P-530RUP[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

P-530RUP.rar
Size

21.5MB
MD5

0170dbf0af22739abca8e1f70cb44d74
SHA1

164b501d933d6037ffb4829ad9f051623a398ce0
SHA256

d65fb94a11803ea2f26ac8afd02a89d72a1f4c8e9a5d73dc2b9a2faea5e4491b
SHA512

cca1ef1efb0e87eb63556a6d58e68efc1c1478d9ef779645ad6e6cee5792adbb137439fca7a11fd9f9eb686b9dc4f49b8fbfdf9a3a2c4b4c599261eeec816536
SSDEEP

393216:WNxnvO5FwmrMp+LRBGJzQVHI0ySHYiw4zbMlxEBcuScQ2HSu9jDNnsmPougFBk:WNx2HwyL/GZQe0y4YQiQcuSGBnx

Score

4^/10

pdf link

Malware Config

Signatures

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

resource	yara_rule
static1/unpack001/Revo Uninstaller Pro 5.3.0/App/Revo/Revo Uninstaller Pro Help.pdf	pdf_with_link_action

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Revo Uninstaller Pro 5.3.0/Revo Uninstaller Pro.exe
unpack003/$PLUGINSDIR/System.dll
unpack003/$PLUGINSDIR/UAC.dll
unpack003/$PLUGINSDIR/execDos.dll
unpack003/$PLUGINSDIR/newadvsplash.dll
unpack003/$PLUGINSDIR/newtextreplace.dll
unpack003/$PLUGINSDIR/nsExec.dll
unpack003/$PLUGINSDIR/registry.dll

One or more email addresses in PDF identified
Detects presence of email addresses in PDF files.
pdf

Files

P-530RUP.rar
.rar
Revo Uninstaller Pro 5.3.0/App/AppInfo/Launcher/Revo Uninstaller Pro.ini
Revo Uninstaller Pro 5.3.0/App/AppInfo/appicon.ico
Revo Uninstaller Pro 5.3.0/App/AppInfo/appinfo.ini
Revo Uninstaller Pro 5.3.0/App/Revo/Data/DESKTOP-B1HNFU2_FC Portables_3417381818-136020269-3899423305-1002/RUPBackUpData.ini
Revo Uninstaller Pro 5.3.0/App/Revo/Data/DESKTOP-B1HNFU2_FC Portables_3417381818-136020269-3899423305-1002/RUPHistoryData.ini
Revo Uninstaller Pro 5.3.0/App/Revo/Data/DESKTOP-B1HNFU2_FC Portables_3417381818-136020269-3899423305-1002/data/cachedata.dat
Revo Uninstaller Pro 5.3.0/App/Revo/Data/DESKTOP-B1HNFU2_FC Portables_3417381818-136020269-3899423305-1002/logFile.vslog
Revo Uninstaller Pro 5.3.0/App/Revo/LicenseAgreement.txt
Revo Uninstaller Pro 5.3.0/App/Revo/RUExt.dll
.dll regsvr32 windows:6 windows x64 arch:x64

076ff39e31683654654de3817055b22f

Code Sign

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

Issuer

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47
Certificate

Issuer

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/07/2021, 00:00

Not After

06/08/2024, 23:59

Subject

SERIALNUMBER=200204019,CN=VS Revo Group Ltd.,O=VS Revo Group Ltd.,L=Ruse,C=BG,1.3.6.1.4.1.311.60.2.1.3=#13024247,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

Issuer

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47
Certificate

Issuer

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/07/2021, 00:00

Not After

06/08/2024, 23:59

Subject

SERIALNUMBER=200204019,CN=VS Revo Group Ltd.,O=VS Revo Group Ltd.,L=Ruse,C=BG,1.3.6.1.4.1.311.60.2.1.3=#13024247,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c6:16:4c:8a:90:bc:3d:bb:89:c4:ac:fb:60:70:93:58:16:b5:af:7a:0c:bb:4a:3b:94:5e:dd:41:12:bc:2d:07
Signer

Actual PE Digest

c6:16:4c:8a:90:bc:3d:bb:89:c4:ac:fb:60:70:93:58:16:b5:af:7a:0c:bb:4a:3b:94:5e:dd:41:12:bc:2d:07

Digest Algorithm

sha256

PE Digest Matches

true

59:0b:ce:61:0b:09:6a:6e:2c:28:4c:d9:b3:35:c7:df:7d:bd:7f:cb
Signer

Actual PE Digest

59:0b:ce:61:0b:09:6a:6e:2c:28:4c:d9:b3:35:c7:df:7d:bd:7f:cb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Work\VSRevo\Windows\Projects\RUExt\build\x64\Release\RUExt\RUExt.pdb

Imports

kernel32

EncodePointer
DecodePointer
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetVersion
GetModuleHandleW
LoadLibraryExW
LoadResource
SizeofResource
lstrcmpiW
FindResourceW
MultiByteToWideChar
SetThreadLocale
GlobalLock
GlobalUnlock
lstrcpyW
lstrlenW
WideCharToMultiByte
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
SetStdHandle
FreeEnvironmentStringsW
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GetProcAddress
LoadLibraryW
GetModuleHandleExW
GetModuleFileNameW
FreeLibrary
GetProcessHeap
HeapFree
HeapAlloc
SetLastError
GetLastError
GetThreadLocale
OutputDebugStringA
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
CreateFileW
LCMapStringW
HeapReAlloc
HeapSize
GetFileType
GetStdHandle
GetACP
IsDebuggerPresent
OutputDebugStringW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedFlushSList
ExitProcess
GetModuleFileNameA
GetStringTypeW

user32

LoadIconW
SetRect
DestroyIcon
DrawIconEx
GetIconInfo
CharNextW
InsertMenuW
SetMenuItemBitmaps
GetDC

gdi32

CreateDIBSection
SelectObject
GetDIBits
DeleteObject
DeleteDC
CreateCompatibleDC
GetDeviceCaps

advapi32

RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW

shell32

ShellExecuteExW
DragQueryFileW
SHGetMalloc

ole32

CoCreateInstance
ReleaseStgMedium
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2

oleaut32

SysAllocString
SysFreeString
SysStringLen
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi

msi

ord217
ord173

shlwapi

PathRemoveFileSpecW
PathIsDirectoryW
PathFindExtensionW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Revo Uninstaller Pro 5.3.0/App/Revo/Revo Uninstaller Pro Help.pdf
.pdf
- http://revouninstaller.com
- http://www.revouninstaller.com
- http://www.revouninstaller.com/
- https://www.revouninstaller.com/revo-uninstaller-pro-full-version-history/
- mailto:[email protected]
Revo Uninstaller Pro 5.3.0/App/Revo/RevoUPPort.exe
.exe windows:6 windows x86 arch:x86

c09c407823f16fe724e114de86084c8d

Code Sign

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

Issuer

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47
Certificate

Issuer

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/07/2021, 00:00

Not After

06/08/2024, 23:59

Subject

SERIALNUMBER=200204019,CN=VS Revo Group Ltd.,O=VS Revo Group Ltd.,L=Ruse,C=BG,1.3.6.1.4.1.311.60.2.1.3=#13024247,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

Issuer

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47
Certificate

Issuer

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/07/2021, 00:00

Not After

06/08/2024, 23:59

Subject

SERIALNUMBER=200204019,CN=VS Revo Group Ltd.,O=VS Revo Group Ltd.,L=Ruse,C=BG,1.3.6.1.4.1.311.60.2.1.3=#13024247,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

92:38:04:39:1f:cc:bd:69:6b:b8:7b:00:2c:33:da:50:99:ec:aa:76:0f:a7:f9:36:de:51:7b:96:69:7b:d8:86
Signer

Actual PE Digest

92:38:04:39:1f:cc:bd:69:6b:b8:7b:00:2c:33:da:50:99:ec:aa:76:0f:a7:f9:36:de:51:7b:96:69:7b:d8:86

Digest Algorithm

sha256

PE Digest Matches

true

08:d2:e7:63:00:22:9d:b0:83:0d:3d:ca:5e:15:6c:6e:c4:d0:c8:c2
Signer

Actual PE Digest

08:d2:e7:63:00:22:9d:b0:83:0d:3d:ca:5e:15:6c:6e:c4:d0:c8:c2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Work\VSRevo\Windows\Projects\RevoUninProPort\Release\RevoUPPort.pdb

Imports

shlwapi

PathQuoteSpacesW
PathRemoveFileSpecW

kernel32

HeapFree
CreateFileW
DecodePointer
GetModuleFileNameW
IsWow64Process
GetCurrentProcess
CreateProcessW
CloseHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
RaiseException
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Revo Uninstaller Pro 5.3.0/App/Revo/allp_report.dat
Revo Uninstaller Pro 5.3.0/App/Revo/ctrlbars.dat
Revo Uninstaller Pro 5.3.0/App/Revo/lang/Estonian.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/albanian.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/arabic.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/armenian.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/azerbaijani.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/bengali.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/bulgarian.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/czech.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/danish.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/dutch.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/english.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/finnish.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/french.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/german.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/gujarati.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/hebrew.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/hellenic.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/hindi.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/hrvatski.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/hungarian.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/indonesian.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/italiano.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/japanese.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/korean.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/kurdish.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/macedonian.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/norwegian.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/persian.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/polish.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/portuguese.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/portuguese_standard.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/portuguesebrazil.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/romanian.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/russian.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/serbian.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/serbianLatin.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/simplifiedchinese.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/slovak.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/slovenian.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/spanish.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/swedish.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/thai.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/traditionalchinese.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/turkish.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/ukrainian.ini
Revo Uninstaller Pro 5.3.0/App/Revo/lang/vietnamese.ini
Revo Uninstaller Pro 5.3.0/App/Revo/license.dat
Revo Uninstaller Pro 5.3.0/App/Revo/rupilogs.rupldb
Revo Uninstaller Pro 5.3.0/App/Revo/settings.ini
Revo Uninstaller Pro 5.3.0/App/Revo/x64/RUExt.dll
.dll regsvr32 windows:6 windows x64 arch:x64

e8380fe624937c4f0223062d30630ef4

Code Sign

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

Issuer

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47
Certificate

Issuer

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/07/2021, 00:00

Not After

06/08/2024, 23:59

Subject

SERIALNUMBER=200204019,CN=VS Revo Group Ltd.,O=VS Revo Group Ltd.,L=Ruse,C=BG,1.3.6.1.4.1.311.60.2.1.3=#13024247,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

Issuer

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47
Certificate

Issuer

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/07/2021, 00:00

Not After

06/08/2024, 23:59

Subject

SERIALNUMBER=200204019,CN=VS Revo Group Ltd.,O=VS Revo Group Ltd.,L=Ruse,C=BG,1.3.6.1.4.1.311.60.2.1.3=#13024247,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7a:8c:82:f4:f3:b9:b1:89:9f:f7:ad:d7:72:ea:84:38:02:5d:91:1b:8d:d1:60:6e:ad:8f:c1:8b:7e:7f:31:ac
Signer

Actual PE Digest

7a:8c:82:f4:f3:b9:b1:89:9f:f7:ad:d7:72:ea:84:38:02:5d:91:1b:8d:d1:60:6e:ad:8f:c1:8b:7e:7f:31:ac

Digest Algorithm

sha256

PE Digest Matches

true

a1:aa:4c:74:62:80:8b:76:18:33:e9:fc:35:db:e5:70:67:b0:c1:23
Signer

Actual PE Digest

a1:aa:4c:74:62:80:8b:76:18:33:e9:fc:35:db:e5:70:67:b0:c1:23

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Work\VSRevo\Windows\Projects\RUExt\build\x64\Release\RUExt\RUExt.pdb

Imports

kernel32

EncodePointer
DecodePointer
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetVersion
GetModuleHandleW
LoadLibraryExW
LoadResource
SizeofResource
lstrcmpiW
FindResourceW
MultiByteToWideChar
GetPrivateProfileStringW
SetThreadLocale
GlobalLock
GlobalUnlock
lstrcpyW
lstrlenW
WideCharToMultiByte
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
SetStdHandle
FreeEnvironmentStringsW
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
LoadLibraryW
GetModuleHandleExW
GetProcAddress
GetModuleFileNameW
FreeLibrary
GetProcessHeap
HeapFree
HeapAlloc
SetLastError
GetLastError
GetThreadLocale
OutputDebugStringA
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
CreateFileW
LCMapStringW
HeapReAlloc
HeapSize
GetFileType
GetStdHandle
GetACP
IsDebuggerPresent
OutputDebugStringW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedFlushSList
ExitProcess
GetModuleFileNameA
GetStringTypeW

user32

LoadIconW
SetRect
DestroyIcon
DrawIconEx
GetIconInfo
CharNextW
InsertMenuW
SetMenuItemBitmaps
GetDC

gdi32

CreateDIBSection
SelectObject
GetDIBits
DeleteObject
DeleteDC
CreateCompatibleDC
GetDeviceCaps

advapi32

RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
RegSetValueExW

shell32

ShellExecuteExW
DragQueryFileW
SHGetMalloc

ole32

CoCreateInstance
ReleaseStgMedium
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2

oleaut32

SysAllocString
SysFreeString
SysStringLen
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi

msi

ord217
ord173

shlwapi

PathRemoveFileSpecW
PathIsDirectoryW
PathFindExtensionW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Revo Uninstaller Pro 5.3.0/App/Revo/x64/RevoAppBar.exe
.exe windows:6 windows x64 arch:x64

d628a171ed0532553d466e975d330c62

Code Sign

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

Issuer

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47
Certificate

Issuer

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/07/2021, 00:00

Not After

06/08/2024, 23:59

Subject

SERIALNUMBER=200204019,CN=VS Revo Group Ltd.,O=VS Revo Group Ltd.,L=Ruse,C=BG,1.3.6.1.4.1.311.60.2.1.3=#13024247,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

