutionOptions
LdrQueryProcessModuleInformation
LdrUnloadDll
LdrLoadDll
NtYieldExecution
NtNotifyChangeMultipleKeys
NtNotifyChangeKey
NtEnumerateValueKey
NtQueryMultipleValueKey
NtSaveKey
NtLoadKey2
NtLoadKey
NtDeleteKey
NtSetInformationKey
NtQueryKey
NtImpersonateAnonymousToken
NtImpersonateThread
NtDuplicateToken
NtQueryInformationToken
NtOpenThreadToken
NtOpenSection
NtCreateSection
NtOpenSemaphore
NtCreateSemaphore
NtOpenMutant
NtCreateMutant
NtOpenEvent
NtCreateEvent
NtCreateSymbolicLinkObject
NtImpersonateClientOfPort
NtSecureConnectPort
NtCreatePort
RtlUnicodeStringToAnsiString
NtOpenProcessToken
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitString
NtQueryInformationProcess
NtSetInformationThread
RtlSetThreadErrorMode
RtlGetFullPathName_U
RtlSetCurrentDirectory_U
RtlGetCurrentDirectory_U
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
RtlCompareUnicodeString
NtQuerySystemInformation
NtSetInformationProcess
NtQueryVolumeInformationFile
NtCreateNamedPipeFile
NtCreateMailslotFile
NtFsControlFile
NtDeviceIoControlFile
NtWriteFile
NtReadFile
NtDeleteFile
NtSetInformationFile
NtQueryFullAttributesFile
NtQueryAttributesFile
NtQueryInformationFile
NtQueryDirectoryFile
NtOpenFile
NtCreateFile
NtOpenDirectoryObject
NtQueryObject
DbgPrint
NtAllocateVirtualMemory
LdrGetProcedureAddress
NtDeleteValueKey
NtSetValueKey
NtEnumerateKey
NtCreateKey
NtOpenKey
NtQueryValueKey
RtlInitUnicodeString
NtRequestWaitReplyPort
NtRegisterThreadTerminatePort
NtConnectPort
NtClose
NtQueryVirtualMemory
strstr
__C_specific_handler
memcpy
memset
_wcsicmp
__chkstk
_wcsnicmp
towlower
wcsstr
wcschr
_itow
memmove
wcscpy_s
wcsncpy
_wcslwr
wcstol
_wtoi
wcsncmp
memcmp
wcsrchr
_ultow
wcstoul
_wtoi64
strchr
strncmp
wcsncpy_s
tolower
_stricmp
iswctype
_strlwr

kernel32

ExpandEnvironmentStringsW
SetLocaleInfoW
SetLocaleInfoA
PostQueuedCompletionStatus
EnumResourceNamesW
FormatMessageW
LoadLibraryExW
GetVersionExW
GetLongPathNameW
GetFullPathNameW
WinExec
OpenProcess
CreateProcessA
TerminateProcess
QueueUserWorkItem
CreateFileA
SizeofResource
WriteProcessMemory
ReadProcessMemory
VirtualAllocEx
DuplicateHandle
GetProcessId
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
GetWindowsDirectoryW
HeapDestroy
HeapCreate
SetThreadPriority
GetExitCodeProcess
OpenEventW
DeleteCriticalSection
RaiseException
GlobalAddAtomW
UnmapViewOfFile
MapViewOfFileEx
GetThreadTimes
SleepEx
GetTickCount64
FindResourceA
FindResourceW
LockResource
LoadResource
GlobalLock
GlobalUnlock
GlobalSize
GetConsoleWindow
SetConsoleTitleW
SetConsoleTitleA
GetConsoleTitleW
GetConsoleTitleA
AllocConsole
GetStartupInfoW
OpenThread
WaitForMultipleObjects
WideCharToMultiByte
GetSystemInfo
GetSystemWindowsDirectoryW
ReplaceFileW
MoveFileWithProgressW
MoveFileExW
GetPrivateProfileStringW
GetTickCount
QueueUserAPC
OpenMutexW
CreateMutexW
ReleaseMutex
TryEnterCriticalSection
GetFileSizeEx
GetFileAttributesW
FindNextChangeNotification
FindFirstChangeNotificationW
DeleteFileW
CreateDirectoryW
GetEnvironmentVariableW
GetEnvironmentStringsW
QueryPerformanceFrequency
QueryPerformanceCounter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsSetValue
TlsGetValue
TlsAlloc
GetModuleHandleA
ProcessIdToSessionId
GetCurrentProcessId
Sleep
SetEvent
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
OutputDebugStringW
GetModuleFileNameW
CreateProcessW
CreateThread
ExitProcess
SetEnvironmentVariableW
GetCommandLineW
LocalFree
LocalAlloc
GetSystemTimeAsFileTime
LoadLibraryW
GetModuleHandleW
FreeLibrary
CreateEventW
WaitForSingleObject
GlobalFree
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery
VirtualProtectEx
VirtualQueryEx
SetLastError
CreateFileW
ReadFile
SetFilePointerEx
CloseHandle
GetProcAddress
GlobalAlloc

