WindowsName
WindowsPlatformArchitecture
WindowsPlatformId
WindowsServerName
WindowsServicePack
WindowsServicePackBuild
WindowsType
WindowsVersion
Overview
overview
10Static
static
3efa8c87419...18.exe
windows7-x64
10efa8c87419...18.exe
windows10-2004-x64
10$PLUGINSDI...on.dll
windows7-x64
3$PLUGINSDI...on.dll
windows10-2004-x64
3$PLUGINSDIR/LogEx.dll
windows7-x64
3$PLUGINSDIR/LogEx.dll
windows10-2004-x64
3$PLUGINSDI...es.dll
windows7-x64
3$PLUGINSDI...es.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/UAC.dll
windows7-x64
3$PLUGINSDIR/UAC.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3i386/SSCbF...f3.dll
windows7-x64
10i386/SSCbF...f3.dll
windows10-2004-x64
10i386/SSCbF...r3.dll
windows7-x64
3i386/SSCbF...r3.dll
windows10-2004-x64
3i386/sscbfs3.sys
windows7-x64
1i386/sscbfs3.sys
windows10-2004-x64
1wow64sup.exe
windows7-x64
wow64sup.exe
windows10-2004-x64
x64/SSCbFsMntNtf3.dll
windows7-x64
10x64/SSCbFsMntNtf3.dll
windows10-2004-x64
10x64/SSCbFsNetRdr3.dll
windows7-x64
1x64/SSCbFsNetRdr3.dll
windows10-2004-x64
1x64/sscbfs3.sys
windows7-x64
1x64/sscbfs3.sys
windows10-2004-x64
1$PLUGINSDI...st.dll
windows7-x64
3$PLUGINSDI...st.dll
windows10-2004-x64
3Static task
static1
2 signatures
Behavioral task
behavioral1
Sample
efa8c874193d8e6d16c1a27affd58d6d_JaffaCakes118.exe
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
efa8c874193d8e6d16c1a27affd58d6d_JaffaCakes118.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral3
Sample
$PLUGINSDIR/GetVersion.dll
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral4
Sample
$PLUGINSDIR/GetVersion.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral5
Sample
$PLUGINSDIR/LogEx.dll
Resource
win7-20240903-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral6
Sample
$PLUGINSDIR/LogEx.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral7
Sample
$PLUGINSDIR/Processes.dll
Resource
win7-20240729-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral8
Sample
$PLUGINSDIR/Processes.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240910-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral11
Sample
$PLUGINSDIR/UAC.dll
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral12
Sample
$PLUGINSDIR/UAC.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral13
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral14
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral15
Sample
i386/SSCbFsMntNtf3.dll
Resource
win7-20240903-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral16
Sample
i386/SSCbFsMntNtf3.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
5 signatures
150 seconds
Behavioral task
behavioral17
Sample
i386/SSCbFsNetRdr3.dll
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral18
Sample
i386/SSCbFsNetRdr3.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral19
Sample
i386/sscbfs3.sys
Resource
win7-20240704-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral20
Sample
i386/sscbfs3.sys
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral21
Sample
wow64sup.exe
Resource
win7-20240708-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral22
Sample
wow64sup.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral23
Sample
x64/SSCbFsMntNtf3.dll
Resource
win7-20240903-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral24
Sample
x64/SSCbFsMntNtf3.dll
Resource
win10v2004-20240910-en
windows10-2004-x64
4 signatures
150 seconds
Behavioral task
behavioral25
Sample
x64/SSCbFsNetRdr3.dll
Resource
win7-20240708-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral26
Sample
x64/SSCbFsNetRdr3.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral27
Sample
x64/sscbfs3.sys
Resource
win7-20240903-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral28
Sample
x64/sscbfs3.sys
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral29
Sample
$PLUGINSDIR/cbfsinst.dll
Resource
win7-20240729-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral30
Sample
$PLUGINSDIR/cbfsinst.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
efa8c874193d8e6d16c1a27affd58d6d_JaffaCakes118
-
Size
792KB
-
MD5
efa8c874193d8e6d16c1a27affd58d6d
-
SHA1
e765584a08fa4dc17b17e258beb3534e460c02f8
-
SHA256
5c42ee9854d6566d3138fe23cb9c973e74444baecb10fcfd80e772e6dc1c47f0
-
SHA512
bd78b0e1ea423d07a2c3115b006c0a5d21b1f9d9f67cbe32f62d885cd729c31ccfdd58678ede1fdf1ca429853e37c9adb392bcc60f3875aa0c7c2b2ef9b10634
-
SSDEEP
24576:MDP5SFcKooa5pyg/ALvrFRU89yPxID2Tt:RoCg/+o89yZID2x
Score
3/10
Malware Config
Signatures
-
Unsigned PE 8 IoCs
Checks for missing Authenticode signature.