Issuer

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47
Certificate

Issuer

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/07/2021, 00:00

Not After

06/08/2024, 23:59

Subject

SERIALNUMBER=200204019,CN=VS Revo Group Ltd.,O=VS Revo Group Ltd.,L=Ruse,C=BG,1.3.6.1.4.1.311.60.2.1.3=#13024247,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:39:d6:d2:9b:dc:42:37:16:85:c4:49:c7:75:2a:fb:dc:40:a0:46:ce:cf:24:47:e9:7d:43:e7:c5:26:11:96
Signer

Actual PE Digest

0f:39:d6:d2:9b:dc:42:37:16:85:c4:49:c7:75:2a:fb:dc:40:a0:46:ce:cf:24:47:e9:7d:43:e7:c5:26:11:96

Digest Algorithm

sha256

PE Digest Matches

true

da:5e:6c:56:ea:0b:24:f5:d8:9e:a2:c7:f7:b8:23:68:b3:01:ba:f2
Signer

Actual PE Digest

da:5e:6c:56:ea:0b:24:f5:d8:9e:a2:c7:f7:b8:23:68:b3:01:ba:f2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Work\VSRevo\Windows\Projects\RevoAppBar\x64\Release Portable\RevoAppBar.pdb

Imports

comctl32

InitCommonControlsEx
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_GetImageInfo
ImageList_GetIcon

shlwapi

PathIsDirectoryEmptyW
PathIsDirectoryW
PathFileExistsW
PathRemoveFileSpecW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
StrFormatKBSizeW
ord29
StrCmpW
StrCmpIW
PathFindFileNameW

fltlib

FilterLoad
FilterConnectCommunicationPort
FilterSendMessage
FilterUnload

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

wtsapi32

WTSQuerySessionInformationW
WTSEnumerateProcessesW
WTSFreeMemory

kernel32

WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LCMapStringW
GetTimeZoneInformation
GetStringTypeW
GetACP
ExitProcess
GetStdHandle
QueryPerformanceFrequency
VirtualQuery
VirtualAlloc
HeapQueryInformation
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
PeekNamedPipe
GetFileType
GetDriveTypeW
RtlUnwindEx
RtlPcToFileHeader
CreateThread
GetVersionExA
GetCurrencyFormatW
GetNumberFormatW
GetTimeFormatW
GetDateFormatW
GetModuleHandleA
SizeofResource
LockResource
LoadResource
GetStartupInfoW
IsDebuggerPresent
SetStdHandle
InitializeSListHead
FindResourceW
ResetEvent
ResumeThread
WaitForSingleObject
WaitForMultipleObjects
SetEvent
Sleep
LoadLibraryW
GetProcAddress
FreeLibrary
GetCurrentProcess
GetLastError
MulDiv
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CloseHandle
ExpandEnvironmentStringsW
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
Process32NextW
GetSystemTime
SystemTimeToFileTime
CreateProcessW
GetLogicalDriveStringsW
QueryDosDeviceW
lstrlenW
GetLongPathNameW
WritePrivateProfileStringW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
lstrcmpW
lstrcpyW
GetComputerNameW
CreateMutexW
GetCommandLineW
VirtualAllocEx
ReadProcessMemory
WriteProcessMemory
VirtualFreeEx
HeapFree
InitializeCriticalSectionEx
HeapSize
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
GetProcessHeap
WriteFile
FindFirstFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FindNextFileW
FindClose
GetVersionExW
GetModuleHandleW
GetSystemInfo
GetLocalTime
GetEnvironmentVariableW
GetModuleFileNameW
VerSetConditionMask
VerifyVersionInfoW
GetFileAttributesW
CreateDirectoryW
CreateFileW
LocalFree
GetUserDefaultLangID
WideCharToMultiByte
MultiByteToWideChar
OutputDebugStringW
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
FormatMessageW
CopyFileW
SetLastError
OutputDebugStringA
EncodePointer
GetCurrentThreadId
GetSystemDirectoryW
FreeResource
GetModuleHandleExW
LoadLibraryExW
GlobalDeleteAtom
GlobalAddAtomW
GlobalFindAtomW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
CreateEventW
SetThreadPriority
SuspendThread
lstrcmpA
DeleteFileW
FlushFileBuffers
GetFileSize
GetFullPathNameW
GetVolumeInformationW
LockFile
ReadFile
SetEndOfFile
SetFilePointer
UnlockFile
DuplicateHandle
lstrcmpiW
FileTimeToLocalFileTime
GetFileAttributesExW
GetFileSizeEx
GetFileTime
GetCurrentThread
GetPrivateProfileIntW
GetCurrentProcessId
GlobalGetAtomNameW
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
VirtualProtect
SetErrorMode
GetCurrentDirectoryW
FindResourceExW
GetWindowsDirectoryW
GetTempFileNameW
GetTempPathW
GetTickCount
GetProfileIntW
SearchPathW
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime

user32

LoadMenuW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
GetActiveWindow
TranslateMessage
GetMessageW
FillRect
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
IsDialogMessageW
SetWindowTextW
SendDlgItemMessageW
CheckDlgButton
SetDlgItemTextW
MoveWindow
ShowWindow
SetRectEmpty
SendDlgItemMessageA
WindowFromPoint
IsWindowEnabled
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetLastActivePopup
GetTopWindow
GetClassLongPtrW
SetWindowLongPtrW
PtInRect
EqualRect
CopyRect
GetSysColor
MapWindowPoints
SetClassLongPtrW
SetWindowRgn
SetParent
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DestroyMenu
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
EndPaint
BeginPaint
DrawStateW
TrackMouseEvent
SetActiveWindow
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetMenuItemInfoW
GetKeyState
SetFocus
GetDlgCtrlID
IsIconic
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsMenu
CreateWindowExW
GetClassInfoExW
DestroyIcon
WaitMessage
DeleteMenu
KillTimer
GetNextDlgGroupItem
DrawFocusRect
IsRectEmpty
DrawIconEx
GetIconInfo
MessageBeep
EnumDisplayMonitors
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
InflateRect
SystemParametersInfoW
IntersectRect
GetCursor
SystemParametersInfoA
CreateIconIndirect
LoadMenuIndirectW
IsCharAlphaW
GetClipboardData
PostMessageW
GetParent
SetLayeredWindowAttributes
SetWindowLongW
GetWindowLongW
SendMessageW
LoadImageW
GetWindowRect
GetClientRect
OffsetRect
SetCapture
ReleaseCapture
ExitWindowsEx
EnableWindow
RedrawWindow
SetWindowPos
InvalidateRect
SetTimer
IsChild
GetFocus
GetSystemMetrics
GetWindowLongPtrW
GetSystemMenu
SubtractRect
LoadCursorW
DefWindowProcW
GetClassInfoW
IsWindow
EndDeferWindowPos
DeferWindowPos
ScreenToClient
BeginDeferWindowPos
MessageBoxW
IsCharAlphaNumericW
LoadStringW
GetDesktopWindow
GetWindow
ClientToScreen
GetCursorPos
GetClassNameW
FindWindowExW
FindWindowW
GetWindowThreadProcessId
EnumThreadWindows
IsWindowVisible
GetDlgItem
UnregisterClassW
GetMenuStringW
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuW
AppendMenuW
RemoveMenu
CharUpperW
PostQuitMessage
ShowOwnedPopups
SetCursor
GetKeyNameTextW
MapVirtualKeyW
GetSysColorBrush
CopyImage
RealChildWindowFromPoint
GetAsyncKeyState
GetCapture
DrawEdge
MapDialogRect
CreatePopupMenu
GetMenuDefaultItem
GetForegroundWindow
RegisterWindowMessageW
DispatchMessageW
PeekMessageW
DrawFrameControl
IsZoomed
BringWindowToTop
GetMessagePos
GetMessageTime
CallWindowProcW
SetCursorPos
CopyIcon
FrameRect
DrawIcon
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
UnionRect
UpdateLayeredWindow
MonitorFromPoint
GetComboBoxInfo
PostThreadMessageW
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
SetRect
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
IsClipboardFormatAvailable
GetUpdateRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
GetDCEx
DestroyCursor
GetWindowRgn
WindowFromDC
CreateMenu
RegisterClassW
SetForegroundWindow

gdi32

GetTextCharset
GetTextFaceW
GetStretchBltMode
GetNearestColor
GetBkMode
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
StretchDIBits
OffsetRgn
GetRgnBox
Rectangle
LPtoDP
CreateRoundRectRgn
Polyline
Polygon
CreatePolygonRgn
GetTextColor
Ellipse
CreateEllipticRgn
SetDIBColorTable
CreateDIBSection
StretchBlt
SetPixel
GetDIBits
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
CreateCompatibleBitmap
GetBkColor
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
EnumFontFamiliesExW
GetTextMetricsW
DPtoLP
SetRectRgn
PatBlt
GetMapMode
CreateRectRgnIndirect
CombineRgn
GetTextExtentPoint32W
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
ExtCreatePen
SetTextAlign
SetStretchBltMode
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
DeleteObject
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
CreateBitmap
BitBlt
DeleteDC
SetTextColor
SetBkColor
CreateDCW
CopyMetaFileW
GetDeviceCaps
CreateFontIndirectW
GetObjectW

msimg32

AlphaBlend
TransparentBlt

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegQueryValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
RegCloseKey
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegDeleteValueW
RegEnumValueW
RegSetValueExW
GetUserNameW
LookupAccountNameW
ConvertSidToStringSidW
OpenProcessToken
GetTokenInformation
DuplicateTokenEx

shell32

SHBrowseForFolderW
DragFinish
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHAppBarMessage
CommandLineToArgvW
ShellExecuteExW
SHGetFolderPathW
DragQueryFileW

uxtheme

DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
GetCurrentThemeName
GetThemeColor
GetThemePartSize
GetThemeSysColor
IsAppThemed
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
GetWindowTheme

ole32

IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CoInitializeEx
CoDisconnectObject
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CreateStreamOnHGlobal

oleaut32

VarBstrFromDate
VariantCopy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysAllocString
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysFreeString
LoadTypeLi

wintrust

WinVerifyTrust

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

gdiplus

GdipDrawImageRectI
GdiplusShutdown
GdipAlloc
GdipFree
GdipSetInterpolationMode
GdipBitmapLockBits
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipBitmapUnlockBits
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipDeleteGraphics
GdipCreateBitmapFromScan0

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 83KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Revo Uninstaller Pro 5.3.0/App/Revo/x64/RevoCmd.exe
.exe windows:6 windows x64 arch:x64

a41c0213a16d25e572012f132104c010

Code Sign

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

Issuer

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47
Certificate

Issuer

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/07/2021, 00:00

Not After

06/08/2024, 23:59

Subject

SERIALNUMBER=200204019,CN=VS Revo Group Ltd.,O=VS Revo Group Ltd.,L=Ruse,C=BG,1.3.6.1.4.1.311.60.2.1.3=#13024247,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

Issuer

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47
Certificate

Issuer

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/07/2021, 00:00

Not After

06/08/2024, 23:59

Subject

SERIALNUMBER=200204019,CN=VS Revo Group Ltd.,O=VS Revo Group Ltd.,L=Ruse,C=BG,1.3.6.1.4.1.311.60.2.1.3=#13024247,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:44:51:41:1e:69:1a:88:03:62:bc:34:32:bb:f6:fc:85:a5:61:43:49:6e:b3:16:86:a6:c7:e8:01:e4:fd:50
Signer

Actual PE Digest

8c:44:51:41:1e:69:1a:88:03:62:bc:34:32:bb:f6:fc:85:a5:61:43:49:6e:b3:16:86:a6:c7:e8:01:e4:fd:50

Digest Algorithm

sha256

PE Digest Matches

true

cd:76:6e:42:bb:6e:6d:d4:77:0a:5c:94:e6:6c:dc:fe:5e:90:b1:82
Signer

Actual PE Digest

cd:76:6e:42:bb:6e:6d:d4:77:0a:5c:94:e6:6c:dc:fe:5e:90:b1:82

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Work\VSRevo\Windows\Projects\RevoCmd\x64\Release\RevoCmd.pdb

Imports

shlwapi

PathMatchSpecW

kernel32

GetConsoleScreenBufferInfoEx
GetStdHandle
WriteConsoleW
ExitProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlPcToFileHeader
EncodePointer
RaiseException
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
GetACP
HeapFree
HeapAlloc
CompareStringW
LCMapStringW
GetFileType
CloseHandle
WaitForSingleObject
GetExitCodeProcess
CreateProcessA
GetFileAttributesExW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
SetFilePointerEx

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Revo Uninstaller Pro 5.3.0/App/Revo/x64/RevoUnPro.exe
.exe windows:6 windows x64 arch:x64