Exports

Exports

File_GetName
Key_GetName
SbieApi_Call
SbieApi_CheckInternetAccess
SbieApi_DisableForceProcess
SbieApi_EnumBoxes
SbieApi_EnumBoxesEx
SbieApi_EnumProcessEx
SbieApi_GetBlockedDll
SbieApi_GetFileName
SbieApi_GetHomePath
SbieApi_GetMessage
SbieApi_GetUnmountHive
SbieApi_GetVersion
SbieApi_GetVersionEx
SbieApi_HookTramp
SbieApi_Ioctl
SbieApi_IsBoxEnabled
SbieApi_Log
SbieApi_LogEx
SbieApi_LogMsgEx
SbieApi_LogMsgExt
SbieApi_MonitorControl
SbieApi_MonitorGetEx
SbieApi_MonitorPut
SbieApi_MonitorPut2
SbieApi_MonitorPutMsg
SbieApi_OpenProcess
SbieApi_ProcessExemptionControl
SbieApi_QueryBoxPath
SbieApi_QueryConf
SbieApi_QueryConfBool
SbieApi_QueryPathList
SbieApi_QueryProcess
SbieApi_QueryProcessEx
SbieApi_QueryProcessEx2
SbieApi_QueryProcessInfo
SbieApi_QueryProcessInfoEx
SbieApi_QueryProcessPath
SbieApi_ReloadConf
SbieApi_SessionLeader
SbieApi_SetUserName
SbieApi_vLogEx
SbieDll_AssocQueryCommand
SbieDll_AssocQueryProgram
SbieDll_CallServer
SbieDll_CallServerQueue
SbieDll_CheckPatternInList
SbieDll_CheckProcessLocalSystem
SbieDll_CheckStringInList
SbieDll_ComCreateProxy
SbieDll_ComCreateStub
SbieDll_DeviceChange
SbieDll_DisableCHPE
SbieDll_DisableElevationHook
SbieDll_ExpandAndRunProgram
SbieDll_FormatMessage
SbieDll_FormatMessage0
SbieDll_FormatMessage1
SbieDll_FormatMessage2
SbieDll_FreeMem
SbieDll_GetBorderColor
SbieDll_GetDrivePath
SbieDll_GetHandlePath
SbieDll_GetLanguage
SbieDll_GetServiceRegistryValue
SbieDll_GetSettingsForName
SbieDll_GetSettingsForName_bool
SbieDll_GetStartError
SbieDll_GetStringForStringList
SbieDll_GetSysFunction
SbieDll_GetTokenElevationType
SbieDll_GetUserPathEx
SbieDll_Hook
SbieDll_HookInit
SbieDll_InitPStore
SbieDll_InjectLow
SbieDll_InjectLow_InitHelper
SbieDll_InjectLow_InitSyscalls
SbieDll_InjectLow_SendHandle
SbieDll_IsBoxedService
SbieDll_IsDirectory
SbieDll_IsDllSkipHook
SbieDll_IsOpenCOM
SbieDll_IsOpenClsid
SbieDll_IsReservedFileName
SbieDll_KillAll
SbieDll_KillOne
SbieDll_MatchImage
SbieDll_OpenProcess
SbieDll_PortName
SbieDll_QueryConf
SbieDll_QueueCreate
SbieDll_QueueGetReq
SbieDll_QueueGetRpl
SbieDll_QueuePutReq
SbieDll_QueuePutRpl
SbieDll_RegisterDllCallback
SbieDll_RunFromHome
SbieDll_RunSandboxed
SbieDll_RunStartExe
SbieDll_StartBoxedService
SbieDll_StartCOM
SbieDll_StartSbieSvc
SbieDll_TranslateNtToDosPath
SbieDll_UnHookModule
SbieDll_UpdateConf
Sbie_snprintf
Sbie_snwprintf

Sections

.text
Size: 577KB - Virtual size: 576KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SbieDrv.sys
.sys windows:10 windows x64 arch:x64

0d052aa87a88dbb23a7cb2963bc668f3

Code Sign

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/06/2022, 18:08

Not After

01/06/2023, 18:08

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

12:77:b6:28:c1:c1:54:fa:c8:52:ff:a8:92:a0:de:86:95:94:d8:a9:38:da:2c:fc:54:52:a0:9c:1e:38:bb:19
Signer

Actual PE Digest

12:77:b6:28:c1:c1:54:fa:c8:52:ff:a8:92:a0:de:86:95:94:d8:a9:38:da:2c:fc:54:52:a0:9c:1e:38:bb:19