resource efa8c874193d8e6d16c1a27affd58d6d_JaffaCakes118 unpack001/$PLUGINSDIR/GetVersion.dll unpack001/$PLUGINSDIR/LogEx.dll unpack001/$PLUGINSDIR/Processes.dll unpack001/$PLUGINSDIR/System.dll unpack001/$PLUGINSDIR/UAC.dll unpack001/$PLUGINSDIR/UserInfo.dll unpack001/$PLUGINSDIR/cbfsinst.dll -
NSIS installer 2 IoCs
resource yara_rule sample nsis_installer_1 sample nsis_installer_2
Files
-
efa8c874193d8e6d16c1a27affd58d6d_JaffaCakes118.exe windows:4 windows x86 arch:x86
099c0646ea7282d232219f8807883be0
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA
user32
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow
gdi32
SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject
shell32
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation
advapi32
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
comctl32
ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create
ole32
CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Sections
.text Size: 23KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 107KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 48KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 27KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/GetVersion.dll.dll windows:4 windows x86 arch:x86
0125039a427c6f95b3acc9227413ece5
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetModuleHandleA
lstrcatA
lstrcmpiA
GetVersionExA
GlobalAlloc
GetSystemInfo
GetProcAddress
lstrcpynA
user32
GetSystemMetrics
wsprintfA
advapi32
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
Exports
Exports
Sections
.text Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 352B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/LogEx.dll.dll windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.text Size: 20KB - Virtual size: 18KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/Processes.dll.dll windows:4 windows x86 arch:x86
f5edecae12589e705677a6e272ad0394
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
LoadLibraryA
GetProcAddress
FreeLibrary
OpenProcess
CloseHandle
TerminateProcess
GlobalFree
lstrcpyA
GetCommandLineA
GetVersionExA
ExitProcess
GetModuleHandleA
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
UnhandledExceptionFilter
DisableThreadLibraryCalls
WriteFile
SetFilePointer
HeapAlloc
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
GetLocaleInfoA
VirtualProtect
GetSystemInfo
user32
FindWindowA
GetDesktopWindow
wsprintfA
UpdateWindow
Exports
Exports
FindDevice
FindProcess
KillProcess
Sections
.text Size: 23KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/System.dll.dll windows:4 windows x86 arch:x86
2017f2acbdaa42ab3e4adeb8b4c37e7b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect
user32
wsprintfA
ole32
StringFromGUID2
CLSIDFromString
Exports
Exports
Alloc
Call
Copy
Free
Get
Int64Op
Store
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 784B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 100B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 520B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/UAC.dll.dll windows:4 windows x86 arch:x86
70dd3dc09a6a9df40b2eeb3eb051c3ff
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetModuleFileNameA
SetLastError
CloseHandle
GlobalFree
LocalFree
FormatMessageA
MultiByteToWideChar
GetLastError
CreateProcessA
GlobalAlloc
lstrlenA
LoadLibraryA
FreeLibrary
lstrcatA
GetExitCodeProcess
WaitForSingleObject
lstrcmpiA
lstrcpyA
GetVersionExA
GetCurrentProcess
GetCurrentThread
GetCurrentProcessId
Sleep
CreateThread
GetStartupInfoA
GetCommandLineA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetProcAddress
GetModuleHandleA
user32
EnableWindow
GetWindowLongA
DestroyWindow
LoadImageA
SetWindowLongA
EndDialog
MessageBoxA
SendMessageW
DialogBoxParamA
CharNextA
SendMessageTimeoutA
DefWindowProcA
PostQuitMessage
SetForegroundWindow
DispatchMessageA
GetMessageA
CreateWindowExA
RegisterClassA
UnregisterClassA
PostMessageA
IsWindow
ShowWindow
SetWindowTextA
wsprintfA
GetDlgItem
LoadStringA
SendMessageA
advapi32
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
shell32
ShellExecuteExA
ole32
CoInitialize
CoUninitialize
Exports
Exports
Exec
ExecCodeSegment
ExecWait
GetElevationType
IsAdmin
RunElevated
ShellExec
ShellExecWait
SupportsUAC
Unload
Sections
.text Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 1020B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 820B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/UserInfo.dll.dll windows:4 windows x86 arch:x86
afa8e526425f3585465337467d0b5909
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetVersion
GetCurrentThread
lstrcpynA
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
GlobalAlloc
advapi32
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken
Exports
Exports
GetAccountType
GetName
GetOriginalAccountType
Sections
.text Size: 1024B - Virtual size: 741B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 673B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 88B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 190B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/cbfs.cab.cab
-
cbfs.cat
-
i386/SSCbFsMntNtf3.dll.dll regsvr32 windows:5 windows x86 arch:x86
7ca12c2266a8c80353774ba08c8b6107
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21-12-2012 00:00Not After30-12-2020 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18-10-2012 00:00Not After29-12-2020 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