83363d77f2ea9d456b8e93bcc214ec4c

Code Sign

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

Issuer

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47
Certificate

Issuer

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/07/2021, 00:00

Not After

06/08/2024, 23:59

Subject

SERIALNUMBER=200204019,CN=VS Revo Group Ltd.,O=VS Revo Group Ltd.,L=Ruse,C=BG,1.3.6.1.4.1.311.60.2.1.3=#13024247,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

Issuer

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47
Certificate

Issuer

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/07/2021, 00:00

Not After

06/08/2024, 23:59

Subject

SERIALNUMBER=200204019,CN=VS Revo Group Ltd.,O=VS Revo Group Ltd.,L=Ruse,C=BG,1.3.6.1.4.1.311.60.2.1.3=#13024247,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a8:98:46:3d:d5:21:93:06:07:1c:16:e1:5c:9a:d9:36:db:d9:60:79:34:25:36:dd:e7:47:30:5e:a0:50:ce:d4
Signer

Actual PE Digest

a8:98:46:3d:d5:21:93:06:07:1c:16:e1:5c:9a:d9:36:db:d9:60:79:34:25:36:dd:e7:47:30:5e:a0:50:ce:d4

Digest Algorithm

sha256

PE Digest Matches

true

b3:1d:d0:4e:ee:6d:c6:2c:30:6d:f8:25:c8:23:13:81:e7:2f:24:dd
Signer

Actual PE Digest

b3:1d:d0:4e:ee:6d:c6:2c:30:6d:f8:25:c8:23:13:81:e7:2f:24:dd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Work\VSRevo\Windows\Projects\VSProjectPro\build\x64\Release Portable\VSProjectPro\RevoUnPro.pdb

Imports

dnsapi

DnsQuery_W

shlwapi

StrFormatByteSizeW
PathFindFileNameW
PathAppendW
PathFindExtensionW
StrStrIW
PathFileExistsW
StrCmpIW
StrCatW
PathRemoveBackslashW
PathStripPathW
PathRemoveFileSpecW
StrCpyW
StrToIntA
ord487
PathQuoteSpacesW
PathAddBackslashW
StrChrIW
PathUnquoteSpacesW
StrCmpW
StrFormatKBSizeW
PathIsRootW
PathGetArgsW
PathRemoveArgsW
SHDeleteValueW
SHDeleteKeyW
PathStripToRootW
StrToIntW
PathMatchSpecW
PathRemoveExtensionW
StrStrW
PathSkipRootW
PathIsDirectoryW
PathIsDirectoryEmptyW
PathUnExpandEnvStringsW
SHQueryValueExW
StrCmpNIW
PathIsUNCW
ord29

psapi

EnumProcesses
GetModuleFileNameExW
GetProcessImageFileNameW

msi

ord217
ord173

advapi32

RegDeleteKeyW
RegEnumKeyW
RegUnLoadKeyW
RegOpenKeyExA
RegQueryValueW
RegNotifyChangeKeyValue
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
SetSecurityInfo
SetEntriesInAclW
ControlService
GetUserNameW
DuplicateTokenEx
OpenProcessToken
CreateProcessWithTokenW
RegSetValueExW
CryptDecrypt
CryptEncrypt
CryptDeriveKey
CryptHashData
CryptReleaseContext
CryptDestroyKey
CryptDestroyHash
CryptCreateHash
RegSaveKeyExW
RegDeleteKeyExW
FreeSid
SetNamedSecurityInfoW
AllocateAndInitializeSid
ConvertSidToStringSidW
LookupAccountNameW
RegSetKeySecurity
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegLoadKeyW
RegGetKeySecurity
RegFlushKey
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenSCManagerW
OpenServiceW
CloseServiceHandle
DeleteService
RegOpenKeyW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumValueW
CryptAcquireContextW
RegConnectRegistryW

wininet

FindFirstUrlCacheEntryW
DeleteUrlCacheEntryW
FindCloseUrlCache
FindNextUrlCacheEntryW

wtsapi32

WTSEnumerateProcessesW
WTSFreeMemory
WTSQuerySessionInformationW

kernel32

FlushViewOfFile
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
HeapReAlloc
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
CreateFileMappingA
LockFileEx
GetCurrentProcessId
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
FlushFileBuffers
RaiseException
DecodePointer
VirtualAllocEx
VirtualFreeEx
ReadProcessMemory
WriteProcessMemory
SuspendThread
VirtualAlloc
VirtualFree
GetVersion
GetLongPathNameW
GetLogicalDriveStringsW
QueryDosDeviceW
GetTempPathA
VerifyVersionInfoW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
ReadConsoleW
GetCommandLineW
GetUserDefaultLangID
AttachConsole
FreeConsole
GetShortPathNameW
GlobalSize
SetLastError
GetModuleHandleExW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
EncodePointer
GetSystemDirectoryW
GlobalDeleteAtom
GlobalAddAtomW
GlobalFindAtomW
lstrcmpA
ReleaseSemaphore
GetVolumeInformationW
GetThreadLocale
GetFileSizeEx
GetFileTime
SetThreadPriority
GlobalGetAtomNameW
GetCurrentThread
GetPrivateProfileIntW
TlsFree
GlobalReAlloc
OutputDebugStringW
LocalAlloc
LocalReAlloc
GlobalFlags
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
VirtualProtect
SetErrorMode
GetUserDefaultLCID
GetCurrentDirectoryW
FindResourceExW
GetProfileIntW
SearchPathW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
FreeLibraryAndExitThread
ExitThread
PeekNamedPipe
GetFileType
GetConsoleCP
GetConsoleMode
VirtualQuery
RtlUnwindEx
InterlockedFlushSList
InterlockedPushEntrySList
RtlPcToFileHeader
GetCPInfo
LCMapStringW
QueryPerformanceFrequency
GetStringTypeW
CreateHardLinkW
SetFilePointerEx
FindFirstFileExW
GetExitCodeThread
GetPriorityClass
SetPriorityClass
GetThreadPriority
IsBadWritePtr
IsBadReadPtr
GetVersionExA
GetCurrencyFormatW
GetNumberFormatW
GetTimeFormatW
GetDateFormatW
GetModuleHandleA
WinExec
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
InitializeCriticalSection
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
HeapFree
HeapCreate
TryEnterCriticalSection
ReadFile
GetFileAttributesA
GetDiskFreeSpaceA
GlobalHandle
FormatMessageW
AreFileApisANSI
GetUserDefaultLocaleName
GetComputerNameW
CreateEventW
ExitProcess
DuplicateHandle
LocalFree
GetCurrentProcess
GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
WritePrivateProfileStringW
CreateFileA
GetModuleFileNameW
GetEnvironmentVariableW
GetLocalTime
GetSystemInfo
CreateThread
TerminateThread
GetProcessId
TerminateProcess
GetExitCodeProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
EnumResourceNamesW
LoadLibraryExW
FreeResource
GetVersionExW
CompareFileTime
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceExW
DeviceIoControl
lstrcmpiW
GetUserDefaultUILanguage
GetBinaryTypeW
GetDriveTypeW
GetLogicalDrives
InitializeCriticalSectionAndSpinCount
FileTimeToDosDateTime
GetFileInformationByHandle
GetFileSize
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
TlsGetValue
TlsSetValue
GetCurrentThreadId
GetTickCount
CreateFileW
GetFileAttributesW
lstrcpynW
lstrlenW
GetTempFileNameW
GetTempPathW
WriteConsoleInputW
GetStdHandle
GetModuleHandleW
TlsAlloc
GetFileAttributesExW
FileTimeToLocalFileTime
WideCharToMultiByte
SetFileAttributesW
RemoveDirectoryW
WriteFile
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindNextChangeNotification
FindCloseChangeNotification
FindFirstChangeNotificationW
WaitForMultipleObjects
OpenProcess
CopyFileW
CloseHandle
CreateProcessW
MoveFileW
lstrcatW
ExpandEnvironmentStringsW
GetWindowsDirectoryW
lstrcmpW
lstrcpyW
ResumeThread
GetFullPathNameW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
DeleteFileW
GetLastError
CreateDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryW
Sleep
FindClose
FindNextFileW
FindFirstFileW
MoveFileExW
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
SetEvent
WaitForSingleObject
ResetEvent
MulDiv
SetStdHandle
GetCommandLineA
HeapQueryInformation
GetACP
SetEnvironmentVariableA
SetEnvironmentVariableW
IsValidLocale
EnumSystemLocalesW
GetTimeZoneInformation
WriteConsoleW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
VerSetConditionMask

user32

SetLayeredWindowAttributes
EnumChildWindows
FindWindowW
DrawEdge
GetWindowDC
SetForegroundWindow
GetForegroundWindow
SystemParametersInfoW
SetWindowRgn
UnregisterClassW
DrawFrameControl
FrameRect
IsZoomed
GetActiveWindow
FillRect
ModifyMenuW
SetWindowLongW
MessageBoxA
DispatchMessageW
TranslateMessage
WaitMessage
PeekMessageW
LockWindowUpdate
DestroyMenu
LoadStringW
DrawFocusRect
EnumWindows
GetWindowThreadProcessId
CloseClipboard
EmptyClipboard
OpenClipboard
ChangeWindowMessageFilter
SetCaretPos
ShowScrollBar
GetScrollPos
GetScrollRange
SetScrollPos
SetScrollRange
GetDesktopWindow
GetClassNameW
IsCharAlphaW
AnimateWindow
LoadMenuW
SetRect
DrawIcon
LoadIconW
GetIconInfo
SetWindowLongPtrW
IsWindowVisible
WindowFromPoint
GetMonitorInfoW
MonitorFromWindow
ReleaseDC
GetWindowLongW
GetDC
GetMessagePos
EqualRect
InflateRect
GetCaretPos
RemovePropW
AdjustWindowRectEx
MessageBoxW
IsIconic
GetClassLongPtrW
GetTopWindow
GetLastActivePopup
SetWindowsHookExW
SetCapture
ReleaseCapture
CreatePopupMenu
InsertMenuW
TrackPopupMenu
SetCursorPos
EnableMenuItem
GetMenuItemCount
GetMenuItemID
GetSubMenu
MsgWaitForMultipleObjects
IsWindowUnicode
GetMessageW
GetMessageA
DispatchMessageA
SetClipboardData
GetDoubleClickTime
SendDlgItemMessageA
GetMenuStringW
GetMenuState
AppendMenuW
RemoveMenu
MoveWindow
RegisterHotKey
UnregisterHotKey
DestroyCaret
ShowCaret
CreateCaret
LoadBitmapW
SetPropW
GetCursor
CallNextHookEx
SetScrollInfo
WinHelpW
CheckMenuItem
SetDlgItemTextW
CheckDlgButton
SendDlgItemMessageW
GetDlgCtrlID
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
IsCharAlphaNumericW
GetClipboardData
SystemParametersInfoA
CreateIconIndirect
LoadMenuIndirectW
GetWindow
IsDialogMessageW
UnhookWindowsHookEx
BeginPaint
EndPaint
DestroyWindow
CreateDialogIndirectParamW
EndDialog
GetNextDlgTabItem
SetActiveWindow
RegisterWindowMessageW
GetMessageTime
CallWindowProcW
RegisterClassW
GetClassInfoExW
IsMenu
DestroyCursor
GetWindowPlacement
SetWindowPlacement
GetKeyState
GetCapture
GetMenu
SetMenu
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
GetMenuItemInfoW
GetSysColor
LoadImageW
DestroyIcon
GetDlgItem
IsWindow
GetWindowRect
GetClientRect
IsChild
InvalidateRect
UpdateWindow
EnableWindow
SetTimer
GetFocus
GetSystemMetrics
GetWindowLongPtrW
GetSystemMenu
LoadCursorW
DefWindowProcW
GetClassInfoW
EndDeferWindowPos
DeferWindowPos
ScreenToClient
BeginDeferWindowPos
GetScrollInfo
GetParent
ClientToScreen
SendMessageW
ShowWindow
KillTimer
RedrawWindow
SetWindowPos
IsWindowEnabled
CopyRect
SetCursor
LoadAcceleratorsW
PostMessageW
MapWindowPoints
ScrollWindow
GetWindowRgn
WindowFromDC
CreateWindowExW
SubtractRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
GetUpdateRect
CharUpperBuffW
MapVirtualKeyExW
IsCharLowerW
GetComboBoxInfo
UpdateLayeredWindow
SetMenuDefaultItem
MonitorFromPoint
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
CopyIcon
SetClassLongPtrW
GetMenuDefaultItem
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
GetNextDlgGroupItem
PostThreadMessageW
MessageBeep
IsClipboardFormatAvailable
GetDCEx
CopyAcceleratorTableW
InvalidateRgn
CreateMenu
GetTabbedTextExtentW
DrawIconEx
EnumDisplayMonitors
UnionRect
RealChildWindowFromPoint
ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatW
PostQuitMessage
IntersectRect
DeleteMenu
TranslateAcceleratorW
wsprintfW
GetAsyncKeyState
OffsetRect
IsRectEmpty
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetRectEmpty
SetFocus
CharNextW
SetParent
CopyImage
GetCursorPos
PtInRect
DrawStateW
TrackMouseEvent
MapVirtualKeyW
GetKeyNameTextW
ReuseDDElParam
UnpackDDElParam
GetSysColorBrush
GetPropW
InsertMenuItemW
BringWindowToTop
CharUpperW
MsgWaitForMultipleObjectsEx