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SbieDrv.pdb

Imports

ntoskrnl.exe

_wcsicmp
_wcsnicmp
RtlUnicodeStringToInteger
ExAcquireResourceSharedLite
ZwYieldExecution
_itow
towlower
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
IoGetCurrentProcess
RtlConvertSidToUnicodeString
SeQueryInformationToken
PsReferencePrimaryToken
PsDereferencePrimaryToken
ZwCreateFile
ZwQueryInformationFile
ZwCreateSection
ZwMapViewOfSection
ZwUnmapViewOfSection
wcsrchr
RtlQueryRegistryValues
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlGetVersion
KeDelayExecutionThread
PsGetVersion
RtlCreateAcl
RtlAddAce
RtlAddAccessAllowedAceEx
RtlSetSaclSecurityDescriptor
ZwSetInformationFile
ZwWriteFile
IoCreateFileSpecifyDeviceObjectHint
NtClose
ObOpenObjectByPointer
IoFileObjectType
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
PsGetProcessWin32WindowStation
ExWindowStationObjectType
MmProbeAndLockPages
MmProtectMdlSystemAddress
MmMapLockedPagesSpecifyCache
IoAllocateMdl
IoIs32bitProcess
ZwWaitForSingleObject
ZwUnloadKey
wcsncpy_s
_wcslwr
KeBugCheckEx
ExInitializeResourceLite
ExDeleteResourceLite
IoCreateFile
ZwReadFile
wcstoul
_wtoi
KeEnterCriticalRegion
KeLeaveCriticalRegion
ZwCreateDirectoryObject
SeSinglePrivilegeCheck
PsGetCurrentThreadId
PsGetProcessId
ZwDuplicateObject
ZwOpenDirectoryObject
ZwSetSecurityObject
ZwCreateSymbolicLinkObject
ZwCreateKey
PsProcessType
PsLookupProcessByProcessId
RtlFreeUnicodeString
ZwQueryDirectoryObject
wcsstr
CmUnRegisterCallback
MmGetSystemRoutineAddress
ObQueryNameString
ZwOpenProcessTokenEx
ZwSetInformationToken
ZwLoadKey
ObOpenObjectByName
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
DbgPrint
PsGetThreadProcessId
PsGetThreadProcess
PsThreadType
RtlInt64ToUnicodeString
PsSetCreateProcessNotifyRoutineEx
PsSetLoadImageNotifyRoutine
PsRemoveLoadImageNotifyRoutine
PsGetProcessCreateTimeQuadPart
PsSetThreadHardErrorsAreDisabled
_ultow_s
SeQuerySessionIdToken
PsDereferenceImpersonationToken
PsReferenceImpersonationToken
PsGetProcessSessionId
SeTokenObjectType
KeStackAttachProcess
KeUnstackDetachProcess
PsGetProcessPeb
ZwOpenProcess
RtlLengthSid
ZwQueryInformationProcess
PsCreateSystemThread
PsTerminateSystemThread
ZwTerminateProcess
PsGetProcessJob
SeTokenIsAdmin
ZwQueryInformationToken
MmIsAddressValid
NtDeviceIoControlFile
PsImpersonateClient
ZwQuerySystemInformation
strcmp
PsSetCreateThreadNotifyRoutine
PsRemoveCreateThreadNotifyRoutine
PsGetThreadId
SeTokenType
ZwDuplicateToken
ZwOpenThreadToken
ZwOpenProcessToken
SeTokenImpersonationLevel
PsGetProcessExitProcessCalled
ZwDeviceIoControlFile
RtlEqualSid
RtlAddAccessAllowedAce
ZwSetInformationProcess
RtlUnicodeToUTF8N
RtlTimeFieldsToTime
ExSystemTimeToLocalTime
SeLocateProcessImageName
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
RtlUnicodeToMultiByteN
ZwClose
ObfDereferenceObject
ObfReferenceObject
ObReferenceObjectByHandle
IoDeleteDevice
IoCreateDevice
IofCompleteRequest
RtlCompareUnicodeString
wcschr
LpcPortObjectType
__C_specific_handler
LpcRequestPort
SeFilterToken
PsGetCurrentProcessId
ZwSetValueKey
ZwQueryValueKey
ObReferenceObjectByName
ZwOpenKey
ExGetPreviousMode
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
ProbeForWrite
ExRaiseStatus
ProbeForRead
ExFreePoolWithTag
ExAllocatePoolWithTag
KeAreApcsDisabled
KeGetCurrentIrql
RtlInitUnicodeString
wcsncpy
wcscmp
wcsncmp
RtlAnsiCharToUnicodeChar

fltmgr.sys

FltRegisterFilter
FltStartFiltering
FltSetCallbackDataDirty
FltGetFileNameInformation
FltReleaseFileNameInformation
FltUnregisterFilter

ksecdd.sys

BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptVerifySignature
BCryptDestroyKey
BCryptImportKeyPair
BCryptCloseAlgorithmProvider
BCryptGetProperty
BCryptOpenAlgorithmProvider

fwpkclnt.sys

FwpmBfeStateUnsubscribeChanges0
FwpmTransactionBegin0
FwpmBfeStateGet0
FwpsCalloutUnregisterById0
FwpsCalloutRegister1
FwpmEngineOpen0
FwpmEngineClose0
FwpmTransactionCommit0
FwpmTransactionAbort0
FwpmSubLayerAdd0
FwpmCalloutAdd0
FwpmBfeStateSubscribeChanges0
FwpmFilterAdd0