73:d0:38:df:1c:fe:a3:3c:16:6f:e7:e6:f2:96:e0:c6Certificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before28-03-2012 00:00Not After28-03-2015 23:59SubjectCN=SugarSync\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=SugarSync\, Inc.,L=San Mateo,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
61:19:93:e4:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before22-02-2011 19:25Not After22-02-2021 19:35SubjectCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08-02-2010 00:00Not After07-02-2020 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
51:49:d0:67:50:a9:9f:32:56:08:2d:a9:06:c4:5f:02:4d:27:0e:48Signer
Actual PE Digest51:49:d0:67:50:a9:9f:32:56:08:2d:a9:06:c4:5f:02:4d:27:0e:48Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
C:\Users\quickbuild_agent\mmorford_win-build1_3460\mmorford_win-build1_3460\third_party_source\cbfs\ss-cbfs-3.2.115\SSBuildSource\CBFS\umode\MntNtf\Release\SSCbFsMntNtf3.pdb
Imports
kernel32
GetThreadLocale
SetEvent
GetCurrentProcess
CreateMailslotW
GetOverlappedResult
WaitForMultipleObjects
ResetEvent
CreateEventW
DisableThreadLibraryCalls
Sleep
GetCurrentThread
CopyFileW
SetFileAttributesW
GetFileAttributesW
MoveFileExW
SetThreadLocale
GetVersionExW
DeviceIoControl
GetCurrentThreadId
InterlockedExchange
CreateThread
TlsAlloc
TlsSetValue
TlsGetValue
WriteConsoleW
SetStdHandle
LoadLibraryExW
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
GetSystemDirectoryW
GetModuleFileNameW
GetSystemWow64DirectoryW
WaitForSingleObject
lstrcmpiW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
RaiseException
WideCharToMultiByte
CreateFileW
GetTempPathW
GetTempFileNameW
ReadFile
WriteFile
CloseHandle
SizeofResource
DeleteFileW
GetSystemWindowsDirectoryW
SetLastError
GetLastError
LoadLibraryW
FreeLibrary
lstrlenW
GetModuleHandleW
GetProcAddress
FindResourceExW
FindResourceW
LoadResource
LockResource
GetStringTypeW
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
SetHandleCount
LCMapStringW
TlsFree
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsProcessorFeaturePresent
GetStdHandle
ExitProcess
HeapCreate
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCommandLineA
ExitThread
DecodePointer
EncodePointer
RtlUnwind
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
FlushFileBuffers
user32
CharNextW
advapi32
LsaNtStatusToWinError
AllocateAndInitializeSid
EqualSid
FreeSid
RegEnumValueW
OpenThreadToken
OpenProcessToken
GetTokenInformation
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegEnumKeyW
RegOpenKeyW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
shell32
ord192
SHGetIconOverlayIndexW
ole32
CoCreateGuid
StringFromCLSID
StringFromGUID2
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
oleaut32
LoadTypeLi
RegisterTypeLi
SysStringLen
SysFreeString
VarUI4FromStr
LoadRegTypeLi
SysAllocString
UnRegisterTypeLi
shlwapi
StrStrIW
SHDeleteEmptyKeyW
SHDeleteKeyW
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
wtsapi32
WTSWaitSystemEvent
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
InstallIcon
ResetIcon
SetIcon
UninstallIcon
Sections
.text Size: 85KB - Virtual size: 84KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
i386/SSCbFsNetRdr3.dll.dll windows:5 windows x86 arch:x86
3995bd879e81031a87f95198406bc946
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21-12-2012 00:00Not After30-12-2020 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18-10-2012 00:00Not After29-12-2020 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
73:d0:38:df:1c:fe:a3:3c:16:6f:e7:e6:f2:96:e0:c6Certificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before28-03-2012 00:00Not After28-03-2015 23:59SubjectCN=SugarSync\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=SugarSync\, Inc.,L=San Mateo,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
61:19:93:e4:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before22-02-2011 19:25Not After22-02-2021 19:35SubjectCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08-02-2010 00:00Not After07-02-2020 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
57:4d:37:06:fc:5d:71:22:cb:dc:bd:b3:8b:5c:09:4a:5e:37:50:71Signer
Actual PE Digest57:4d:37:06:fc:5d:71:22:cb:dc:bd:b3:8b:5c:09:4a:5e:37:50:71Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
C:\Users\quickbuild_agent\mmorford_win-build1_3460\mmorford_win-build1_3460\third_party_source\cbfs\ss-cbfs-3.2.115\SSBuildSource\CBFS\umode\NetRdr\Release\VSNetRdr.pdb
Imports
version
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
kernel32
MoveFileExW
DeleteFileW
GetFileInformationByHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
GetVersionExW
InitializeCriticalSection
InterlockedExchange
GetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
SetEvent
DeviceIoControl
GetLogicalDrives
LocalFree
CreateThread
CreateEventW
GetComputerNameW
SetFileAttributesW
CopyFileW
GetCurrentThread
lstrlenW
lstrcpyW
lstrcatW
Sleep
GetCurrentProcess
GetModuleFileNameW
FindFirstFileW
FindNextFileW
CreateFileW
WriteFile
MultiByteToWideChar
CreateMailslotW
WaitForSingleObject
ReadFile
GetExitCodeProcess
CloseHandle
LoadLibraryW
FreeLibrary
GetModuleHandleW
GetProcAddress
CreateDirectoryW
GetTempPathW
GetWindowsDirectoryW
GetFullPathNameW
GetLastError
SetLastError
GetSystemDirectoryW
RtlUnwind
HeapSize
SetStdHandle
SetFilePointer
WaitForMultipleObjects
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
LCMapStringW
GetStringTypeW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetLocaleInfoW
FatalAppExitA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