gdi32

GetTextColor
SetTextColor
RoundRect
GetStockObject
CreatePen
GetTextExtentPoint32W
CreateSolidBrush
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
LPtoDP
CreateBitmap
GetMapMode
DPtoLP
GetBkColor
SetBkColor
MoveToEx
LineTo
Rectangle
GetStretchBltMode
SetStretchBltMode
CreateRectRgn
CombineRgn
GetDIBits
CopyMetaFileW
CreateDCW
CreateHatchBrush
CreatePatternBrush
ExcludeClipRect
GetClipBox
BitBlt
GetCurrentPositionEx
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
PlayMetaFile
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
StartDocW
ExtCreatePen
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
SetRectRgn
CloseMetaFile
CreateMetaFileW
DeleteMetaFile
GetCharWidthW
StretchDIBits
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
RealizePalette
SetPixel
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
GetTextAlign
GetViewportOrgEx
OffsetRgn
GetRgnBox
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
CreateRoundRectRgn
EnumFontFamiliesExW
EndDoc
StartPage
EndPage
AbortDoc
SetAbortProc
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
GetWindowOrgEx
SetPixelV
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetTextFaceW
CreateCompatibleBitmap
StretchBlt
PatBlt
CreateFontIndirectW
GetDeviceCaps
GetTextMetricsW
GetObjectW
SetDIBColorTable
SelectObject
DeleteObject
CreateDIBSection
CreateCompatibleDC
DeleteDC
GetDCOrgEx
GetMetaFileW
CloseEnhMetaFile
CreateEnhMetaFileW
DeleteEnhMetaFile
GetEnhMetaFileW
PlayEnhMetaFile
GetTextCharset
CreateEllipticRgnIndirect
CreateFontW

msimg32

TransparentBlt
AlphaBlend

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

shell32

ord92
SHCreateItemFromParsingName
SHGetFolderPathW
ExtractIconW
SHGetFileInfoW
ShellExecuteW
ShellExecuteExW
SHGetKnownFolderPath
ExtractIconExW
ord165
DragAcceptFiles
DragQueryFileW
DragFinish
SHAddToRecentDocs
SHEmptyRecycleBinW
ord6
Shell_NotifyIconW
SHGetMalloc
CommandLineToArgvW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetDesktopFolder
SHAppBarMessage
SHFileOperationW

comctl32

ord17
_TrackMouseEvent
ImageList_SetImageCount
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_Remove
ImageList_GetImageCount
ImageList_AddMasked
ImageList_Duplicate
ImageList_GetImageInfo

uxtheme

GetThemePartSize
OpenThemeData
CloseThemeData
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
IsAppThemed
DrawThemeParentBackground
DrawThemeText
GetThemeColor
GetWindowTheme
GetThemeSysColor
GetCurrentThemeName

ole32

IsAccelerator
OleTranslateAccelerator
OleLockRunning
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CoRegisterMessageFilter
OleFlushClipboard
CoRevokeClassObject
StgOpenStorageOnILockBytes
CoGetClassObject
WriteClassStm
OleIsCurrentClipboard
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateILockBytesOnHGlobal
OleLoadFromStream
StgCreateDocfileOnILockBytes
CoDisconnectObject
CLSIDFromProgID
OleUninitialize
OleInitialize
CoCreateGuid
OleSaveToStream
ReleaseStgMedium
OleDuplicateData
CoTaskMemAlloc
CreateStreamOnHGlobal
CoTaskMemFree
OleRun
CLSIDFromString
CoInitialize
CoInitializeEx
CoCreateInstance
CoUninitialize
RevokeDragDrop
CoFreeUnusedLibraries

oleaut32

VarMul
OleCreatePictureIndirect
LoadTypeLi
VarCyFromStr
SafeArrayDestroy
SysStringLen
OleCreateFontIndirect
VariantChangeType
SysAllocStringLen
OleLoadPicture
VarDateFromStr
VariantInit
VariantCopy
SysAllocString
VariantClear
VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringByteLen
SysStringByteLen
SysFreeString
VarDiv
VarBstrFromR8
VarR8FromStr
CreateErrorInfo
GetErrorInfo
VarI4FromStr

oledlg

OleUIBusyW

urlmon

URLDownloadToFileW

gdiplus

GdipFree
GdipAlloc
GdipDisposeImage
GdipDeleteGraphics
GdipDrawImageI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromStream
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipGetImageGraphicsContext
GdipCreateBitmapFromHBITMAP

rstrtmgr

RmStartSession
RmEndSession

wintrust

WinVerifyTrust

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

Sections

.text
Size: 8.4MB - Virtual size: 8.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 172KB - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 358KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11.9MB - Virtual size: 11.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Revo Uninstaller Pro 5.3.0/App/Revo/x64/Vista/revoflt.inf
Revo Uninstaller Pro 5.3.0/App/Revo/x64/Vista/revoflt.sys
.sys windows:6 windows x64 arch:x64

cf10e28779d15c617f6ed3021cd35fa6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:0f:d9:71:7c:2f:57:7f:47:d6:4a:15:45:8e:ef:e2
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

08/12/2009, 00:00

Not After

19/12/2010, 23:59

Subject

CN=VS Revo Group,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=VS Revo Group,L=Ruse,ST=Ruse,C=BG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

23:07:31:ef:6f:4d:bd:f7:34:b7:3f:c6:d5:9c:2f:4b
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/05/2016, 00:00

Not After

10/01/2017, 23:59

Subject

CN=VS Revo Group,O=VS Revo Group,L=Ruse,ST=Ruse,C=BG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4f:dc:b3:bf:77:88:df:5e:78:3a:ff:c5:69:fc:f8:34:dc:8b:ef:41:c9:8e:6f:ce:73:d2:62:64:3c:de:0d:e3
Signer

Actual PE Digest

4f:dc:b3:bf:77:88:df:5e:78:3a:ff:c5:69:fc:f8:34:dc:8b:ef:41:c9:8e:6f:ce:73:d2:62:64:3c:de:0d:e3

Digest Algorithm

sha256

PE Digest Matches

true

c2:dd:25:50:dd:45:e4:b7:2e:7a:58:bc:e6:de:9d:29:85:6c:ec:69
Signer

Actual PE Digest

c2:dd:25:50:dd:45:e4:b7:2e:7a:58:bc:e6:de:9d:29:85:6c:ec:69

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\minispy\filter\objfre_wlh_amd64\amd64\revoflt.pdb

Imports

ntoskrnl.exe

ObOpenObjectByPointer
DbgPrint
ExDeleteNPagedLookasideList
ZwQueryKey
ExpInterlockedPushEntrySList
KeReleaseSpinLock
CmUnRegisterCallback
ExQueryDepthSList
PsGetCurrentThreadId
ZwOpenKey
KeAcquireSpinLockRaiseToDpc
KeBugCheckEx
ObfDereferenceObject
MmIsAddressValid
PsGetCurrentProcessId
ObfReferenceObject
CmRegisterCallback
ZwClose
KeAreAllApcsDisabled
ZwEnumerateValueKey
ZwQueryValueKey
ObQueryNameString
IoVolumeDeviceToDosName
PsSetCreateProcessNotifyRoutine
IoIs32bitProcess
RtlInitUnicodeString
ExInitializeNPagedLookasideList
ExFreePoolWithTag
ExpInterlockedPopEntrySList
ExAllocatePoolWithTag
__C_specific_handler

fltmgr.sys

FltStartFiltering
FltParseFileNameInformation
FltReleaseFileNameInformation
FltRegisterFilter
FltBuildDefaultSecurityDescriptor
FltGetRoutineAddress
FltCloseCommunicationPort
FltUnregisterFilter
FltGetFileNameInformation
FltAllocateContext
FltReleaseContext
FltIsDirectory
FltFreeSecurityDescriptor
FltCreateCommunicationPort
FltDeleteContext
FltCloseClientPort
FltGetDestinationFileNameInformation

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 122B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Revo Uninstaller Pro 5.3.0/App/Revo/x64/Win10/revoflt.inf
Revo Uninstaller Pro 5.3.0/App/Revo/x64/Win10/revoflt.sys
.sys windows:10 windows x64 arch:x64

9b2fb7939e09d145148dabcd9e6beedb

Code Sign

33:00:00:00:3a:6a:e3:33:70:8f:da:7a:7b:00:00:00:00:00:3a
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/03/2020, 17:31

Not After

05/03/2021, 17:31

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a0:4e:9e:13:4f:74:92:7a:15:44:81:1e:d7:c8:3e:91:e4:10:e5:12:e9:f2:ad:df:b2:c5:5e:8a:f3:3d:78:ab
Signer

Actual PE Digest

a0:4e:9e:13:4f:74:92:7a:15:44:81:1e:d7:c8:3e:91:e4:10:e5:12:e9:f2:ad:df:b2:c5:5e:8a:f3:3d:78:ab

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\ognian\source\repos\revoflt\x64\Release\revoflt.pdb

Imports

fltmgr.sys

FltRegisterFilter
FltUnregisterFilter
FltStartFiltering
FltGetRoutineAddress
FltGetFileNameInformation
FltReleaseFileNameInformation
FltParseFileNameInformation
FltIsDirectory
FltAllocateContext
FltDeleteContext
FltReleaseContext
FltCreateCommunicationPort
FltCloseCommunicationPort
FltCloseClientPort
FltBuildDefaultSecurityDescriptor
FltFreeSecurityDescriptor
FltGetDestinationFileNameInformation

ntoskrnl.exe

ExFreePoolWithTag
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
CmRegisterCallback
CmUnRegisterCallback
ExAllocatePoolWithTag
ObfReferenceObject
ObfDereferenceObject
ZwClose
ZwEnumerateValueKey
ZwQueryKey
ZwQueryValueKey
MmIsAddressValid
PsSetCreateProcessNotifyRoutine
PsGetCurrentProcessId
IoVolumeDeviceToDosName
ObOpenObjectByPointer
ObQueryNameString
__C_specific_handler
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
ExQueryDepthSList
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ZwOpenKey
PsGetCurrentThreadId
KeBugCheckEx
RtlInitUnicodeString
RtlCopyUnicodeString
ExAllocatePool
KeAreAllApcsDisabled
DbgPrint
IoIs32bitProcess

wdfldr.sys

WdfVersionBindClass
WdfVersionBind
WdfVersionUnbind
WdfVersionUnbindClass

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Revo Uninstaller Pro 5.3.0/App/Revo/x64/revoflt.inf
Revo Uninstaller Pro 5.3.0/App/Revo/x64/revoflt.sys
.sys windows:10 windows x64 arch:x64

9b2fb7939e09d145148dabcd9e6beedb

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:7a:ae:3b:36:08:69:a3:ba:28:bd:7d:1f:d0:b8:f6
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

02/08/2018, 00:00

Not After

06/08/2021, 12:00

Subject

SERIALNUMBER=200204019,CN=VS Revo Group Ltd.,O=VS Revo Group Ltd.,L=Ruse,C=BG,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024247

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:7a:ae:3b:36:08:69:a3:ba:28:bd:7d:1f:d0:b8:f6
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

02/08/2018, 00:00

Not After

06/08/2021, 12:00

Subject

SERIALNUMBER=200204019,CN=VS Revo Group Ltd.,O=VS Revo Group Ltd.,L=Ruse,C=BG,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024247

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6d:a0:ae:26:27:00:8d:f8:51:9e:62:02:3a:5a:9c:94:45:8a:ba:d5:17:39:b7:81:e8:f5:41:0a:49:1d:8a:d6
Signer

Actual PE Digest

6d:a0:ae:26:27:00:8d:f8:51:9e:62:02:3a:5a:9c:94:45:8a:ba:d5:17:39:b7:81:e8:f5:41:0a:49:1d:8a:d6

Digest Algorithm

sha256

PE Digest Matches

true

ac:1c:0f:e9:69:51:45:e2:bb:b5:69:03:4f:37:7f:d3:0f:4c:14:7a
Signer

Actual PE Digest

ac:1c:0f:e9:69:51:45:e2:bb:b5:69:03:4f:37:7f:d3:0f:4c:14:7a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\ognian\source\repos\revoflt\x64\Release\revoflt.pdb

Imports

fltmgr.sys

FltRegisterFilter
FltUnregisterFilter
FltStartFiltering
FltGetRoutineAddress
FltGetFileNameInformation
FltReleaseFileNameInformation
FltParseFileNameInformation
FltIsDirectory
FltAllocateContext
FltDeleteContext
FltReleaseContext
FltCreateCommunicationPort
FltCloseCommunicationPort
FltCloseClientPort
FltBuildDefaultSecurityDescriptor
FltFreeSecurityDescriptor
FltGetDestinationFileNameInformation

ntoskrnl.exe

ExFreePoolWithTag
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
CmRegisterCallback
CmUnRegisterCallback
ExAllocatePoolWithTag
ObfReferenceObject
ObfDereferenceObject
ZwClose
ZwEnumerateValueKey
ZwQueryKey
ZwQueryValueKey
MmIsAddressValid
PsSetCreateProcessNotifyRoutine
PsGetCurrentProcessId
IoVolumeDeviceToDosName
ObOpenObjectByPointer
ObQueryNameString
__C_specific_handler
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
ExQueryDepthSList
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ZwOpenKey
PsGetCurrentThreadId
KeBugCheckEx
RtlInitUnicodeString
RtlCopyUnicodeString
ExAllocatePool
KeAreAllApcsDisabled
DbgPrint
IoIs32bitProcess

wdfldr.sys

WdfVersionBindClass
WdfVersionBind
WdfVersionUnbind
WdfVersionUnbindClass

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Revo Uninstaller Pro 5.3.0/App/Revo/x86/RUExt.dll
.dll regsvr32 windows:6 windows x86 arch:x86