Sections

.text
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INITDATA
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SbieIni.exe
.exe windows:6 windows x64 arch:x64

f120a1a2d28dc899649e3f5421c103fb

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

60:56:27:08:9c:e6:58:cf:82:e4:8d:04
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/04/2021, 21:51

Not After

28/10/2023, 16:27

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederoesterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

eb:90:65:66:10:c5:0a:23:e6:5a:2f:7e:aa:37:f6:47:cd:c9:ae:65:ae:68:8b:50:5f:70:7d:a7:23:20:ae:01
Signer

Actual PE Digest

eb:90:65:66:10:c5:0a:23:e6:5a:2f:7e:aa:37:f6:47:cd:c9:ae:65:ae:68:8b:50:5f:70:7d:a7:23:20:ae:01

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SbieIni.pdb

Imports

sbiedll

SbieDll_UpdateConf
SbieApi_QueryConf
SbieDll_TranslateNtToDosPath
SbieApi_EnumBoxesEx
SbieApi_IsBoxEnabled

kernel32

TerminateProcess
WriteConsoleW
CreateFileW
CloseHandle
GetCommandLineW
HeapAlloc
GetProcessHeap
ExitProcess
HeapReAlloc
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
GetStdHandle
WriteFile
GetModuleFileNameW
GetCurrentProcess
GetModuleHandleExW
GetCommandLineA
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
HeapSize

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SbieMsg.dll
.dll windows:6 windows x64 arch:x64

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

60:56:27:08:9c:e6:58:cf:82:e4:8d:04
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/04/2021, 21:51

Not After

28/10/2023, 16:27

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederoesterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b8:97:0a:3d:05:85:b8:de:88:47:01:0a:33:f5:1b:6b:89:50:07:89:99:f4:2a:2c:50:91:2f:6f:bd:03:89:f1
Signer

Actual PE Digest

b8:97:0a:3d:05:85:b8:de:88:47:01:0a:33:f5:1b:6b:89:50:07:89:99:f4:2a:2c:50:91:2f:6f:bd:03:89:f1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SbieMsg.pdb

Sections

.rdata
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SbieSvc.exe
.exe windows:6 windows x64 arch:x64

a23624cee5ac9829435347a3e37c9d79

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

60:56:27:08:9c:e6:58:cf:82:e4:8d:04
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/04/2021, 21:51

Not After

28/10/2023, 16:27

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederoesterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

55:3d:ae:19:75:40:44:70:bd:00:d8:da:9d:65:d4:7e:ad:99:f1:47:ee:4f:87:62:30:f6:75:c5:3e:42:98:86
Signer

Actual PE Digest

55:3d:ae:19:75:40:44:70:bd:00:d8:da:9d:65:d4:7e:ad:99:f1:47:ee:4f:87:62:30:f6:75:c5:3e:42:98:86

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SbieSvc.pdb

Imports

sbiedll

SbieApi_EnumProcessEx
SbieApi_QueryConf
SbieDll_IsOpenClsid
SbieApi_IsBoxEnabled
SbieDll_ComCreateStub
SbieApi_QueryProcessInfo
SbieApi_QueryProcessEx2
SbieApi_GetMessage
SbieApi_GetVersionEx
SbieApi_QueryBoxPath
SbieApi_QueryConfBool
SbieApi_SetUserName
SbieApi_GetUnmountHive
SbieDll_RunStartExe
SbieDll_TranslateNtToDosPath
SbieDll_GetServiceRegistryValue
SbieDll_FormatMessage2
SbieDll_PortName
SbieApi_Call
SbieDll_RunFromHome
SbieApi_QueryProcess
SbieDll_RunSandboxed
SbieDll_InjectLow_InitHelper
SbieDll_InjectLow_InitSyscalls
SbieDll_InjectLow
SbieDll_GetStringForStringList
SbieApi_QueryProcessPath
SbieApi_GetHomePath
SbieApi_QueryPathList
SbieDll_KillOne
SbieDll_FreeMem
SbieDll_QueueCreate
SbieDll_QueueGetReq
SbieDll_QueuePutRpl
SbieApi_CheckInternetAccess
SbieDll_GetSettingsForName_bool
SbieDll_DisableCHPE
SbieApi_EnumBoxes
SbieDll_CheckStringInList
SbieDll_CheckPatternInList
SbieApi_SessionLeader
SbieApi_ReloadConf
SbieApi_OpenProcess
SbieDll_GetLanguage
SbieDll_FormatMessage0
SbieApi_Log
SbieApi_LogEx