SetHandleCount
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
HeapAlloc
WriteConsoleW
GetFileType
GetStdHandle
HeapFree
GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
HeapCreate
HeapDestroy
EncodePointer
SetConsoleCtrlHandler
IsProcessorFeaturePresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
advapi32
InitializeSecurityDescriptor
SetEntriesInAclW
SetSecurityDescriptorDacl
LsaNtStatusToWinError
CreateServiceW
InitiateSystemShutdownW
LookupPrivilegeValueW
AdjustTokenPrivileges
LookupPrivilegeNameW
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
OpenThreadToken
OpenProcessToken
QueryServiceConfigW
ControlService
StartServiceW
QueryServiceStatus
OpenSCManagerW
OpenServiceW
DeleteService
CloseServiceHandle
RegQueryInfoKeyW
RegDeleteKeyW
RegEnumValueW
RegDeleteValueW
RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
shell32
SHFileOperationW
ole32
StringFromGUID2
setupapi
SetupDiGetINFClassW
SetupIterateCabinetW
SetupGetSourceFileLocationW
SetupGetSourceInfoW
SetupDiSetClassInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoW
SetupDiSetDeviceRegistryPropertyW
SetupDiCallClassInstaller
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupGetIntField
SetupDiGetActualSectionToInstallW
SetupOpenInfFileW
SetupFindFirstLineW
SetupGetStringFieldW
SetupFindNextLine
SetupCloseInfFile
netapi32
NetShareAdd
NetShareDel
Exports
Exports
DllInstall
NPAddConnection
NPAddConnection3
NPCancelConnection
NPCloseEnum
NPEnumResource
NPFormatNetworkName
NPGetCaps
NPGetConnection
NPGetConnectionPerformance
NPGetResourceInformation
NPGetResourceParent
NPGetUniversalName
NPOpenEnum
Sections
.text Size: 143KB - Virtual size: 142KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
i386/sscbfs3.sys.sys windows:6 windows x86 arch:x86
664948a6e3f45c9b01cd1a16a56f24c9
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21-12-2012 00:00Not After30-12-2020 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18-10-2012 00:00Not After29-12-2020 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
73:d0:38:df:1c:fe:a3:3c:16:6f:e7:e6:f2:96:e0:c6Certificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before28-03-2012 00:00Not After28-03-2015 23:59SubjectCN=SugarSync\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=SugarSync\, Inc.,L=San Mateo,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
61:19:93:e4:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before22-02-2011 19:25Not After22-02-2021 19:35SubjectCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08-02-2010 00:00Not After07-02-2020 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
60:dc:75:70:fb:6a:d1:2c:6e:77:e3:33:4d:96:82:57:b3:de:c7:6fSigner
Actual PE Digest60:dc:75:70:fb:6a:d1:2c:6e:77:e3:33:4d:96:82:57:b3:de:c7:6fDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
c:\users\quickb~1\mmorfo~1\mmorfo~1\third_~1\cbfs\ss-cbf~1.115\ssbuil~1\cbfs\bin\wxp\fre\i386\sscbfs3.pdb
Imports
ntoskrnl.exe
ZwClose
RtlCompareUnicodeString
RtlInitUnicodeString
KeDelayExecutionThread
KeLeaveCriticalRegion
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
memset
ExFreePoolWithTag
PsGetCurrentProcessId
ExReleaseFastMutexUnsafe
ExAcquireFastMutexUnsafe
IoQueueWorkItem
ObfReferenceObject
IoAllocateWorkItem
IoFreeIrp
KeWaitForSingleObject
IoGetCurrentProcess
_alldiv
ZwQueryValueKey
ZwOpenKey
MmGetSystemRoutineAddress
ExDeletePagedLookasideList
ExDeleteNPagedLookasideList
ExDeleteResourceLite
IoDeleteDevice
IoDeleteSymbolicLink
IoRegisterFileSystem
IoCreateSymbolicLink
ExInitializePagedLookasideList
ExInitializeNPagedLookasideList
ExInitializeResourceLite
KeBugCheck
MmQuerySystemSize
KeInitializeTimer
KeInitializeDpc
IoCreateDevice
PsGetVersion
IoUnregisterFileSystem
KeSetTimer
KeCancelTimer
IofCompleteRequest
KeBugCheckEx
FsRtlIsNtstatusExpected
KeSetEvent
FsRtlNotifyFullReportChange
IoRaiseInformationalHardError
IoIsSystemThread
FsRtlIsTotalDeviceFailure
IoRaiseHardError
IoSetDeviceToVerify
IoGetDeviceToVerify
IoGetTopLevelIrp
IoSetTopLevelIrp
IoFreeMdl
MmProbeAndLockPages
ExRaiseStatus
IoAllocateMdl
MmMapLockedPagesSpecifyCache
ExAcquireResourceSharedLite
ExInterlockedPopEntrySList
ExInterlockedPushEntrySList
ExFreeToPagedLookasideList
ExAllocateFromPagedLookasideList
CcSetFileSizes
memcpy
FsRtlTeardownPerStreamContexts
PsGetProcessId
RtlDeleteElementGenericTable
RtlLookupElementGenericTable
RtlInsertElementGenericTable
RtlInitializeGenericTable
RtlEnumerateGenericTableWithoutSplaying
FsRtlUninitializeFileLock
FsRtlUninitializeOplock
FsRtlInitializeOplock
FsRtlInitializeFileLock
PsTerminateSystemThread
FsRtlNotifyUninitializeSync
ObReferenceObjectByHandle
PsCreateSystemThread
IoReleaseVpbSpinLock
IoAcquireVpbSpinLock
FsRtlNotifyInitializeSync
IoCreateStreamFileObject
IoFreeWorkItem
FsRtlNormalizeNtstatus
IoSetHardErrorOrVerifyDevice
IoVerifyVolume
FsRtlOplockIsFastIoPossible
ExfInterlockedAddUlong
ExGetExclusiveWaiterCount
ExGetSharedWaiterCount
SeSinglePrivilegeCheck
KeQuerySystemTime
IoRemoveShareAccess
IoSetShareAccess
IoCheckShareAccess
CcIsThereDirtyData
CcPurgeCacheSection
MmCanFileBeTruncated
IoUpdateShareAccess
CcFlushCache
MmFlushImageSection
FsRtlCheckOplock
FsRtlCurrentBatchOplock
FsRtlDoesNameContainWildCards
memmove
FsRtlNotifyVolumeEvent
CcUninitializeCacheMap
MmForceSectionClosed
ExReleaseResourceForThreadLite
FsRtlFastUnlockAll
IoGetRequestorProcess
FsRtlNotifyFullChangeDirectory
FsRtlNotifyCleanup
MmUnlockPages
CcWaitForCurrentLazyWriterActivity