16f5972b682197bb142c2865dc31670f

Code Sign

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

Issuer

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47
Certificate

Issuer

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/07/2021, 00:00

Not After

06/08/2024, 23:59

Subject

SERIALNUMBER=200204019,CN=VS Revo Group Ltd.,O=VS Revo Group Ltd.,L=Ruse,C=BG,1.3.6.1.4.1.311.60.2.1.3=#13024247,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

Issuer

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47
Certificate

Issuer

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/07/2021, 00:00

Not After

06/08/2024, 23:59

Subject

SERIALNUMBER=200204019,CN=VS Revo Group Ltd.,O=VS Revo Group Ltd.,L=Ruse,C=BG,1.3.6.1.4.1.311.60.2.1.3=#13024247,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:c0:fd:79:2a:ba:62:07:ba:4d:c7:89:15:a4:9d:79:3d:97:12:97:42:84:d0:80:e4:d3:fd:72:e5:07:d5:62
Signer

Actual PE Digest

27:c0:fd:79:2a:ba:62:07:ba:4d:c7:89:15:a4:9d:79:3d:97:12:97:42:84:d0:80:e4:d3:fd:72:e5:07:d5:62

Digest Algorithm

sha256

PE Digest Matches

true

16:11:f3:3c:db:74:d4:e5:71:cf:0d:27:f5:6e:5e:a8:95:ca:6b:11
Signer

Actual PE Digest

16:11:f3:3c:db:74:d4:e5:71:cf:0d:27:f5:6e:5e:a8:95:ca:6b:11

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Work\VSRevo\Windows\Projects\RUExt\build\x86\Release\RUExt\RUExt.pdb

Imports

kernel32

EncodePointer
DecodePointer
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetVersion
LoadLibraryExW
LoadResource
SizeofResource
lstrcmpiW
FindResourceW
MultiByteToWideChar
GetThreadLocale
SetThreadLocale
GlobalUnlock
lstrcpyW
lstrlenW
WideCharToMultiByte
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
SetStdHandle
FreeEnvironmentStringsW
GetPrivateProfileStringW
LoadLibraryW
GetProcAddress
GetModuleHandleA
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
GetProcessHeap
HeapFree
HeapAlloc
SetLastError
GetLastError
GlobalLock
OutputDebugStringA
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
CreateFileW
LCMapStringW
HeapReAlloc
HeapSize
GetFileType
GetStdHandle
GetACP
IsDebuggerPresent
OutputDebugStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedFlushSList
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetStringTypeW

user32

LoadIconW
ReleaseDC
SetRect
DestroyIcon
DrawIconEx
GetIconInfo
CharNextW
InsertMenuW
SetMenuItemBitmaps
GetDC

gdi32

CreateDIBSection
SelectObject
GetDIBits
DeleteObject
DeleteDC
CreateCompatibleDC
GetDeviceCaps

advapi32

RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
RegSetValueExW

shell32

ShellExecuteExW
DragQueryFileW
SHGetMalloc

ole32

CoCreateInstance
ReleaseStgMedium
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2

oleaut32

SysFreeString
SysAllocString
SysStringLen
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi

msi

ord217
ord173

shlwapi

PathRemoveFileSpecW
PathIsDirectoryW
PathFindExtensionW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Revo Uninstaller Pro 5.3.0/App/Revo/x86/RevoAppBar.exe
.exe windows:6 windows x86 arch:x86

04c1903513c80de6395706f78add8319

Code Sign

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

Issuer

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47
Certificate

Issuer

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/07/2021, 00:00

Not After

06/08/2024, 23:59

Subject

SERIALNUMBER=200204019,CN=VS Revo Group Ltd.,O=VS Revo Group Ltd.,L=Ruse,C=BG,1.3.6.1.4.1.311.60.2.1.3=#13024247,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

Issuer

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47
Certificate

Issuer

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/07/2021, 00:00

Not After

06/08/2024, 23:59

Subject

SERIALNUMBER=200204019,CN=VS Revo Group Ltd.,O=VS Revo Group Ltd.,L=Ruse,C=BG,1.3.6.1.4.1.311.60.2.1.3=#13024247,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fd:d1:88:09:29:d5:c1:12:13:e4:10:2a:df:cd:74:f7:24:31:74:c3:19:64:8d:c4:b9:cf:8c:e2:c3:65:35:83
Signer

Actual PE Digest

fd:d1:88:09:29:d5:c1:12:13:e4:10:2a:df:cd:74:f7:24:31:74:c3:19:64:8d:c4:b9:cf:8c:e2:c3:65:35:83

Digest Algorithm

sha256

PE Digest Matches

true

75:a2:ea:d1:49:0d:53:7e:36:84:26:97:37:ec:46:c3:1a:ea:6f:86
Signer

Actual PE Digest

75:a2:ea:d1:49:0d:53:7e:36:84:26:97:37:ec:46:c3:1a:ea:6f:86

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Work\VSRevo\Windows\Projects\RevoAppBar\Release Portable\RevoAppBar.pdb

Imports

comctl32

InitCommonControlsEx
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_GetImageInfo
ImageList_GetIcon

shlwapi

PathIsDirectoryEmptyW
PathIsDirectoryW
PathFileExistsW
PathRemoveFileSpecW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
StrFormatKBSizeW
ord29
StrCmpW
StrCmpIW
PathFindFileNameW

fltlib

FilterLoad
FilterConnectCommunicationPort
FilterSendMessage
FilterUnload

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

wtsapi32

WTSQuerySessionInformationW
WTSEnumerateProcessesW
WTSFreeMemory

kernel32

FindFirstFileW
LoadResource
LockResource
SizeofResource
GetDateFormatW
GetTimeFormatW
GetNumberFormatW
GetCurrencyFormatW
GetVersionExA
CreateThread
RtlUnwind
GetDriveTypeW
GetFileType
PeekNamedPipe
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetCommandLineA
HeapQueryInformation
VirtualAlloc
VirtualQuery
QueryPerformanceFrequency
SetStdHandle
GetStdHandle
ExitProcess
GetACP
GetStringTypeW
GetTimeZoneInformation
LCMapStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
FindResourceW
ResetEvent
ResumeThread
WaitForSingleObject
WaitForMultipleObjects
SetEvent
Sleep
LoadLibraryW
GetProcAddress
FreeLibrary
GetCurrentProcess
GetLastError
MulDiv
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CloseHandle
ExpandEnvironmentStringsW
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
Process32NextW
GetSystemTime
SystemTimeToFileTime
CreateProcessW
GetLogicalDriveStringsW
QueryDosDeviceW
lstrlenW
GetLongPathNameW
WritePrivateProfileStringW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
lstrcmpW
lstrcpyW
GetComputerNameW
CreateMutexW
GetCommandLineW
VirtualAllocEx
ReadProcessMemory
WriteProcessMemory
VirtualFreeEx
HeapFree
InitializeCriticalSectionEx
HeapSize
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
GetProcessHeap
WriteFile
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FindNextFileW
FindClose
GetVersionExW
GetModuleHandleW
GetSystemInfo
GetLocalTime
GetEnvironmentVariableW
GetModuleFileNameW
VerSetConditionMask
VerifyVersionInfoW
GetFileAttributesW
CreateDirectoryW
CreateFileW
LocalFree
GetUserDefaultLangID
WideCharToMultiByte
MultiByteToWideChar
OutputDebugStringW
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
FormatMessageW
CopyFileW
SetLastError
OutputDebugStringA
EncodePointer
GetCurrentThreadId
GetSystemDirectoryW
FreeResource
GetModuleHandleA
LoadLibraryExW
GlobalDeleteAtom
LoadLibraryA
GlobalAddAtomW
GlobalFindAtomW
CreateEventW
SetThreadPriority
SuspendThread
lstrcmpA
DeleteFileW
FlushFileBuffers
GetFileSize
GetFullPathNameW
GetVolumeInformationW
LockFile
ReadFile
SetEndOfFile
SetFilePointer
UnlockFile
DuplicateHandle
lstrcmpiW
FileTimeToLocalFileTime
GetFileAttributesExW
GetFileSizeEx
GetFileTime
GetCurrentThread
GetPrivateProfileIntW
GetCurrentProcessId
GlobalGetAtomNameW
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
VirtualProtect
SetErrorMode
GetCurrentDirectoryW
FindResourceExW
GetWindowsDirectoryW
GetTempFileNameW
GetTempPathW
GetTickCount
GetProfileIntW
SearchPathW
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW

user32

InflateRect
GetMenuItemInfoW
DestroyMenu
LoadMenuW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
GetActiveWindow
TranslateMessage
GetMessageW
FillRect
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
IsDialogMessageW
SetWindowTextW
SendDlgItemMessageW
CheckDlgButton
SetDlgItemTextW
SetWindowLongW
MoveWindow
ShowWindow
SetRectEmpty
SendDlgItemMessageA
WindowFromPoint
IsWindowEnabled
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetLastActivePopup
GetTopWindow
GetClassLongW
PtInRect
SetLayeredWindowAttributes
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
EqualRect
CopyRect
GetSysColor
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
GetDCEx
ScrollWindow
ValidateRect
WaitMessage
BeginPaint
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
SystemParametersInfoW
SetMenu
GetMenu
GetCapture
GetKeyState
SetFocus
GetDlgCtrlID
IsIconic
SetWindowPlacement
GetWindowPlacement
DeleteMenu
KillTimer
GetNextDlgGroupItem
DrawFocusRect
IsRectEmpty
DrawIconEx
GetIconInfo
SetParent
MessageBeep
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
EnumDisplayMonitors
DrawFrameControl
IsZoomed
IntersectRect
CharUpperW
PostQuitMessage
ShowOwnedPopups
GetCursor
SystemParametersInfoA
CreateIconIndirect
LoadMenuIndirectW
IsCharAlphaW
GetClipboardData
DestroyWindow
IsMenu
CreateWindowExW
GetClassInfoExW
RegisterClassW
CallWindowProcW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
UnregisterClassW
GetDlgItem
IsWindowVisible
EnumThreadWindows
GetWindowThreadProcessId
FindWindowW
FindWindowExW
GetClassNameW
GetCursorPos
ClientToScreen
GetWindow
GetDesktopWindow
LoadStringW
IsCharAlphaNumericW
MessageBoxW
BeginDeferWindowPos
ScreenToClient
DeferWindowPos
EndDeferWindowPos
IsWindow
GetClassInfoW
DefWindowProcW
LoadCursorW
GetSystemMenu
GetSystemMetrics
GetFocus
IsChild
SetTimer
InvalidateRect
SetWindowPos
RedrawWindow
EnableWindow
ExitWindowsEx
ReleaseCapture
SetCursor
GetKeyNameTextW
MapVirtualKeyW
GetSysColorBrush
CopyImage
RealChildWindowFromPoint
GetAsyncKeyState
MapDialogRect
TrackMouseEvent
DestroyIcon
TrackPopupMenu
DestroyCursor
SetClassLongW
SetWindowRgn
DrawEdge
SetCapture
OffsetRect
GetClientRect
GetWindowRgn
WindowFromDC
CreateMenu
GetWindowRect
LoadImageW
BringWindowToTop
SetCursorPos
CopyIcon
FrameRect
DrawIcon
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
UnionRect
UpdateLayeredWindow
MonitorFromPoint
GetComboBoxInfo
PostThreadMessageW
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
SetRect
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
IsClipboardFormatAvailable
GetUpdateRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
PostMessageW
EndPaint
GetParent
SendMessageW
GetWindowLongW
SetScrollPos

gdi32

GetTextCharset
GetTextFaceW
GetStretchBltMode
GetNearestColor
GetBkMode
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
StretchDIBits
OffsetRgn
GetRgnBox
Rectangle
LPtoDP
CreateRoundRectRgn
Polyline
Polygon
CreatePolygonRgn
GetTextColor
Ellipse
CreateEllipticRgn
SetDIBColorTable
CreateDIBSection
StretchBlt
SetPixel
GetDIBits
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
CreateCompatibleBitmap
GetBkColor
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
EnumFontFamiliesExW
GetTextMetricsW
DPtoLP
SetRectRgn
PatBlt
GetMapMode
CreateRectRgnIndirect
CombineRgn
GetTextExtentPoint32W
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
ExtCreatePen
SetTextAlign
SetStretchBltMode
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
DeleteObject
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
CreateBitmap
BitBlt
DeleteDC
SetTextColor
SetBkColor
CreateDCW
CopyMetaFileW
GetDeviceCaps
CreateFontIndirectW
GetObjectW