ntdll

NtRequestPort
RtlInitUnicodeString
NtCreatePort
NtUnloadKey
NtOpenKey
NtClose
NtReplyWaitReceivePort
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlPcToFileHeader
RtlUnwindEx
RtlCreateVirtualAccountSid
RtlSetDaclSecurityDescriptor
NtCreateFile
NtSetInformationFile
NtReadFile
NtWriteFile
NtLoadDriver
NtQueryKey
NtDuplicateObject
NtOpenProcess
NtAdjustPrivilegesToken
NtSetInformationProcess
NtOpenDirectoryObject
NtImpersonateClientOfPort
NtCompleteConnectPort
NtAcceptConnectPort
RtlNtStatusToDosError
NtRequestWaitReplyPort
NtConnectPort
NtFilterToken
NtDuplicateToken
NtQueryInformationToken
NtOpenThreadToken
NtOpenProcessToken
NtSetInformationThread
NtAllocateVirtualMemory
RtlInitializeSid
RtlSubAuthoritySid
NtSetInformationToken
NtQueryInformationProcess
RtlCreateSecurityDescriptor
NtLoadKey
NtQuerySystemInformation

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileType
GetStringTypeW
GetStdHandle
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
EncodePointer
CloseHandle
GetLastError
HeapCreate
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
SetEvent
WaitForSingleObject
CreateMutexW
OpenMutexW
CreateEventW
OpenEventW
Sleep
WaitForMultipleObjects
ExitProcess
TerminateProcess
CreateThread
FlsAlloc
GetTickCount
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
LocalFree
GetEnvironmentVariableW
SetCurrentDirectoryW
GetFullPathNameW
GetPrivateProfileStringW
CreateFileW
SetFilePointer
WriteFile
SetLastError
DeviceIoControl
GetProcessTimes
GetCurrentProcess
GetCurrentProcessId
SetThreadPriority
TerminateThread
OpenProcess
GetLocalTime
GetVersionExW
VirtualAlloc
VirtualFree
LocalAlloc
GetSystemWindowsDirectoryW
DuplicateHandle
ResetEvent
QueueUserAPC
GetCurrentThreadId
OpenThread
ProcessIdToSessionId
IsProcessInJob
CreateJobObjectW
AssignProcessToJobObject
TerminateJobObject
SetInformationJobObject
QueryInformationJobObject
GetModuleHandleW
GetProcAddress
LoadLibraryW
GlobalSize
RegisterWaitForSingleObject
UnregisterWait
AllocConsole
GetConsoleWindow
GetConsoleProcessList
GetFileSizeEx
OutputDebugStringW
RaiseException
InitializeCriticalSectionAndSpinCount
GetCommandLineW
GetSystemInfo
GetFinalPathNameByHandleW
CancelIo
DefineDosDeviceW
TlsAlloc
TlsGetValue
TlsSetValue
ResumeThread
WriteProcessMemory
GetModuleFileNameW
QueueUserWorkItem
GetExitCodeProcess
DeleteFileW
GetFileAttributesW
ReadFile
SetEndOfFile
SetFileAttributesW
GetWindowsDirectoryW
CopyFileW
MultiByteToWideChar
WideCharToMultiByte
SuspendThread
CreateProcessW
ReadProcessMemory
MulDiv
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
SetStdHandle
SetFilePointerEx
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
WriteConsoleW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThread

user32

RegisterClassW
DefWindowProcW
PostMessageW
PostMessageA
SendNotifyMessageW
SendNotifyMessageA
SendMessageTimeoutW
SendMessageW
SendMessageA
GetProcessWindowStation
SetProcessWindowStation
IsWindow
GetThreadDesktop
SetThreadDesktop
CreateDesktopW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SetTimer
DispatchMessageW
GetMessageW
wsprintfW
DestroyWindow
CreateWindowExW
SetWindowPos
IsWindowVisible
IsIconic
IsZoomed
GetClipboardSequenceNumber
GetMonitorInfoW
EndPaint
BeginPaint
ShowWindow
RegisterClassExW
PackDDElParam
GetRawInputDeviceInfoW
GetRawInputDeviceInfoA
UserHandleGrantAccess
GetWindowInfo
MonitorFromWindow
ChangeDisplaySettingsExW
ChangeDisplaySettingsExA
GetIconInfo
GetWindow
GetWindowThreadProcessId
GetClassNameW
GetClassNameA
EnumThreadWindows
EnumWindows
GetShellWindow
FindWindowExW
FindWindowExA
FindWindowW
FindWindowA
EnumChildWindows
GetParent
GetDesktopWindow
GetClassLongPtrW
GetClassLongPtrA
GetClassLongW
GetClassLongA
GetWindowLongPtrW
GetWindowLongPtrA
GetWindowLongW
GetWindowLongA
ClipCursor
MapWindowPoints
ScreenToClient
ClientToScreen
SetCursorPos
GetWindowRect
GetClientRect
GetPropW
GetPropA
SetPropW
ReleaseDC
GetDC
SetForegroundWindow
IsWindowEnabled
IsWindowUnicode
KillTimer
EnumClipboardFormats
CreateWindowStationW
GetClipboardData