IoFileObjectType
RtlCompareMemory
IofCallDriver
IoBuildAsynchronousFsdRequest
FsRtlOplockFsctrl
ExIsResourceAcquiredExclusiveLite
IoIsOperationSynchronous
IoBuildDeviceIoControlRequest
RtlEqualUnicodeString
RtlDelete
RtlSplay
CcInitializeCacheMap
ExConvertExclusiveToSharedLite
ExIsResourceAcquiredSharedLite
ExLocalTimeToSystemTime
FsRtlAreNamesEqual
CcMdlReadComplete
CcMdlWriteComplete
IoGetStackLimits
CcMdlRead
CcCopyRead
CcSetReadAheadGranularity
FsRtlCheckLockForReadAccess
FsRtlPostStackOverflow
RtlAppendUnicodeStringToString
ObQueryNameString
CcPrepareMdlWrite
CcCopyWrite
FsRtlCheckLockForWriteAccess
ExAcquireSharedStarveExclusive
CcDeferWrite
CcCanIWrite
FsRtlFastCheckLockForWrite
FsRtlFastCheckLockForRead
FsRtlCopyRead
FsRtlCopyWrite
FsRtlPrivateLock
FsRtlFastUnlockSingle
FsRtlFastUnlockAllByKey
FsRtlProcessFileLock
IoBuildSynchronousFsdRequest
RtlLengthSecurityDescriptor
RtlValidRelativeSecurityDescriptor
MmSystemRangeStart
IoAttachDeviceToDeviceStack
IoDetachDevice
PsGetCurrentThreadId
IoRegisterFsRegistrationChange
_allmul
KeFlushQueuedDpcs
_allrem
KeTickCount
ObfDereferenceObject
ExAllocatePoolWithTag
swprintf
KeGetCurrentThread
ExQueueWorkItem
KeInitializeEvent
RtlUnwind
_vsnwprintf
DbgPrint
IoGetDeviceObjectPointer
ZwSetValueKey
ZwDeleteValueKey
ZwEnumerateValueKey
ZwCreateKey
RtlAppendUnicodeToString
_vsnprintf
SeReleaseSubjectContext
SeQueryAuthenticationIdToken
SeCaptureSubjectContext
PsDereferencePrimaryToken
PsReferencePrimaryToken
ZwQueryInformationProcess
ObOpenObjectByPointer
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
KeUnstackDetachProcess
KeStackAttachProcess
ZwOpenFile
PsLookupProcessByProcessId
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
strrchr
RtlGetElementGenericTable
RtlNumberGenericTableElements
FsRtlDissectName
PsSetCreateProcessNotifyRoutine
PsSetLoadImageNotifyRoutine
FsRtlRegisterUncProvider
FsRtlDeregisterUncProvider
IoAllocateIrp
FsRtlLookupPerStreamContextInternal
FsRtlInsertPerStreamContext
IoGetDiskDeviceObject
RtlSetBits
RtlClearAllBits
RtlInitializeBitMap
PoSetPowerState
KeClearEvent
PoCallDriver
PoStartNextPowerIrp
RtlFindClearBitsAndSet
RtlClearBit
IoInvalidateDeviceRelations
IoOpenDeviceRegistryKey
FsRtlLegalAnsiCharacterArray
ExEventObjectType
IoThreadToProcess
IoGetRelatedDeviceObject
_aullshr
ZwCreateEvent
ZwOpenDirectoryObject
ZwWriteFile
ZwFsControlFile
ProbeForRead
ZwMapViewOfSection
ZwCreateSection
ZwUnmapViewOfSection
_snwprintf
KeReleaseSemaphore
KeResetEvent
KeWaitForMultipleObjects
KeInitializeSemaphore
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
hal
KfReleaseSpinLock
KeGetCurrentIrql
ExAcquireFastMutex
ExReleaseFastMutex
KfAcquireSpinLock
Sections
.text Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 56KB - Virtual size: 56KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 152KB - Virtual size: 152KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 912B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
sscbfs.inf
-
wow64sup.exe.exe windows:5 windows x64 arch:x64
a8987e5e0c43043e1d82c7bb94553e09
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21-12-2012 00:00Not After30-12-2020 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18-10-2012 00:00Not After29-12-2020 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
73:d0:38:df:1c:fe:a3:3c:16:6f:e7:e6:f2:96:e0:c6Certificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before28-03-2012 00:00Not After28-03-2015 23:59SubjectCN=SugarSync\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=SugarSync\, Inc.,L=San Mateo,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
61:19:93:e4:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before22-02-2011 19:25Not After22-02-2021 19:35SubjectCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08-02-2010 00:00Not After07-02-2020 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
39:17:aa:e3:d5:dd:2e:13:c9:cf:52:07:8d:fd:47:75:70:32:a8:c5Signer
Actual PE Digest39:17:aa:e3:d5:dd:2e:13:c9:cf:52:07:8d:fd:47:75:70:32:a8:c5Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\quickbuild_agent\mmorford_win-build1_3460\mmorford_win-build1_3460\third_party_source\cbfs\ss-cbfs-3.2.115\SSBuildSource\CBFS\umode\wow64sup\x64\Release\wow64sup.pdb
Imports
version
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
kernel32
FreeLibrary
GetModuleHandleW
GetSystemDirectoryW
LoadLibraryW
MultiByteToWideChar
CreateMailslotW
GetProcAddress
FindNextFileW
GetWindowsDirectoryW
MoveFileExW
GetCurrentProcess
CopyFileW
GetVersionExW
GetFileAttributesW
lstrlenW
lstrcatW
FindFirstFileW
lstrcpyW
SetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
GetStdHandle
GetFullPathNameW
DeleteFileW
CloseHandle
GetCurrentThreadId
CreatePipe
DeviceIoControl
SetLastError
GetLastError
GetTempPathW
HeapSize
CreateFileW
ReadFile
GetExitCodeProcess
Sleep
WriteFile
GetCurrentThread
WaitForSingleObject
SetHandleInformation
CreateDirectoryW
CreateProcessW
GetTempFileNameW
HeapReAlloc
GetStringTypeW
LCMapStringW
WideCharToMultiByte
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
DeleteCriticalSection
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlUnwindEx
GetModuleFileNameW
ExitProcess
HeapCreate
GetVersion
HeapSetInformation
DecodePointer
FlsAlloc
FlsFree
HeapFree
HeapAlloc
GetCommandLineW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
FlsGetValue
FlsSetValue
advapi32
GetTokenInformation
QueryServiceConfigW
ControlService
FreeSid
AllocateAndInitializeSid
QueryServiceStatus
StartServiceW
EqualSid
OpenServiceW
OpenSCManagerW
OpenThreadToken
DeleteService
OpenProcessToken
CloseServiceHandle
CreateServiceW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegOpenKeyW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
shell32
SHFileOperationW
setupapi
SetupGetSourceInfoW
SetupFindNextLine
SetupDiGetDeviceInstallParamsW
SetupDiSetClassInstallParamsW
SetupDiGetActualSectionToInstallW
SetupDiGetClassDevsW
SetupIterateCabinetW
SetupDiSetDeviceRegistryPropertyW
SetupDiGetINFClassW
SetupGetStringFieldW
SetupGetSourceFileLocationW
SetupGetIntField
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupCloseInfFile
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInfoList
SetupDiCallClassInstaller
SetupOpenInfFileW
SetupFindFirstLineW
Sections
.text Size: 49KB - Virtual size: 48KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 17KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 592B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 754B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x64/SSCbFsMntNtf3.dll.dll regsvr32 windows:5 windows x64 arch:x64
3abdce4849b9310c49e753bf4086c3d4
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21-12-2012 00:00Not After30-12-2020 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18-10-2012 00:00Not After29-12-2020 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
73:d0:38:df:1c:fe:a3:3c:16:6f:e7:e6:f2:96:e0:c6Certificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before28-03-2012 00:00Not After28-03-2015 23:59SubjectCN=SugarSync\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=SugarSync\, Inc.,L=San Mateo,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
61:19:93:e4:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before22-02-2011 19:25Not After22-02-2021 19:35SubjectCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08-02-2010 00:00Not After07-02-2020 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
8f:35:86:bd:c6:b9:26:f5:2e:e4:d0:a8:4f:a6:37:f1:d6:a6:69:17Signer
Actual PE Digest8f:35:86:bd:c6:b9:26:f5:2e:e4:d0:a8:4f:a6:37:f1:d6:a6:69:17Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
GetCurrentProcess
CreateMailslotW
GetOverlappedResult
WaitForMultipleObjects
ResetEvent
CreateEventW
DisableThreadLibraryCalls
Sleep
GetCurrentThread
CopyFileW
SetFileAttributesW
GetFileAttributesW
MoveFileExW
SetEvent
GetVersionExW
DeviceIoControl
GetCurrentThreadId
CreateThread
WriteConsoleW
SetStdHandle
GetThreadLocale
SetThreadLocale
LoadLibraryExW
MultiByteToWideChar
GetSystemDirectoryW
GetModuleFileNameW
GetSystemWow64DirectoryW
WaitForSingleObject
lstrcmpiW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
RaiseException
WideCharToMultiByte
CreateFileW
GetTempPathW
GetTempFileNameW
ReadFile
WriteFile
CloseHandle
DeleteFileW
GetSystemWindowsDirectoryW
SetLastError
GetLastError
LoadLibraryW
FreeLibrary
SizeofResource
lstrlenW
GetModuleHandleW
GetProcAddress
FindResourceExW
FindResourceW
LoadResource
LockResource
GetStringTypeW
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
SetHandleCount
LCMapStringW
FlsAlloc
FlsFree
FlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStdHandle
ExitProcess
HeapCreate
GetVersion
HeapSetInformation
TerminateProcess
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCommandLineA
FlsSetValue
ExitThread
DecodePointer
EncodePointer
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
FlushFileBuffers
user32
CharNextW
advapi32
LsaNtStatusToWinError
AllocateAndInitializeSid
EqualSid
FreeSid
RegEnumValueW
OpenThreadToken
OpenProcessToken
GetTokenInformation
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegEnumKeyW
RegOpenKeyW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
shell32
ord192
SHGetIconOverlayIndexW
ole32
CoCreateGuid
StringFromCLSID
StringFromGUID2
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
oleaut32
LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
SysFreeString
shlwapi
StrStrIW
SHDeleteEmptyKeyW
SHDeleteKeyW
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
wtsapi32
WTSWaitSystemEvent
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
InstallIcon
ResetIcon
SetIcon
UninstallIcon
Sections
.text Size: 96KB - Virtual size: 95KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 34KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x64/SSCbFsNetRdr3.dll.dll windows:5 windows x64 arch:x64
7cb317167b17905ff1037fb09ff01dc7
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21-12-2012 00:00Not After30-12-2020 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18-10-2012 00:00Not After29-12-2020 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
73:d0:38:df:1c:fe:a3:3c:16:6f:e7:e6:f2:96:e0:c6Certificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before28-03-2012 00:00Not After28-03-2015 23:59SubjectCN=SugarSync\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=SugarSync\, Inc.,L=San Mateo,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
61:19:93:e4:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before22-02-2011 19:25Not After22-02-2021 19:35SubjectCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08-02-2010 00:00Not After07-02-2020 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
05:1b:86:5d:92:27:3e:43:26:17:28:7f:a1:50:c8:02:a0:af:89:25Signer
Actual PE Digest05:1b:86:5d:92:27:3e:43:26:17:28:7f:a1:50:c8:02:a0:af:89:25Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
version
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
kernel32
MoveFileExW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
GetVersionExW
GetFileAttributesW
EnterCriticalSection
DeviceIoControl
LocalFree
GetComputerNameW
SetFileAttributesW
CopyFileW
GetCurrentProcess
lstrlenW
lstrcpyW
lstrcatW
Sleep
GetModuleFileNameW
CreateFileW
WriteFile
MultiByteToWideChar
CloseHandle
LoadLibraryW
FreeLibrary
GetModuleHandleW
GetProcAddress
GetWindowsDirectoryW
GetLastError
SetLastError
GetSystemDirectoryW
HeapReAlloc
HeapSize
SetFilePointer
SetStdHandle
LeaveCriticalSection
LCMapStringW
GetStringTypeW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
SetHandleCount
RtlUnwindEx
FlsAlloc
FlsFree
FlsGetValue
IsValidCodePage
GetOEMCP
HeapAlloc
WriteConsoleW
GetFileType
GetStdHandle
HeapFree
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
ExitProcess
DecodePointer
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
EncodePointer
GetCPInfo
GetACP
advapi32
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LsaNtStatusToWinError
GetTokenInformation
AllocateAndInitializeSid
FreeSid
OpenThreadToken
OpenProcessToken
QueryServiceConfigW
QueryServiceStatus
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegEnumValueW
RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
ole32
StringFromGUID2
netapi32
NetShareAdd
NetShareDel
Exports
Exports
DllInstall
NPAddConnection
NPAddConnection3
NPCancelConnection
NPCloseEnum
NPEnumResource
NPFormatNetworkName
NPGetCaps
NPGetConnection
NPGetConnectionPerformance
NPGetResourceInformation
NPGetResourceParent
NPGetUniversalName
NPOpenEnum
Sections
.text Size: 64KB - Virtual size: 63KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 23KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 844B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x64/sscbfs3.sys.sys windows:6 windows x64 arch:x64
5b2f318dc221da347d4c0df248470387
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21-12-2012 00:00Not After30-12-2020 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18-10-2012 00:00Not After29-12-2020 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
73:d0:38:df:1c:fe:a3:3c:16:6f:e7:e6:f2:96:e0:c6Certificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before28-03-2012 00:00Not After28-03-2015 23:59SubjectCN=SugarSync\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=SugarSync\, Inc.,L=San Mateo,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
61:19:93:e4:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before22-02-2011 19:25Not After22-02-2021 19:35SubjectCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08-02-2010 00:00Not After07-02-2020 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
2a:76:14:ee:46:64:bc:82:f2:eb:fc:35:ad:be:fe:41:9e:0a:95:4fSigner
Actual PE Digest2a:76:14:ee:46:64:bc:82:f2:eb:fc:35:ad:be:fe:41:9e:0a:95:4fDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
c:\users\quickb~1\mmorfo~1\mmorfo~1\third_~1\cbfs\ss-cbf~1.115\ssbuil~1\cbfs\bin\wnet\fre\amd64\sscbfs3.pdb
Imports
ntoskrnl.exe
ExAcquireResourceExclusiveLite
ExAllocatePoolWithTag
ExReleaseFastMutexUnsafe
ExFreePoolWithTag
ExReleaseFastMutex
KeLeaveCriticalRegion
ExAcquireFastMutex
RtlInitUnicodeString
swprintf
IoFreeWorkItem
KeInitializeEvent
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe
KeDelayExecutionThread
IoGetCurrentProcess
IoAllocateWorkItem
ExReleaseResourceLite
ZwClose
KeWaitForSingleObject
IoFreeIrp
RtlCompareUnicodeString
ObfReferenceObject
PsGetCurrentProcessId
ObfDereferenceObject
IoQueueWorkItem
IoUnregisterFileSystem
IoDeleteSymbolicLink
ExInitializeNPagedLookasideList
InitializeSListHead
IoRegisterFileSystem
IoDeleteDevice
MmGetSystemRoutineAddress
KeInitializeDpc
KeInitializeTimer
ExDeletePagedLookasideList
ZwQueryValueKey
MmQuerySystemSize
KeBugCheck
KeSetTimer
PsGetVersion
ExDeleteResourceLite
IoCreateSymbolicLink
ExInitializePagedLookasideList
IoCreateDevice
ExInitializeResourceLite
KeCancelTimer
ExDeleteNPagedLookasideList
ZwOpenKey
ExRaiseStatus
IoSetDeviceToVerify
KeSetEvent
IoRaiseInformationalHardError
IoFreeMdl
MmMapLockedPagesSpecifyCache
IoGetDeviceToVerify
IofCompleteRequest
FsRtlIsTotalDeviceFailure
IoSetTopLevelIrp
KeBugCheckEx
IoRaiseHardError
MmProbeAndLockPages
IoGetTopLevelIrp
FsRtlIsNtstatusExpected
FsRtlNotifyFullReportChange
IoIsSystemThread
IoAllocateMdl
ExAcquireResourceSharedLite
CcSetFileSizes
ExpInterlockedPushEntrySList
ExpInterlockedPopEntrySList
ExQueryDepthSList
IoAcquireVpbSpinLock
FsRtlNotifyUninitializeSync
RtlDeleteElementGenericTable
PsCreateSystemThread
IoCreateStreamFileObject
FsRtlTeardownPerStreamContexts
PsTerminateSystemThread
RtlLookupElementGenericTable
FsRtlInitializeFileLock
ObReferenceObjectByHandle
FsRtlInitializeOplock
RtlEnumerateGenericTableWithoutSplaying
PsGetProcessId
FsRtlNotifyInitializeSync
FsRtlUninitializeFileLock
IoReleaseVpbSpinLock
RtlInitializeGenericTable
FsRtlUninitializeOplock
RtlInsertElementGenericTable
ExQueueWorkItem
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
IoSetHardErrorOrVerifyDevice
FsRtlNormalizeNtstatus
IoVerifyVolume
FsRtlOplockIsFastIoPossible
ExInterlockedAddUlong
ExGetSharedWaiterCount
ExGetExclusiveWaiterCount
SeSinglePrivilegeCheck
IoUpdateShareAccess
MmFlushImageSection
IoRemoveShareAccess
CcPurgeCacheSection
CcFlushCache
FsRtlCheckOplock
CcIsThereDirtyData
IoCheckShareAccess
MmCanFileBeTruncated
FsRtlDoesNameContainWildCards
IoSetShareAccess
FsRtlCurrentBatchOplock
FsRtlNotifyCleanup
IoGetRequestorProcess
ExReleaseResourceForThreadLite
CcUninitializeCacheMap
FsRtlNotifyVolumeEvent
FsRtlNotifyFullChangeDirectory
FsRtlFastUnlockAll
MmForceSectionClosed
FsRtlOplockFsctrl
CcWaitForCurrentLazyWriterActivity
IoIsOperationSynchronous
IoIs32bitProcess
ExIsResourceAcquiredExclusiveLite
IoFileObjectType
IoBuildAsynchronousFsdRequest
RtlCompareMemory
MmUnlockPages
IofCallDriver
IoBuildDeviceIoControlRequest
RtlEqualUnicodeString
RtlDelete
RtlSplay
ExIsResourceAcquiredSharedLite
ExConvertExclusiveToSharedLite
ExLocalTimeToSystemTime
CcInitializeCacheMap
FsRtlAreNamesEqual
CcMdlWriteComplete
CcMdlReadComplete
IoGetStackLimits
CcMdlRead
FsRtlCheckLockForReadAccess
FsRtlPostStackOverflow
CcCopyRead
CcSetReadAheadGranularity
CcPrepareMdlWrite
CcDeferWrite
CcCopyWrite
CcCanIWrite
ObQueryNameString
RtlAppendUnicodeStringToString
FsRtlCheckLockForWriteAccess
ExAcquireSharedStarveExclusive
FsRtlFastUnlockSingle
FsRtlCopyRead
FsRtlFastCheckLockForRead
FsRtlCopyWrite
FsRtlFastCheckLockForWrite
FsRtlFastUnlockAllByKey
FsRtlPrivateLock
FsRtlProcessFileLock
IoBuildSynchronousFsdRequest
MmSystemRangeStart
RtlValidRelativeSecurityDescriptor
RtlLengthSecurityDescriptor
IoDetachDevice
IoAttachDeviceToDeviceStack
PsGetCurrentThreadId
IoRegisterFsRegistrationChange
KeFlushQueuedDpcs
ZwCreateKey
RtlAppendUnicodeToString
ZwDeleteValueKey
ZwSetValueKey
IoGetDeviceObjectPointer
_vsnwprintf
ZwEnumerateValueKey
DbgPrint
IoWriteErrorLogEntry
PsLookupProcessByProcessId
ZwQuerySymbolicLinkObject
PsReferencePrimaryToken
ZwOpenSymbolicLinkObject
KeUnstackDetachProcess
IoAllocateErrorLogEntry
SeReleaseSubjectContext
SeCaptureSubjectContext
_vsnprintf
strrchr
ZwQueryInformationProcess
ZwOpenFile
ObOpenObjectByPointer
KeStackAttachProcess
SeQueryAuthenticationIdToken
PsDereferencePrimaryToken
RtlNumberGenericTableElements
RtlGetElementGenericTable
PsSetLoadImageNotifyRoutine
PsSetCreateProcessNotifyRoutine
FsRtlDissectName
IoThreadToProcess
KeClearEvent
ZwCreateEvent
FsRtlLegalAnsiCharacterArray
IoGetRelatedDeviceObject
PoSetPowerState
ExEventObjectType
PoStartNextPowerIrp
IoAllocateIrp
IoOpenDeviceRegistryKey
FsRtlDeregisterUncProvider
FsRtlRegisterUncProvider
FsRtlInsertPerStreamContext
IoGetDiskDeviceObject
FsRtlLookupPerStreamContextInternal
IoInvalidateDeviceRelations
RtlSetBits
RtlInitializeBitMap
RtlClearAllBits
RtlFindClearBitsAndSet
PoCallDriver
RtlClearBit
ZwFsControlFile
ZwOpenDirectoryObject
ZwWriteFile
ProbeForRead
KeResetEvent
_snwprintf
RtlSetDaclSecurityDescriptor
ZwMapViewOfSection
ZwUnmapViewOfSection
KeInitializeSemaphore
KeReleaseSemaphore
ZwCreateSection
KeWaitForMultipleObjects
RtlCreateSecurityDescriptor
__C_specific_handler
_local_unwind
Sections
.text Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 66KB - Virtual size: 66KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 199KB - Virtual size: 199KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 912B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 48B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/cbfsinst.dll.dll windows:5 windows x86 arch:x86
76fdedcf68fb77da5182488defab9d12
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
C:\Users\quickbuild_agent\mmorford_win-build1_3460\mmorford_win-build1_3460\third_party_source\cbfs\ss-cbfs-3.2.115\SSBuildSource\CBFS\Install\Release\cbfsinst.pdb
Imports
kernel32
FreeLibrary
LoadLibraryW
GetProcAddress
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
TlsGetValue
InterlockedDecrement
TlsSetValue
GetFullPathNameW
FindFirstFileW
GetModuleHandleW
GetSystemDirectoryW
CreateMailslotW
FindNextFileW
GetWindowsDirectoryW
MoveFileExW
CopyFileW
GetVersionExW
GetFileAttributesW
lstrcatW
lstrcpyW
SetFileAttributesW
HeapReAlloc
RtlUnwind
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
DeleteFileW
CloseHandle
GetCurrentThreadId
CreatePipe
DeviceIoControl
GetTempFileNameW
SetLastError
GetLastError
GetTempPathW
CreateFileW
ReadFile
GetExitCodeProcess
Sleep
WriteFile
GetCurrentThread
WaitForSingleObject
SetHandleInformation
CreateDirectoryW
CreateProcessW
TlsAlloc
GetStringTypeW
LCMapStringW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
IsProcessorFeaturePresent
GetModuleFileNameW
GetStdHandle
ExitProcess
HeapDestroy
HeapCreate
TlsFree
EncodePointer
IsValidCodePage
GetOEMCP
GetACP
InterlockedIncrement
HeapFree
HeapAlloc
DecodePointer
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
HeapSize
advapi32
RegDeleteValueW
QueryServiceConfigW
ControlService
QueryServiceStatus
StartServiceW
EqualSid
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
FreeSid
RegEnumValueW
AllocateAndInitializeSid
RegOpenKeyW
GetTokenInformation
OpenThreadToken
OpenProcessToken
RegDeleteKeyW
shell32
SHFileOperationW
version
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
setupapi
SetupGetSourceInfoW
SetupFindNextLine
SetupDiGetDeviceInstallParamsW
SetupDiSetClassInstallParamsW
SetupDiGetActualSectionToInstallW
SetupDiGetClassDevsW
SetupIterateCabinetW
SetupDiSetDeviceRegistryPropertyW
SetupDiGetINFClassW
SetupGetStringFieldW
SetupGetSourceFileLocationW
SetupGetIntField
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupCloseInfFile
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInfoList
SetupDiCallClassInstaller
SetupOpenInfFileW
SetupFindFirstLineW
SetupDiGetDeviceRegistryPropertyW
Exports
Exports
GetModuleStatusA
GetModuleStatusW
InstallA
InstallIconA
InstallIconW
InstallW
UninstallA
UninstallIconA
UninstallIconW
UninstallW
Sections
.text Size: 47KB - Virtual size: 47KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