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegQueryValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
RegCloseKey
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegDeleteValueW
RegEnumValueW
RegSetValueExW
GetUserNameW
LookupAccountNameW
ConvertSidToStringSidW
OpenProcessToken
GetTokenInformation
DuplicateTokenEx

shell32

SHBrowseForFolderW
DragFinish
DragQueryFileW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHAppBarMessage
CommandLineToArgvW
ShellExecuteExW
SHGetFolderPathW

uxtheme

GetThemeColor
IsAppThemed
GetWindowTheme
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetCurrentThemeName
GetThemeSysColor

ole32

IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CoInitializeEx
CreateStreamOnHGlobal
CoDisconnectObject
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc

oleaut32

LoadTypeLi
VarBstrFromDate
VariantCopy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysAllocString
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysFreeString

wintrust

WinVerifyTrust

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

gdiplus

GdipDrawImageRectI
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipSetInterpolationMode
GdiplusShutdown
GdipCreateFromHDC
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipBitmapUnlockBits

imm32

ImmGetContext
ImmReleaseContext
ImmGetOpenStatus

winmm

PlaySoundW

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 631KB - Virtual size: 631KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Revo Uninstaller Pro 5.3.0/App/Revo/x86/RevoCmd.exe
.exe windows:6 windows x86 arch:x86

6a2d6b5ee92e2093ca03277347c704f6

Code Sign

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

Issuer

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47
Certificate

Issuer

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/07/2021, 00:00

Not After

06/08/2024, 23:59

Subject

SERIALNUMBER=200204019,CN=VS Revo Group Ltd.,O=VS Revo Group Ltd.,L=Ruse,C=BG,1.3.6.1.4.1.311.60.2.1.3=#13024247,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

Issuer

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47
Certificate

Issuer

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/07/2021, 00:00

Not After

06/08/2024, 23:59

Subject

SERIALNUMBER=200204019,CN=VS Revo Group Ltd.,O=VS Revo Group Ltd.,L=Ruse,C=BG,1.3.6.1.4.1.311.60.2.1.3=#13024247,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:bc:23:ed:04:19:4e:27:9d:67:e6:32:55:3e:2c:c2:b0:f5:11:90:fe:85:28:3e:db:03:ce:18:2e:02:d1:03
Signer

Actual PE Digest

62:bc:23:ed:04:19:4e:27:9d:67:e6:32:55:3e:2c:c2:b0:f5:11:90:fe:85:28:3e:db:03:ce:18:2e:02:d1:03

Digest Algorithm

sha256

PE Digest Matches

true

6d:72:22:71:1b:98:82:be:f2:a2:7a:5c:60:28:b2:d2:2d:7e:5c:3a
Signer

Actual PE Digest

6d:72:22:71:1b:98:82:be:f2:a2:7a:5c:60:28:b2:d2:2d:7e:5c:3a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Work\VSRevo\Windows\Projects\RevoCmd\Release\RevoCmd.pdb

Imports

shlwapi

PathMatchSpecW

kernel32

IsWow64Process
GetConsoleScreenBufferInfoEx
GetStdHandle
CreateFileW
GetCurrentProcess
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
EncodePointer
RaiseException
GetLastError
SetLastError
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
DecodePointer
GetCommandLineW
GetACP
HeapFree
HeapAlloc
CompareStringW
LCMapStringW
GetFileType
CloseHandle
WaitForSingleObject
GetExitCodeProcess
CreateProcessA
GetFileAttributesExW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
SetFilePointerEx
WriteConsoleW

advapi32

RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Revo Uninstaller Pro 5.3.0/App/Revo/x86/RevoUnPro.exe
.exe windows:6 windows x86 arch:x86

b74667b2a29acc16f3b9e14e3585f07c

Code Sign

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

Issuer

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47
Certificate

Issuer

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/07/2021, 00:00

Not After

06/08/2024, 23:59

Subject

SERIALNUMBER=200204019,CN=VS Revo Group Ltd.,O=VS Revo Group Ltd.,L=Ruse,C=BG,1.3.6.1.4.1.311.60.2.1.3=#13024247,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

Issuer

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47
Certificate

Issuer

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/07/2021, 00:00

Not After

06/08/2024, 23:59

Subject

SERIALNUMBER=200204019,CN=VS Revo Group Ltd.,O=VS Revo Group Ltd.,L=Ruse,C=BG,1.3.6.1.4.1.311.60.2.1.3=#13024247,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:a9:07:ac:4b:97:8f:66:ff:c0:9a:89:89:fa:72:5d:a7:3e:3e:71:fc:a1:fe:2c:67:73:88:4a:d4:d4:83:47
Signer

Actual PE Digest

20:a9:07:ac:4b:97:8f:66:ff:c0:9a:89:89:fa:72:5d:a7:3e:3e:71:fc:a1:fe:2c:67:73:88:4a:d4:d4:83:47

Digest Algorithm

sha256

PE Digest Matches

true

8a:96:19:20:5e:c5:ce:43:f7:d7:26:a4:94:eb:ce:2e:40:c3:4f:d8
Signer

Actual PE Digest

8a:96:19:20:5e:c5:ce:43:f7:d7:26:a4:94:eb:ce:2e:40:c3:4f:d8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Work\VSRevo\Windows\Projects\VSProjectPro\build\x86\Release Portable\VSProjectPro\RevoUnPro.pdb

Imports

dnsapi

DnsQuery_W

shlwapi

StrFormatByteSizeW
PathFindFileNameW
PathAppendW
PathFindExtensionW
StrStrIW
PathFileExistsW
StrCmpIW
StrCatW
PathRemoveBackslashW
PathStripPathW
PathRemoveFileSpecW
StrCpyW
StrToIntA
ord487
PathQuoteSpacesW
PathAddBackslashW
StrChrIW
PathUnquoteSpacesW
StrCmpW
StrFormatKBSizeW
PathIsRootW
PathGetArgsW
PathRemoveArgsW
SHDeleteValueW
SHDeleteKeyW
PathStripToRootW
StrToIntW
PathMatchSpecW
PathRemoveExtensionW
StrStrW
PathSkipRootW
PathIsDirectoryW
PathIsDirectoryEmptyW
PathUnExpandEnvStringsW
SHQueryValueExW
StrCmpNIW
PathIsUNCW
ord29

psapi

EnumProcesses
GetModuleFileNameExW
GetProcessImageFileNameW

msi

ord217
ord173

advapi32

RegEnumKeyW
RegUnLoadKeyW
RegOpenKeyExA
RegNotifyChangeKeyValue
RegQueryValueW
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
SetSecurityInfo
SetEntriesInAclW
ControlService
GetUserNameW
DuplicateTokenEx
OpenProcessToken
CreateProcessWithTokenW
RegSetValueExW
CryptDecrypt
CryptEncrypt
CryptDeriveKey
CryptHashData
CryptReleaseContext
CryptDestroyKey
CryptDestroyHash
CryptCreateHash
CryptAcquireContextW
RegSaveKeyExW
FreeSid
SetNamedSecurityInfoW
AllocateAndInitializeSid
ConvertSidToStringSidW
LookupAccountNameW
RegSetKeySecurity
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegLoadKeyW
RegGetKeySecurity
RegFlushKey
RegEnumKeyExW
RegCreateKeyExW
RegConnectRegistryW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenSCManagerW
OpenServiceW
CloseServiceHandle
DeleteService
RegOpenKeyW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumValueW
RegDeleteKeyW

wininet

FindFirstUrlCacheEntryW
DeleteUrlCacheEntryW
FindCloseUrlCache
FindNextUrlCacheEntryW

wtsapi32

WTSFreeMemory
WTSEnumerateProcessesW
WTSQuerySessionInformationW

kernel32

FlushViewOfFile
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
HeapReAlloc
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
CreateFileMappingA
LockFileEx
GetCurrentProcessId
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
FlushFileBuffers
RaiseException
DecodePointer
VirtualAllocEx
VirtualFreeEx
ReadProcessMemory
WriteProcessMemory
SuspendThread
VirtualAlloc
VirtualFree
GetVersion
GetTempPathA
IsWow64Process
GetLogicalDriveStringsW
QueryDosDeviceW
VerSetConditionMask
VerifyVersionInfoW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
ReadConsoleW
GetCommandLineW
GetUserDefaultLangID
AttachConsole
FreeConsole
GetShortPathNameW
GlobalSize
SetLastError
GetModuleHandleA
EncodePointer
GetSystemDirectoryW
GlobalDeleteAtom
GlobalAddAtomW
GlobalFindAtomW
lstrcmpA
ReleaseSemaphore
GetVolumeInformationW
GetThreadLocale
GetFileSizeEx
GetFileTime
SetThreadPriority
GlobalGetAtomNameW
GetCurrentThread
GetPrivateProfileIntW
TlsFree
GlobalReAlloc
OutputDebugStringW
LocalAlloc
LocalReAlloc
GlobalFlags
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
VirtualProtect
SetErrorMode
GetUserDefaultLCID
GetCurrentDirectoryW
FindResourceExW
GetProfileIntW
SearchPathW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
PeekNamedPipe
GetFileType
GetConsoleCP
GetConsoleMode
VirtualQuery
RtlUnwind
InterlockedFlushSList
InterlockedPushEntrySList
GetCPInfo
LCMapStringW
QueryPerformanceFrequency
GetStringTypeW
CreateHardLinkW
SetFilePointerEx
FindFirstFileExW
GetExitCodeThread
GetPriorityClass
SetPriorityClass
GetThreadPriority
IsBadWritePtr
IsBadReadPtr
GetVersionExA
GetCurrencyFormatW
GetNumberFormatW
GetTimeFormatW
GetDateFormatW
WinExec
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
InitializeCriticalSection
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
HeapFree
HeapCreate
TryEnterCriticalSection
ReadFile
GetFileAttributesA
GetDiskFreeSpaceA
GlobalHandle
FormatMessageW
AreFileApisANSI
GetUserDefaultLocaleName
GetComputerNameW
CreateEventW
ExitProcess
DuplicateHandle
LocalFree
GetCurrentProcess
GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
WritePrivateProfileStringW
CreateFileA
GetModuleFileNameW
GetEnvironmentVariableW
GetLocalTime
GetSystemInfo
CreateThread
TerminateThread
GetProcessId
TerminateProcess
GetExitCodeProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
EnumResourceNamesW
LoadLibraryExW
FreeResource
GetVersionExW
CompareFileTime
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceExW
DeviceIoControl
lstrcmpiW
GetUserDefaultUILanguage
GetDriveTypeW
GetLogicalDrives
InitializeCriticalSectionAndSpinCount
FileTimeToDosDateTime
GetFileInformationByHandle
GetFileSize
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
TlsGetValue
TlsSetValue
GetCurrentThreadId
GetTickCount
CreateFileW
GetFileAttributesW
lstrcpynW
lstrlenW
GetTempFileNameW
GetTempPathW
WriteConsoleInputW
GetStdHandle
GetModuleHandleW
TlsAlloc
GetFileAttributesExW
FileTimeToLocalFileTime
WideCharToMultiByte
SetFileAttributesW
RemoveDirectoryW
WriteFile
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindNextChangeNotification
FindCloseChangeNotification
FindFirstChangeNotificationW
WaitForMultipleObjects
OpenProcess
CopyFileW
CloseHandle
CreateProcessW
MoveFileW
lstrcatW
ExpandEnvironmentStringsW
GetWindowsDirectoryW
lstrcmpW
lstrcpyW
ResumeThread
GetFullPathNameW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
DeleteFileW
GetLastError
CreateDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryW
Sleep
FindClose
FindNextFileW
FindFirstFileW
MoveFileExW
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
SetEvent
WaitForSingleObject
ResetEvent
MulDiv
SetStdHandle
GetCommandLineA
HeapQueryInformation
GetACP
SetEnvironmentVariableA
SetEnvironmentVariableW
IsValidLocale
EnumSystemLocalesW
GetTimeZoneInformation
WriteConsoleW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
GetLongPathNameW

user32

SetLayeredWindowAttributes
EnumChildWindows
FindWindowW
DrawEdge
GetWindowDC
SetForegroundWindow
GetForegroundWindow
SystemParametersInfoW
SetWindowRgn
UnregisterClassW
DrawFrameControl
FrameRect
IsZoomed
GetActiveWindow
FillRect
ModifyMenuW
MessageBoxA
DispatchMessageW
TranslateMessage
WaitMessage
PeekMessageW
LockWindowUpdate
DestroyMenu
LoadStringW
DrawFocusRect
EnumWindows
GetWindowThreadProcessId
CloseClipboard
EmptyClipboard
OpenClipboard
ChangeWindowMessageFilter
SetCaretPos
ShowScrollBar
GetScrollPos
GetScrollRange
SetScrollPos
SetScrollRange
GetDesktopWindow
GetClassNameW
IsCharAlphaW
AnimateWindow
LoadMenuW
SetRect
DrawIcon
LoadIconW
GetIconInfo
SetWindowLongW
IsWindowVisible
WindowFromPoint
GetMonitorInfoW
MonitorFromWindow
ReleaseDC
GetDC
GetMessagePos
EqualRect
InflateRect
GetCaretPos
RegisterHotKey
RemovePropW
AdjustWindowRectEx
MessageBoxW
IsIconic
GetClassLongW
GetTopWindow
GetLastActivePopup
SetWindowsHookExW
SetCapture
ReleaseCapture
CreatePopupMenu
InsertMenuW
TrackPopupMenu
SetCursorPos
EnableMenuItem
GetMenuItemCount
GetMenuItemID
GetSubMenu
MsgWaitForMultipleObjects
IsWindowUnicode
GetMessageW
GetMessageA
DispatchMessageA
SetClipboardData
GetDoubleClickTime
SendDlgItemMessageA
GetMenuStringW
GetMenuState
AppendMenuW
RemoveMenu
MoveWindow
UnregisterHotKey
DestroyCaret
ShowCaret
CreateCaret
LoadBitmapW
GetSysColorBrush
SetPropW
TrackMouseEvent
CallNextHookEx
SetScrollInfo
WinHelpW
CheckMenuItem
SetDlgItemTextW
CheckDlgButton
SendDlgItemMessageW
GetDlgCtrlID
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
IsCharAlphaNumericW
GetClipboardData
SystemParametersInfoA
CreateIconIndirect
LoadMenuIndirectW
GetWindow
IsDialogMessageW
UnhookWindowsHookEx
BeginPaint
EndPaint
DestroyWindow
CreateDialogIndirectParamW
EndDialog
GetNextDlgTabItem
SetActiveWindow
RegisterWindowMessageW
GetMessageTime
CallWindowProcW
RegisterClassW
GetClassInfoExW
IsMenu
ShowOwnedPopups
GetWindowPlacement
SetWindowPlacement
GetKeyState
GetCapture
GetMenu
SetMenu
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
GetMenuItemInfoW
GetSysColor
LoadImageW
DestroyIcon
GetDlgItem
IsWindow
GetWindowRect
GetClientRect
IsChild
InvalidateRect
UpdateWindow
EnableWindow
SetTimer
GetFocus
GetSystemMetrics
GetWindowLongW
GetSystemMenu
LoadCursorW
DefWindowProcW
GetClassInfoW
EndDeferWindowPos
DeferWindowPos
ScreenToClient
BeginDeferWindowPos
GetScrollInfo
GetParent
ClientToScreen
SendMessageW
ShowWindow
KillTimer
RedrawWindow
SetWindowPos
IsWindowEnabled
CopyRect
SetCursor
LoadAcceleratorsW
MapWindowPoints
ScrollWindow
IntersectRect
GetWindowRgn
WindowFromDC
PostMessageW
CreateWindowExW
SubtractRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
GetUpdateRect
CharUpperBuffW
MapVirtualKeyExW
IsCharLowerW
GetComboBoxInfo
UpdateLayeredWindow
SetMenuDefaultItem
MonitorFromPoint
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
CopyIcon
SetClassLongW
GetMenuDefaultItem
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
GetNextDlgGroupItem
PostThreadMessageW
MessageBeep
IsClipboardFormatAvailable
GetDCEx
CopyAcceleratorTableW
InvalidateRgn
CreateMenu
GetTabbedTextExtentW
DrawIconEx
EnumDisplayMonitors
UnionRect
RealChildWindowFromPoint
MsgWaitForMultipleObjectsEx
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatW
PostQuitMessage
DestroyCursor
TranslateAcceleratorW
wsprintfW
GetAsyncKeyState
OffsetRect
IsRectEmpty
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetRectEmpty
DeleteMenu
CharNextW
SetParent
SetFocus
GetCursorPos
PtInRect
DrawStateW
CopyImage
MapVirtualKeyW
GetKeyNameTextW
ReuseDDElParam
GetCursor
GetPropW
UnpackDDElParam
InsertMenuItemW
BringWindowToTop
CharUpperW

gdi32

GetTextColor
SetTextColor
RoundRect
GetStockObject
CreatePen
GetTextExtentPoint32W
CreateSolidBrush
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
LPtoDP
CreateBitmap
GetMapMode
DPtoLP
GetBkColor
SetBkColor
MoveToEx
LineTo
Rectangle
GetStretchBltMode
SetStretchBltMode
CreateRectRgn
CombineRgn
GetDIBits
CopyMetaFileW
CreateDCW
CreateHatchBrush
CreatePatternBrush
ExcludeClipRect
GetClipBox
BitBlt
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
PlayMetaFile
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
StartDocW
ExtCreatePen
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
SetRectRgn
CloseMetaFile
CreateMetaFileW
DeleteMetaFile
GetCharWidthW
StretchDIBits
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
RealizePalette
SetPixel
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
GetTextAlign
GetViewportOrgEx
OffsetRgn
GetRgnBox
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
CreateRoundRectRgn
EnumFontFamiliesExW
EndDoc
StartPage
EndPage
AbortDoc
SetAbortProc
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
GetWindowOrgEx
SetPixelV
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetTextFaceW
CreateCompatibleBitmap
StretchBlt
PatBlt
CreateFontIndirectW
GetDeviceCaps
GetTextMetricsW
GetObjectW
SetDIBColorTable
SelectObject
DeleteObject
CreateDIBSection
CreateCompatibleDC
DeleteDC
GetDCOrgEx
GetMetaFileW
CloseEnhMetaFile
CreateEnhMetaFileW
DeleteEnhMetaFile
GetEnhMetaFileW
PlayEnhMetaFile
GetTextCharset
CreateEllipticRgnIndirect
GetCurrentPositionEx
CreateFontW

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

shell32

ord92
SHCreateItemFromParsingName
SHGetFolderPathW
ExtractIconW
SHGetFileInfoW
ShellExecuteW
ShellExecuteExW
SHGetKnownFolderPath
ExtractIconExW
ord165
DragAcceptFiles
DragQueryFileW
DragFinish
SHAddToRecentDocs
SHEmptyRecycleBinW
ord6
Shell_NotifyIconW
SHGetMalloc
CommandLineToArgvW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetDesktopFolder
SHAppBarMessage
SHFileOperationW

comctl32

ord17
_TrackMouseEvent
ImageList_SetImageCount
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_Remove
ImageList_GetImageCount
ImageList_AddMasked
ImageList_Duplicate
ImageList_GetImageInfo

uxtheme

GetThemePartSize
OpenThemeData
CloseThemeData
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
IsAppThemed
DrawThemeParentBackground
DrawThemeText
GetThemeColor
GetWindowTheme
GetThemeSysColor
GetCurrentThemeName

ole32

IsAccelerator
OleTranslateAccelerator
OleLockRunning
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CoRegisterMessageFilter
OleFlushClipboard
CoRevokeClassObject
StgOpenStorageOnILockBytes
CoGetClassObject
WriteClassStm
OleIsCurrentClipboard
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateILockBytesOnHGlobal
OleLoadFromStream
StgCreateDocfileOnILockBytes
CoDisconnectObject
CLSIDFromProgID
OleUninitialize
OleInitialize
CoCreateGuid
OleSaveToStream
ReleaseStgMedium
OleDuplicateData
CoTaskMemAlloc
CreateStreamOnHGlobal
CoTaskMemFree
OleRun
CLSIDFromString
CoInitialize
CoInitializeEx
CoCreateInstance
CoUninitialize
RevokeDragDrop
CoFreeUnusedLibraries

oleaut32

VarMul
OleCreatePictureIndirect
LoadTypeLi
VarCyFromStr
SafeArrayDestroy
SysStringLen
OleCreateFontIndirect
VariantChangeType
SysAllocStringLen
OleLoadPicture
VarDateFromStr
VariantInit
VariantCopy
SysAllocString
VariantClear
VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringByteLen
SysStringByteLen
SysFreeString
VarDiv
VarBstrFromR8
VarR8FromStr
CreateErrorInfo
GetErrorInfo
VarI4FromStr

oledlg

OleUIBusyW

urlmon

URLDownloadToFileW

gdiplus

GdipFree
GdipAlloc
GdipDisposeImage
GdipDeleteGraphics
GdipDrawImageI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdiplusShutdown
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipGetImageGraphicsContext
GdipCreateBitmapFromStream

rstrtmgr

RmStartSession
RmEndSession

wintrust

WinVerifyTrust

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

Sections

.text
Size: 7.0MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 304KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11.9MB - Virtual size: 11.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Revo Uninstaller Pro 5.3.0/App/Revo/x86/Vista/revoflt.inf
Revo Uninstaller Pro 5.3.0/App/Revo/x86/Vista/revoflt.sys
.sys windows:6 windows x86 arch:x86

ab6067beadd01e923399bcada0e199a5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:0f:d9:71:7c:2f:57:7f:47:d6:4a:15:45:8e:ef:e2
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

08/12/2009, 00:00

Not After

19/12/2010, 23:59

Subject

CN=VS Revo Group,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=VS Revo Group,L=Ruse,ST=Ruse,C=BG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

23:07:31:ef:6f:4d:bd:f7:34:b7:3f:c6:d5:9c:2f:4b
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/05/2016, 00:00

Not After

10/01/2017, 23:59

Subject

CN=VS Revo Group,O=VS Revo Group,L=Ruse,ST=Ruse,C=BG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e9:32:20:4a:4a:9f:ee:78:6b:8b:83:e3:1e:2d:28:36:6f:88:18:40:6f:dc:58:c5:75:3f:8a:f5:b5:4b:19:64
Signer

Actual PE Digest

e9:32:20:4a:4a:9f:ee:78:6b:8b:83:e3:1e:2d:28:36:6f:88:18:40:6f:dc:58:c5:75:3f:8a:f5:b5:4b:19:64

Digest Algorithm

sha256

PE Digest Matches

true

a4:cd:56:7d:52:6e:5e:e0:62:61:6a:85:27:7e:27:87:22:3c:1d:0b
Signer

Actual PE Digest

a4:cd:56:7d:52:6e:5e:e0:62:61:6a:85:27:7e:27:87:22:3c:1d:0b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\minispy\filter\objfre_wlh_x86\i386\revoflt.pdb

Imports

ntoskrnl.exe

CmRegisterCallback
KeQuerySystemTime
ExInitializeNPagedLookasideList
ExInterlockedPopEntrySList
ExInterlockedPushEntrySList
ObOpenObjectByPointer
ZwOpenKey
KeTickCount
KeBugCheckEx
RtlUnwind
ZwQueryKey
ZwEnumerateValueKey
ZwClose
memset
PsGetCurrentProcessId
KeAreAllApcsDisabled
ObfReferenceObject
IoVolumeDeviceToDosName
ObfDereferenceObject
MmIsAddressValid
ObQueryNameString
PsSetCreateProcessNotifyRoutine
CmUnRegisterCallback
ExDeleteNPagedLookasideList
memcpy
RtlInitUnicodeString
ExAllocatePoolWithTag
ZwQueryValueKey
ExFreePoolWithTag
PsGetCurrentThreadId
DbgPrint

hal

KfReleaseSpinLock
KfAcquireSpinLock

fltmgr.sys

FltGetRoutineAddress
FltRegisterFilter
FltBuildDefaultSecurityDescriptor
FltCreateCommunicationPort
FltFreeSecurityDescriptor
FltStartFiltering
FltGetFileNameInformation
FltParseFileNameInformation
FltReleaseFileNameInformation
FltIsDirectory
FltCloseCommunicationPort
FltUnregisterFilter
FltReleaseContext
FltAllocateContext
FltDeleteContext
FltCloseClientPort
FltGetDestinationFileNameInformation

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Revo Uninstaller Pro 5.3.0/App/Revo/x86/Win10/revoflt.inf
Revo Uninstaller Pro 5.3.0/App/Revo/x86/Win10/revoflt.sys
.sys windows:10 windows x86 arch:x86

0e3fbb3d71f8ce1204d483096b0e8eca

Code Sign

33:00:00:00:3a:6a:e3:33:70:8f:da:7a:7b:00:00:00:00:00:3a
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/03/2020, 17:31

Not After

05/03/2021, 17:31

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

dd:bb:66:6d:76:a3:bf:28:02:54:5c:aa:50:43:37:e6:93:4c:41:72:cc:1c:35:4e:c0:8d:6e:4c:89:6c:5e:a3
Signer

Actual PE Digest

dd:bb:66:6d:76:a3:bf:28:02:54:5c:aa:50:43:37:e6:93:4c:41:72:cc:1c:35:4e:c0:8d:6e:4c:89:6c:5e:a3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\ognian\source\repos\revoflt\Release\revoflt.pdb

Imports

fltmgr.sys

FltRegisterFilter
FltUnregisterFilter
FltStartFiltering
FltGetRoutineAddress
FltGetFileNameInformation
FltReleaseFileNameInformation
FltParseFileNameInformation
FltIsDirectory
FltAllocateContext
FltDeleteContext
FltReleaseContext
FltCreateCommunicationPort
FltCloseCommunicationPort
FltCloseClientPort
FltBuildDefaultSecurityDescriptor
FltFreeSecurityDescriptor
FltGetDestinationFileNameInformation

ntoskrnl.exe

KeAreAllApcsDisabled
ExAllocatePool
ExAllocatePoolWithTag
ExFreePoolWithTag
ExInitializeNPagedLookasideList
KeQuerySystemTime
CmRegisterCallback
CmUnRegisterCallback
ObfReferenceObject
ObfDereferenceObject
ZwClose
ZwEnumerateValueKey
ZwQueryKey
ZwQueryValueKey
MmIsAddressValid
PsSetCreateProcessNotifyRoutine
PsGetCurrentProcessId
IoVolumeDeviceToDosName
ObOpenObjectByPointer
ObQueryNameString
memcpy
memset
InterlockedPopEntrySList
InterlockedPushEntrySList
ZwOpenKey
PsGetCurrentThreadId
KeBugCheckEx
RtlInitUnicodeString
RtlUnwind
DbgPrint
ExDeleteNPagedLookasideList

hal

KfAcquireSpinLock
KfReleaseSpinLock

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Revo Uninstaller Pro 5.3.0/App/Revo/x86/revoflt.inf
Revo Uninstaller Pro 5.3.0/App/Revo/x86/revoflt.sys
.sys windows:10 windows x86 arch:x86

0e3fbb3d71f8ce1204d483096b0e8eca

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:7a:ae:3b:36:08:69:a3:ba:28:bd:7d:1f:d0:b8:f6
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

02/08/2018, 00:00

Not After

06/08/2021, 12:00

Subject

SERIALNUMBER=200204019,CN=VS Revo Group Ltd.,O=VS Revo Group Ltd.,L=Ruse,C=BG,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024247

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:7a:ae:3b:36:08:69:a3:ba:28:bd:7d:1f:d0:b8:f6
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

02/08/2018, 00:00

Not After

06/08/2021, 12:00

Subject

SERIALNUMBER=200204019,CN=VS Revo Group Ltd.,O=VS Revo Group Ltd.,L=Ruse,C=BG,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024247

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

eb:c9:f1:22:18:29:18:79:b2:01:2e:42:13:6f:d2:df:74:89:73:95:e0:4d:bf:ab:af:c1:45:4b:fd:0c:fa:cc
Signer

Actual PE Digest

eb:c9:f1:22:18:29:18:79:b2:01:2e:42:13:6f:d2:df:74:89:73:95:e0:4d:bf:ab:af:c1:45:4b:fd:0c:fa:cc

Digest Algorithm

sha256

PE Digest Matches

true

60:00:cb:b9:58:23:37:17:ea:3d:c9:a2:53:8e:77:e2:af:84:6b:de
Signer

Actual PE Digest

60:00:cb:b9:58:23:37:17:ea:3d:c9:a2:53:8e:77:e2:af:84:6b:de

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\ognian\source\repos\revoflt\Release\revoflt.pdb

Imports

fltmgr.sys

FltRegisterFilter
FltUnregisterFilter
FltStartFiltering
FltGetRoutineAddress
FltGetFileNameInformation
FltReleaseFileNameInformation
FltParseFileNameInformation
FltIsDirectory
FltAllocateContext
FltDeleteContext
FltReleaseContext
FltCreateCommunicationPort
FltCloseCommunicationPort
FltCloseClientPort
FltBuildDefaultSecurityDescriptor
FltFreeSecurityDescriptor
FltGetDestinationFileNameInformation

ntoskrnl.exe

KeAreAllApcsDisabled
ExAllocatePool
ExAllocatePoolWithTag
ExFreePoolWithTag
ExInitializeNPagedLookasideList
KeQuerySystemTime
CmRegisterCallback
CmUnRegisterCallback
ObfReferenceObject
ObfDereferenceObject
ZwClose
ZwEnumerateValueKey
ZwQueryKey
ZwQueryValueKey
MmIsAddressValid
PsSetCreateProcessNotifyRoutine
PsGetCurrentProcessId
IoVolumeDeviceToDosName
ObOpenObjectByPointer
ObQueryNameString
memcpy
memset
InterlockedPopEntrySList
InterlockedPushEntrySList
ZwOpenKey
PsGetCurrentThreadId
KeBugCheckEx
RtlInitUnicodeString
RtlUnwind
DbgPrint
ExDeleteNPagedLookasideList

hal

KfAcquireSpinLock
KfReleaseSpinLock

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Revo Uninstaller Pro 5.3.0/Revo Uninstaller Pro.exe
.exe windows:4 windows x86 arch:x86

61259b55b8912888e90f516ca08dc514

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:4 windows x86 arch:x86

c4a726be6ec458c19b16bf3893cf4bc1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
lstrcmpiW
GetCurrentThreadId
GetProcAddress
GetCommandLineW
UnmapViewOfFile
WaitForSingleObject
GetCurrentProcessId
SetEvent
GetVersionExW
SetCurrentDirectoryW
MapViewOfFile
Sleep
OpenProcess
GetExitCodeProcess
GetExitCodeThread
CreateThread
CreateFileMappingW
CreateEventW
lstrlenW
GlobalAlloc
CreateProcessW
GetLastError
FormatMessageW
LocalFree
GlobalFree
CloseHandle
GetModuleFileNameW
lstrcatW
GetPrivateProfileIntW
GetPrivateProfileStringW
DuplicateHandle
LoadLibraryA

user32

SetWindowsHookExW
DispatchMessageW
TranslateMessage
IsDialogMessageW
PeekMessageW
MsgWaitForMultipleObjects
DefWindowProcW
PostMessageW
SetForegroundWindow
CreateWindowExW
GetWindowThreadProcessId
CallWindowProcW
SetWindowPos
GetWindowRect
UnhookWindowsHookEx
GetClassNameW
CallNextHookEx
CharNextW
DialogBoxParamW
MessageBoxW
EndDialog
SetWindowLongW
LoadImageW
GetWindowLongW
EnableWindow
ShowWindow
wsprintfW
LoadStringW
GetDlgItem
SendMessageW
DestroyWindow

advapi32

GetUserNameW
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
LookupPrivilegeValueW
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid
OpenThreadToken
AdjustTokenPrivileges
OpenProcessToken

shell32

ShellExecuteExW

ole32

CoInitialize

Exports

Exports

_

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/execDos.dll
.dll windows:5 windows x86 arch:x86

a5d239ed12c9442d63c73cb9ff7cad0e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
Sleep
lstrcatW
lstrcmpiW
TerminateProcess
ReadFile
GetExitCodeProcess
PeekNamedPipe
CreateFileW
FlushFileBuffers
WriteFile
lstrlenW
CloseHandle
CreateProcessW
DuplicateHandle
GetCurrentProcess
CreatePipe
GetProcAddress
GetModuleHandleW
GlobalAlloc
GetExitCodeThread
WaitForSingleObject
CreateThread
lstrcpyW
lstrcpynW

user32

wsprintfW
GetClassNameW
GetDlgItem
FindWindowExW
SendMessageW

Exports

Exports

exec
isdone
wait

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 334B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/newadvsplash.dll
.dll windows:4 windows x86 arch:x86

7efb019e000b6e0291c32d00fe622590

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
CloseHandle
WaitForSingleObject
GetProcAddress
lstrlenW
CreateThread
GetCurrentThreadId
Sleep
lstrcpyW
lstrcmpiW
GlobalAlloc
GlobalFree
lstrcpynW

user32

DefWindowProcW
DestroyWindow
IsWindowVisible
UnregisterClassW
EnumDisplaySettingsW
SendMessageW
wsprintfW
SystemParametersInfoW
EndPaint
SetWindowPos
LoadCursorW
RegisterClassW
CreateWindowExW
IsWindow
GetMessageW
SetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
SetWindowLongW
GetClientRect
TranslateMessage
DispatchMessageW
PostMessageW
SetWindowRgn
BeginPaint

gdi32

CombineRgn
GetObjectW
CreateCompatibleDC
SelectObject
GetDIBits
CreateRectRgn
DeleteObject

winmm

timeSetEvent
PlaySoundW
timeKillEvent

oleaut32

OleLoadPicturePath

msvcrt

_lseek
memset
memcmp
_read
memcpy
_wopen
_close
wcstol

Exports

Exports

hwnd
play
show
stop

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 318B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 596B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/newtextreplace.dll
.dll windows:4 windows x86 arch:x86

42624ab02b71999959eb0f4168f609bb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
CloseHandle
CopyFileW
CreateFileW
FindAtomA
GetAtomNameA
GetFileAttributesW
GetFileSize
GlobalAlloc
GlobalFree
MultiByteToWideChar
ReadFile
SetFileAttributesW
SetFilePointer
WideCharToMultiByte
WriteFile
lstrcmpiW
lstrcpyW
lstrcpynA
lstrcpynW
lstrlenA
lstrlenW

msvcrt

__dllonexit
_assert
_errno
abort
fflush
free
malloc
memset

user32

CharUpperA
wsprintfW

Exports

Exports

_FillReadBuffer
_FindInFile
_FreeReadBuffer
_ReplaceInFile
_Unload

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

c1c7505e1e6e929ebb6b9100e55b050a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
IsTextUnicode

user32

wsprintfW
CharNextExA
SendMessageW
FindWindowExW
CharNextW
CharPrevW

kernel32

CreatePipe
DeleteFileW
lstrcmpiW
GetCommandLineW
ExitProcess
Sleep
TerminateProcess
GlobalReAlloc
MultiByteToWideChar
IsDBCSLeadByteEx
ReadFile
PeekNamedPipe
GetExitCodeProcess
WaitForSingleObject
GetTickCount
lstrcpyW
CreateProcessW
GetStartupInfoW
CreateFileMappingW
GetVersion
GetCurrentProcess
lstrcpynW
lstrlenW
lstrcatW
CloseHandle
UnmapViewOfFile
MapViewOfFile
GlobalFree
CreateFileW
CopyFileW
GetTempFileNameW
GlobalAlloc
GetModuleFileNameW
GetProcAddress
GetModuleHandleA

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/registry.dll
.dll windows:4 windows x86 arch:x86

f450890bf454de37198f435d5832e67d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
lstrcpyW
FindClose
FindFirstFileW
lstrcmpW
GetFileSize
SetFilePointer
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
WriteFile
CloseHandle
lstrlenW
lstrcpynW
lstrcmpiW
lstrcatW
GlobalAlloc
ReadFile
GlobalFree

user32

wsprintfW
CharUpperW
SendMessageW
FindWindowExW
GetDlgItem

advapi32

RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegEnumValueW
RegDeleteValueW
RegQueryValueExW
RegCloseKey

Exports

Exports

_Close
_CopyKey
_CopyValue
_CreateKey
_DeleteKey
_DeleteKeyEmpty
_DeleteValue
_Find
_HexToStr
_HexToStrUTF16LE
_KeyExists
_MoveKey
_MoveValue
_Open
_Read
_ReadExtra
_RestoreKey
_SaveKey
_StrToHex
_StrToHexUTF16LE
_Unload
_Write
_WriteExtra

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/splash.bmp

Sharing

General

Malware Config

Signatures

Files

076ff39e31683654654de3817055b22f

Code Sign

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29Certificate

Extended Key Usages

Key Usages

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29Certificate

Extended Key Usages

Key Usages

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

c6:16:4c:8a:90:bc:3d:bb:89:c4:ac:fb:60:70:93:58:16:b5:af:7a:0c:bb:4a:3b:94:5e:dd:41:12:bc:2d:07Signer

59:0b:ce:61:0b:09:6a:6e:2c:28:4c:d9:b3:35:c7:df:7d:bd:7f:cbSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msi

shlwapi

Exports

Exports

Sections

.text Size: 93KB - Virtual size: 93KB

.rdata Size: 53KB - Virtual size: 52KB

.data Size: 4KB - Virtual size: 8KB

.pdata Size: 6KB - Virtual size: 6KB

.gfids Size: 512B - Virtual size: 200B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 13KB - Virtual size: 12KB

.reloc Size: 2KB - Virtual size: 1KB

c09c407823f16fe724e114de86084c8d

Code Sign

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29Certificate

Extended Key Usages

Key Usages

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29Certificate

Extended Key Usages

Key Usages

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

c6:16:4c:8a:90:bc:3d:bb:89:c4:ac:fb:60:70:93:58:16:b5:af:7a:0c:bb:4a:3b:94:5e:dd:41:12:bc:2d:07
Signer

59:0b:ce:61:0b:09:6a:6e:2c:28:4c:d9:b3:35:c7:df:7d:bd:7f:cb
Signer

.text
Size: 93KB - Virtual size: 93KB

.rdata
Size: 53KB - Virtual size: 52KB

.data
Size: 4KB - Virtual size: 8KB

.pdata
Size: 6KB - Virtual size: 6KB

.gfids
Size: 512B - Virtual size: 200B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 13KB - Virtual size: 12KB

.reloc
Size: 2KB - Virtual size: 1KB

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

92:38:04:39:1f:cc:bd:69:6b:b8:7b:00:2c:33:da:50:99:ec:aa:76:0f:a7:f9:36:de:51:7b:96:69:7b:d8:86
Signer

08:d2:e7:63:00:22:9d:b0:83:0d:3d:ca:5e:15:6c:6e:c4:d0:c8:c2
Signer

.text
Size: 41KB - Virtual size: 41KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 2KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 172B

.rsrc
Size: 94KB - Virtual size: 93KB

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

7a:8c:82:f4:f3:b9:b1:89:9f:f7:ad:d7:72:ea:84:38:02:5d:91:1b:8d:d1:60:6e:ad:8f:c1:8b:7e:7f:31:ac
Signer

a1:aa:4c:74:62:80:8b:76:18:33:e9:fc:35:db:e5:70:67:b0:c1:23
Signer

.text
Size: 94KB - Virtual size: 94KB

.rdata
Size: 53KB - Virtual size: 52KB

.data
Size: 4KB - Virtual size: 8KB

.pdata
Size: 6KB - Virtual size: 6KB

.gfids
Size: 512B - Virtual size: 200B

.tls
Size: 512B - Virtual size: 9B