advapi32

CreateProcessAsUserW
StartServiceW
EnumServicesStatusExW
ControlService
SetSecurityInfo
SetTokenInformation
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorSacl
RegOpenCurrentUser
RegOpenUserClassesRoot
QueryServiceStatusEx
OpenThreadToken
OpenServiceW
OpenSCManagerW
CloseServiceHandle
DuplicateTokenEx
OpenProcessToken
AdjustTokenPrivileges
GetTokenInformation
LookupAccountSidW
LookupPrivilegeValueW
RegCloseKey
RegOpenKeyExW
LsaManageSidNameMapping
GetSecurityInfo
AccessCheck
QueryServiceConfig2W
QueryServiceConfigW
EnumServicesStatusW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
GetLengthSid
DuplicateToken
AddAccessAllowedAce
SetThreadToken
RevertToSelf
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
ReportEventW
RegQueryValueExW
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupAccountNameW
LsaFreeMemory
OpenEventLogW

psapi

EnumProcessModules
GetModuleFileNameExW
GetModuleBaseNameW

ole32

CoInitializeEx
CoGetClassObject
CoMarshalInterface
CoUnmarshalInterface
CoInitializeSecurity
CoQueryProxyBlanket
CoSetProxyBlanket
CreateStreamOnHGlobal
StringFromGUID2
CoTaskMemFree
CoGetObject
CoRegisterClassObject
CoRevokeClassObject
CoInitialize
CoCopyProxy

crypt32

CryptProtectData
CryptUnprotectData

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

gdi32

DeleteDC
GetDIBits
CreateCompatibleDC
TextOutW
GetEnhMetaFileBits
CreateFontW
CreateSolidBrush
GetDeviceCaps
SelectObject
SetBkColor
GetMetaFileBitsEx
SetTextColor

netapi32

NetUseAdd

wtsapi32

WTSQueryUserToken

rpcrt4

RpcMgmtEpEltInqDone
RpcMgmtEpEltInqNextW
RpcStringFreeW
RpcMgmtEpEltInqBegin
UuidFromStringW
RpcBindingToStringBindingW

bcrypt

BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptVerifySignature
BCryptDestroyKey
BCryptImportKeyPair
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptCreateHash

Sections

.text
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SbieSvc.exe.sig
SboxHostDll.dll
.dll windows:6 windows x64 arch:x64

2c0f64a1270ea0aebe3f33b34754c5f1

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

60:56:27:08:9c:e6:58:cf:82:e4:8d:04
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/04/2021, 21:51

Not After

28/10/2023, 16:27

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederoesterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:0b:44:37:5e:ea:99:e2:22:1e:37:35:50:c0:2a:a7:21:b6:95:6b:89:12:67:fa:ea:4b:af:de:4c:26:03
Signer

Actual PE Digest

0d:42:0b:44:37:5e:ea:99:e2:22:1e:37:35:50:c0:2a:a7:21:b6:95:6b:89:12:67:fa:ea:4b:af:de:4c:26:03

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SboxHostDll.pdb

Imports

sbiedll

SbieApi_QueryProcessInfo
SbieDll_Hook

psapi

EnumProcesses

kernel32

GetModuleHandleW
CreateMutexW
CloseHandle
GetProcessId
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
GetLastError
lstrcmpiW
GetModuleFileNameW
OpenProcess
GetProcAddress
InitializeCriticalSectionAndSpinCount
RaiseException
DeleteCriticalSection
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
SetFilePointerEx
GetConsoleMode
CreateFileW
WriteConsoleW
LocalFree
SetLastError
GetConsoleOutputCP
WriteFile
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
InterlockedFlushSList
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetCurrentProcess
TerminateProcess
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
ExitProcess
GetModuleHandleExW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
GetFileType
GetStringTypeW
SetStdHandle
FlushFileBuffers

advapi32

GetTokenInformation
IsValidSid
GetLengthSid
CopySid
ConvertSidToStringSidW

userenv

UnloadUserProfile

Exports

Exports

InjectDllMain

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Start.exe
.exe windows:6 windows x64 arch:x64

f36bcab6b8abecce4210142316337dc4

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

60:56:27:08:9c:e6:58:cf:82:e4:8d:04
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/04/2021, 21:51

Not After

28/10/2023, 16:27

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederoesterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c0:89:31:48:1c:35:e4:6a:b1:ef:21:72:e7:2c:36:17:ac:16:c1:1f:71:27:da:b7:5d:fa:cd:1e:f6:24:03:11
Signer

Actual PE Digest

c0:89:31:48:1c:35:e4:6a:b1:ef:21:72:e7:2c:36:17:ac:16:c1:1f:71:27:da:b7:5d:fa:cd:1e:f6:24:03:11

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\x64\SbieRelease\Start.pdb

Imports

ntdll

RtlVirtualUnwind
RtlCaptureContext
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
NtTerminateThread
NtTerminateProcess
NtOpenKey
RtlNtStatusToDosError
RtlInitUnicodeString
NtSetInformationFile
NtQueryInformationFile
NtCreateFile
NtClose

user32

LoadImageW
GetDesktopWindow
ScreenToClient
GetWindowRect
GetClientRect
SetWindowTextW
CreateWindowExW
KillTimer
DestroyWindow
SetTimer
SetDlgItemTextW
SendMessageW
EndDialog
DialogBoxIndirectParamW
SendDlgItemMessageW
SetFocus
EnableWindow
GetSystemMetrics
SetPropW
AllowSetForegroundWindow
GetPropW
MessageBoxW
ClientToScreen
GetWindowLongPtrW
SetWindowLongPtrW
wsprintfW
ExitWindowsEx
DestroyIcon
DefWindowProcW
RegisterClassW
CreateMenu
CreatePopupMenu
DestroyMenu
GetMenuItemCount
TrackPopupMenu
GetMenuInfo
SetMenuInfo
InsertMenuItemW
GetDC
GetSysColorBrush
DrawIconEx
IsWindowEnabled
GetWindowTextW
MapWindowPoints
GetWindowLongW
SetWindowLongW
GetMessageW
PostThreadMessageW
GetAsyncKeyState
CallWindowProcW
SetForegroundWindow
DialogBoxParamW
SetWindowPos
MoveWindow
ShowWindow
GetDlgItem

shell32

SHBindToParent
ShellExecuteW
ExtractAssociatedIconW
ExtractIconW
ExtractIconExW
SHGetSpecialFolderPathW
SHGetFolderPathW
ShellExecuteExW

shlwapi

PathFileExistsW
SHAutoComplete
AssocQueryStringW
StrStrIW

kernel32

LockResource
SizeofResource
FindResourceW
GlobalAlloc
GlobalUnlock
GlobalLock
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadResource
GlobalFree
QueryPerformanceCounter
InitializeSListHead
LoadLibraryW
WriteConsoleW
HeapSize
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetStdHandle
GetStringTypeW
SetFilePointerEx
MultiByteToWideChar
WideCharToMultiByte
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetModuleHandleExW
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetFileType
GetFileAttributesExW
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
RaiseException
FormatMessageW
GetProcAddress
GetVersionExW
GetCurrentThreadId
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
GetTickCount
GetModuleHandleW
LocalFree
GetCurrentProcessId
GetStartupInfoW
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
FindNextFileW
RemoveDirectoryW
CloseHandle
SetLastError
HeapCreate
HeapDestroy
WaitForSingleObject
CreateEventW
Sleep
ExitProcess
GetExitCodeProcess
CreateThread
CreateProcessW
ProcessIdToSessionId
GetSystemTimeAsFileTime
GetModuleFileNameW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetFileAttributesW
GetFullPathNameW
GetSystemWindowsDirectoryW
CreateFileW
GetLogicalDrives
HeapReAlloc
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GetStdHandle
GetCommandLineW
SetCurrentDirectoryW
GetCurrentDirectoryW
WriteFile
FindFirstFileExW

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
PatBlt
SelectObject

sbiedll

SbieDll_FreeMem
File_GetName
Key_GetName
SbieDll_StartCOM
SbieDll_CallServer
SbieDll_RunSandboxed
SbieDll_FormatMessage
SbieDll_GetTokenElevationType
SbieDll_KillAll
SbieDll_GetLanguage
SbieDll_GetStartError
SbieDll_StartSbieSvc
SbieDll_RunStartExe
SbieDll_GetSysFunction
SbieApi_IsBoxEnabled
SbieApi_ReloadConf
SbieApi_DisableForceProcess
SbieApi_GetHomePath
SbieDll_InitPStore
SbieApi_QueryProcessInfo
SbieDll_GetHandlePath
SbieDll_IsDirectory
SbieDll_IsReservedFileName
SbieDll_TranslateNtToDosPath
SbieApi_EnumBoxes
SbieApi_EnumProcessEx
SbieApi_QueryBoxPath
SbieApi_QueryConf
SbieApi_QueryProcess
SbieDll_CallServerQueue
SbieDll_FormatMessage1
SbieDll_FormatMessage0
SbieApi_QueryConfBool
SbieApi_Call
SbieApi_EnumBoxesEx

ole32

CoTaskMemFree
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal

advapi32

RegEnumValueW

comctl32

InitCommonControlsEx

comdlg32

GetOpenFileNameW

gdiplus

GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStream
GdiplusStartup

Sections

.text
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Start.exe.sig
Templates.ini
UpdUtil.exe
.exe windows:6 windows x64 arch:x64

43ba48d86c1c6c9f7ddbec437deaadff

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

60:56:27:08:9c:e6:58:cf:82:e4:8d:04
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/04/2021, 21:51

Not After

28/10/2023, 16:27

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederoesterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:ea:81:d2:24:0f:ea:3e:ac:a3:d2:60:73:c4:1f:b0:5a:7b:f8:14:08:58:75:62:d3:fc:30:c6:e9:01:f5:01
Signer

Actual PE Digest

0e:ea:81:d2:24:0f:ea:3e:ac:a3:d2:60:73:c4:1f:b0:5a:7b:f8:14:08:58:75:62:d3:fc:30:c6:e9:01:f5:01

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\Sandboxie\Sandboxie\SandboxieLive\x64\Release\UpdUtil.pdb

Imports

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlInitUnicodeString
NtCreateFile
NtClose
NtReadFile
NtWriteFile

bcrypt

BCryptHashData
BCryptDestroyHash
BCryptImportKeyPair
BCryptCreateHash
BCryptDestroyKey
BCryptGetProperty
BCryptVerifySignature
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptOpenAlgorithmProvider

winhttp

WinHttpReadData
WinHttpOpen
WinHttpReceiveResponse
WinHttpSetOption
WinHttpCloseHandle
WinHttpSendRequest
WinHttpConnect
WinHttpOpenRequest

kernel32

AllocConsole
MoveFileExW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LocalFree
CloseHandle
DeleteFileW
AttachConsole
Sleep
WaitForSingleObject
GetTempPathW
GetModuleFileNameW
CreateDirectoryW
FindClose
GetFileSizeEx
GetProcAddress
GetModuleHandleA
FindFirstFileA
FindNextFileA
GetFullPathNameA
GetVersionExW

shell32

CommandLineToArgvW
ShellExecuteExW

msvcp140

?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xlength_error@std@@YAXPEBD@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@N@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_destroy
__std_exception_copy
__std_terminate
strchr
wcsrchr
__C_specific_handler
_CxxThrowException
__current_exception
__current_exception_context
memset
memcpy
memmove

api-ms-win-crt-heap-l1-1-0

_set_new_mode
realloc
_callnewh
malloc
free

api-ms-win-crt-string-l1-1-0

_wcsicmp
strncpy_s
_wcsnicmp

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
exit
_c_exit
_exit
_initterm_e
terminate
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_set_errno
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_invalid_parameter_noinfo_noreturn
_configure_wide_argv

api-ms-win-crt-convert-l1-1-0

mbstowcs_s

api-ms-win-crt-stdio-l1-1-0

freopen
__acrt_iob_func
__stdio_common_vswprintf
_set_fmode
__p__commode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

ab6770b0a8635b9d92a5838920cfe770

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

60:56:27:08:9c:e6:58:cf:82:e4:8d:04Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

4b:b3:e0:e7:93:81:bb:19:43:64:23:2a:8e:72:47:a7:b9:1c:40:81:b4:a2:d2:69:4c:58:68:6b:12:fb:98:86Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 108KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 29KB - Virtual size: 28KB

738dc9bb91549f627cf1953c2000e1d6

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

cfef260b9644428cd41ee0aea32d903e

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

60:56:27:08:9c:e6:58:cf:82:e4:8d:04Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

7f:1b:60:8d:4c:2d:28:49:3a:68:de:6a:47:7a:7d:51:f8:98:7a:08:84:14:23:c3:62:ac:7c:01:d7:1e:4d:f7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

60:56:27:08:9c:e6:58:cf:82:e4:8d:04
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

4b:b3:e0:e7:93:81:bb:19:43:64:23:2a:8e:72:47:a7:b9:1c:40:81:b4:a2:d2:69:4c:58:68:6b:12:fb:98:86
Signer

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 108KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 29KB - Virtual size: 28KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

60:56:27:08:9c:e6:58:cf:82:e4:8d:04
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

7f:1b:60:8d:4c:2d:28:49:3a:68:de:6a:47:7a:7d:51:f8:98:7a:08:84:14:23:c3:62:ac:7c:01:d7:1e:4d:f7
Signer

.text
Size: 121KB - Virtual size: 120KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 5KB - Virtual size: 5KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 697B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 320B

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

60:56:27:08:9c:e6:58:cf:82:e4:8d:04
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

3a:8e:62:1c:d5:2e:ac:5a:67:ca:6d:02:4f:70:5c:f6:dd:d4:7a:63:66:de:69:91:e5:42:bc:71:65:cc:a4:73
Signer

.text
Size: 577KB - Virtual size: 576KB

.rdata
Size: 162KB - Virtual size: 162KB

.data
Size: 7KB - Virtual size: 16KB

.pdata
Size: 28KB - Virtual size: 27KB

.idata
Size: 11KB - Virtual size: 11KB

.detourd
Size: 512B - Virtual size: 284B

.detourc
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 5KB - Virtual size: 4KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate