mscanner-pro[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

mscanner-pro.zip
Size

22.2MB
MD5

b3886bb272059f6ec7365e0614ac3a4a
SHA1

afacecac527d3d759c86394fd7d08ecd19ff5e46
SHA256

3b369bdfac07c59624ec78c74bf6eab2e307cc0b01c5ea240ad03350f432b26a
SHA512

357c3d3c3c924e0da61d32275f1fadf716f1147f97706de3ccb3d7e88a49d42386c82b9aac998eab190cad85510d6dcaa4840f0087aeaa35d092c292349b6b1b
SSDEEP

393216:WB8Qv86GLU2F6tfy0YfXQRyISH35eIft2cGVaTorLGeNIJ2M3tS5eMuKpF4OeX:WB8Qv8lLUe8fyoyvHFft2mo3GpJTtbYo

Score

3^/10

Malware Config

Signatures

Unsigned PE 20 IoCs

Checks for missing Authenticode signature.

resource
unpack002/drivers/win7/amd64/MDA_NTDRV.sys
unpack002/drivers/win7/i386/MDA_NTDRV.sys
unpack002/drivers/winlh/amd64/MDA_NTDRV.sys
unpack002/drivers/winlh/i386/MDA_NTDRV.sys
unpack002/drivers/winnet/i386/MDA_NTDRV.sys
unpack002/drivers/winxp/i386/MDA_NTDRV.sys
unpack003/drivers/win7/amd64/MDA_NTDRV.sys
unpack003/drivers/win7/i386/MDA_NTDRV.sys
unpack003/drivers/winlh/amd64/MDA_NTDRV.sys
unpack003/drivers/winlh/i386/MDA_NTDRV.sys
unpack003/drivers/winnet/i386/MDA_NTDRV.sys
unpack003/drivers/winxp/i386/MDA_NTDRV.sys
unpack004/$PLUGINSDIR/System.dll
unpack004/$PLUGINSDIR/nsDialogs.dll
unpack005/drivers/win7/amd64/MDA_NTDRV.sys
unpack005/drivers/win7/i386/MDA_NTDRV.sys
unpack005/drivers/winlh/amd64/MDA_NTDRV.sys
unpack005/drivers/winlh/i386/MDA_NTDRV.sys
unpack005/drivers/winnet/i386/MDA_NTDRV.sys
unpack005/drivers/winxp/i386/MDA_NTDRV.sys

Files

mscanner-pro.zip
.zip
mscanner-pro-portable/x64/core.dll
.zip
drivers/win7/amd64/MDA_NTDRV.sys
.sys windows:6 windows x64 arch:x64

c7bce6d53c2b7a032ae8e88bd6efa8f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Work\projects\common\bin\Win7\amd64\MDA_NTDRV.pdb

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoGetLowerDeviceObject
IoBuildDeviceIoControlRequest
IoDeleteSymbolicLink
ExFreePoolWithTag
RtlInitUnicodeString
IoDeleteDevice
KeSetEvent
KeInitializeEvent
IoFreeMdl
MmMapLockedPagesSpecifyCache
IoGetDeviceObjectPointer
IoBuildAsynchronousFsdRequest
IofCompleteRequest
KeWaitForSingleObject
IoFreeIrp
IoGetAttachedDeviceReference
RtlCompareUnicodeString
MmUnlockPages
ObfReferenceObject
IoCreateSymbolicLink
ObfDereferenceObject
RtlUnicodeStringToInteger
IoCreateDevice
ObDereferenceObjectDeferDelete
IofCallDriver
KeBugCheckEx
RtlAnsiCharToUnicodeChar

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
drivers/win7/i386/MDA_NTDRV.sys
.sys windows:6 windows x86 arch:x86

c50e07f3c00e76404fa0d1348a11541a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Work\projects\common\bin\Win7\i386\MDA_NTDRV.pdb

Imports

ntoskrnl.exe

IoGetLowerDeviceObject
RtlCompareUnicodeString
RtlInitUnicodeString
ObfDereferenceObject
IoDeleteDevice
IoDeleteSymbolicLink
ObfReferenceObject
IoGetDeviceObjectPointer
memset
IoFreeIrp
KeSetEvent
IoFreeMdl
MmUnlockPages
ExFreePoolWithTag
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
IoBuildAsynchronousFsdRequest
IofCompleteRequest
MmMapLockedPagesSpecifyCache
IoGetAttachedDeviceReference
RtlUnicodeStringToInteger
ExAllocatePoolWithTag
memcpy
ObDereferenceObjectDeferDelete
IoBuildDeviceIoControlRequest
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
RtlAnsiCharToUnicodeChar

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
drivers/winlh/amd64/MDA_NTDRV.sys
.sys windows:6 windows x64 arch:x64

c7bce6d53c2b7a032ae8e88bd6efa8f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Work\projects\common\bin\WinLH\amd64\MDA_NTDRV.pdb

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoGetLowerDeviceObject
IoBuildDeviceIoControlRequest
IoDeleteSymbolicLink
ExFreePoolWithTag
RtlInitUnicodeString
IoDeleteDevice
KeSetEvent
KeInitializeEvent
IoFreeMdl
MmMapLockedPagesSpecifyCache
IoGetDeviceObjectPointer
IoBuildAsynchronousFsdRequest
IofCompleteRequest
KeWaitForSingleObject
IoFreeIrp
IoGetAttachedDeviceReference
RtlCompareUnicodeString
MmUnlockPages
ObfReferenceObject
IoCreateSymbolicLink
ObfDereferenceObject
RtlUnicodeStringToInteger
IoCreateDevice
ObDereferenceObjectDeferDelete
IofCallDriver
KeBugCheckEx
RtlAnsiCharToUnicodeChar

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
drivers/winlh/i386/MDA_NTDRV.sys
.sys windows:6 windows x86 arch:x86

c50e07f3c00e76404fa0d1348a11541a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Work\projects\common\bin\WinLH\i386\MDA_NTDRV.pdb

Imports

ntoskrnl.exe

IoGetLowerDeviceObject
RtlCompareUnicodeString
RtlInitUnicodeString
ObfDereferenceObject
IoDeleteDevice
IoDeleteSymbolicLink
ObfReferenceObject
IoGetDeviceObjectPointer
memset
IoFreeIrp
KeSetEvent
IoFreeMdl
MmUnlockPages
ExFreePoolWithTag
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
IoBuildAsynchronousFsdRequest
IofCompleteRequest
MmMapLockedPagesSpecifyCache
IoGetAttachedDeviceReference
RtlUnicodeStringToInteger
ExAllocatePoolWithTag
memcpy
ObDereferenceObjectDeferDelete
IoBuildDeviceIoControlRequest
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
RtlAnsiCharToUnicodeChar

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 353B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
drivers/winnet/amd64/MDA_NTDRV.sys
.sys windows:6 windows x64 arch:x64

c6c3757641cc088e31875efbec074068

Code Sign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:a4:dc:11:45:80:2f:ec:91:84:a6:94:26:47:ba:3b
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

18/05/2016, 09:48

Not After

18/05/2017, 09:48

Subject

CN=Bada Technology Co.\,Ltd,O=Bada Technology Co.\,Ltd,L=Panzhihua,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

29/04/2015, 17:12

Not After

29/04/2025, 17:12

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:c2:85:30:e9:3b:36
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 22:46

Not After

31/12/2019, 23:59

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

22:1d:12:bf:d7:45:75:71:13:37:96:2b:82:e2:2b:52
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

18/05/2016, 09:26

Not After

18/05/2017, 09:26

Subject

CN=Bada Technology Co.\,Ltd,O=Bada Technology Co.\,Ltd,L=Panzhihua,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/11/2014, 00:58

Not After

08/11/2029, 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

29/04/2015, 17:12

Not After

29/04/2025, 17:12

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:c2:85:30:e9:3b:36
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 22:46

Not After

31/12/2019, 23:59

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

2c:9f:c3:85:e6:31:b3:80:e2:cd:15:c1:88:d4:fd:19:31:c8:d7:7a:47:cc:92:1e:2b:a2:fb:ca:c8:80:ff:93
Signer

Actual PE Digest

2c:9f:c3:85:e6:31:b3:80:e2:cd:15:c1:88:d4:fd:19:31:c8:d7:7a:47:cc:92:1e:2b:a2:fb:ca:c8:80:ff:93

Digest Algorithm

sha256

PE Digest Matches

true

f1:32:8e:f7:f4:68:ae:54:18:37:51:6a:a4:77:11:bb:93:60:7f:e8
Signer

Actual PE Digest

f1:32:8e:f7:f4:68:ae:54:18:37:51:6a:a4:77:11:bb:93:60:7f:e8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Work\projects\common\bin\WinNET\amd64\MDA_NTDRV.pdb

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoBuildDeviceIoControlRequest
IoDeleteSymbolicLink
ExFreePoolWithTag
RtlInitUnicodeString
IoDeleteDevice
KeSetEvent
KeInitializeEvent
IoFreeMdl
MmMapLockedPagesSpecifyCache
IoGetDeviceObjectPointer
IoBuildAsynchronousFsdRequest
IofCompleteRequest
KeWaitForSingleObject
IoFreeIrp
IoGetAttachedDeviceReference
MmUnlockPages
ObfReferenceObject
IoCreateSymbolicLink
ObfDereferenceObject
RtlUnicodeStringToInteger
IoCreateDevice
IofCallDriver
KeBugCheckEx
RtlAnsiCharToUnicodeChar

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
drivers/winnet/i386/MDA_NTDRV.sys
.sys windows:6 windows x86 arch:x86

c282198bc24c5a8e2d143c1f82a4470a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Work\projects\common\bin\WinNET\i386\MDA_NTDRV.pdb

Imports

ntoskrnl.exe

IoDeleteDevice
IoDeleteSymbolicLink
ObfReferenceObject
IoGetDeviceObjectPointer
RtlInitUnicodeString
memset
IoFreeIrp
KeSetEvent
IoFreeMdl
MmUnlockPages
ExFreePoolWithTag
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
IoBuildAsynchronousFsdRequest
IofCompleteRequest
MmMapLockedPagesSpecifyCache
ObfDereferenceObject
IoGetAttachedDeviceReference
RtlUnicodeStringToInteger
ExAllocatePoolWithTag
memcpy
IoBuildDeviceIoControlRequest
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
RtlAnsiCharToUnicodeChar

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 354B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 846B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
drivers/winxp/i386/MDA_NTDRV.sys
.sys windows:6 windows x86 arch:x86

c282198bc24c5a8e2d143c1f82a4470a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Work\projects\common\bin\WinXP\i386\MDA_NTDRV.pdb

Imports

ntoskrnl.exe

IoDeleteDevice
IoDeleteSymbolicLink
ObfReferenceObject
IoGetDeviceObjectPointer
RtlInitUnicodeString
memset
IoFreeIrp
KeSetEvent
IoFreeMdl
MmUnlockPages
ExFreePoolWithTag
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
IoBuildAsynchronousFsdRequest
IofCompleteRequest
MmMapLockedPagesSpecifyCache
ObfDereferenceObject
IoGetAttachedDeviceReference
RtlUnicodeStringToInteger
ExAllocatePoolWithTag
memcpy
IoBuildDeviceIoControlRequest
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
RtlAnsiCharToUnicodeChar

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 353B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 846B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 334B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mscanner-pro-portable/x64/dm.api
.dll windows:5 windows x64 arch:x64

351b182fefb6c188a88749b83afabad1

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6f:d3:58:f0:5e:31:d8:d4:e3:43:80:28:5c:46:4c:40
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

30/06/2023, 00:00

Not After

29/06/2025, 23:59

Subject

CN=Panzhihua Bada Technology Co.\, Ltd.,O=Panzhihua Bada Technology Co.\, Ltd.,ST=Sichuan Sheng,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetDateFormatA
FindNextFileW
DeleteFileW
CloseHandle
GetLocalTime
FindClose
GetVersionExW
CopyFileW
GetLocaleInfoW
WideCharToMultiByte
GetUserDefaultLangID
WaitForSingleObject
CreateProcessW
FindFirstFileW
SetThreadExecutionState
CreateFileA
lstrcpyW
lstrlenW
lstrcpynW
SetEnvironmentVariableA
CompareStringW
FlushFileBuffers
CreateFileW
WriteConsoleW
SetStdHandle
GetStringTypeW
HeapReAlloc
GetConsoleMode
GetConsoleCP
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
GetTimeZoneInformation
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetVersion
HeapSetInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
DeleteCriticalSection
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
MultiByteToWideChar
OutputDebugStringW
OutputDebugStringA
FreeLibrary
GetCurrentProcess
GetModuleHandleW
GetCurrentThread
GetSystemDirectoryW
LoadLibraryW
Sleep
ReadFile
GetLastError
GetProcAddress
LoadLibraryA
RemoveDirectoryW
CreatePipe
GetModuleFileNameA
SetFileAttributesW
GlobalMemoryStatusEx
GetSystemInfo
LocalFree
PeekNamedPipe
SetEvent
GetExitCodeProcess
TerminateProcess
CreateEventW
WaitForMultipleObjects
GetTempPathW
CreateDirectoryA
GetSystemWindowsDirectoryW
GetExitCodeThread
CreateThread
GetTempFileNameW
FindVolumeClose
GetDriveTypeW
CreateDirectoryW
FindNextVolumeW
GetModuleFileNameW
GetLongPathNameW
MoveFileW
FindFirstVolumeW
DecodePointer
EncodePointer
GetCurrentThreadId
FlsSetValue
GetCommandLineA
HeapFree
GetSystemTimeAsFileTime
ExitThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WriteFile
GetStdHandle
HeapAlloc
RaiseException
RtlPcToFileHeader
RtlUnwindEx
HeapSize
ExitProcess
FlsGetValue
FlsFree
SetLastError
FlsAlloc
GetTimeFormatA

user32

ExitWindowsEx
SetActiveWindow
SetCapture
SetFocus
MessageBoxW
ReleaseCapture
EnableWindow
wsprintfW
GetSystemMetrics

shell32

ShellExecuteExW
SHFileOperationW
SHGetSpecialFolderPathW
SHGetDesktopFolder
SHEmptyRecycleBinW
SHGetMalloc
SHGetFolderLocation

shlwapi

PathRemoveFileSpecW
StrStrIW
PathFileExistsW
SHCreateStreamOnFileEx

ntdll

ZwSetInformationFile
RtlDeleteCriticalSection
ZwDeleteFile
RtlLeaveCriticalSection
ZwDeviceIoControlFile
ZwQueryInformationProcess
ZwLoadKey
ZwOpenFile
ZwQueryInformationToken
ZwAdjustPrivilegesToken
ZwOpenProcessToken
NtSetVolumeInformationFile
ZwSetValueKey
RtlGetVersion
RtlInitAnsiString
RtlInitUnicodeString
ZwReadFile
RtlSystemTimeToLocalTime
RtlQueryEnvironmentVariable_U
ZwQuerySystemTime
ZwFsControlFile
RtlAnsiStringToUnicodeString
RtlEnterCriticalSection
ZwUnloadKey
ZwQueryInformationFile
ZwWriteFile
RtlInitializeCriticalSection
ZwDelayExecution
RtlDosPathNameToNtPathName_U
ZwAllocateVirtualMemory
ZwOpenKey
ZwAllocateUuids
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
ZwOpenDirectoryObject
ZwQueryDirectoryObject
RtlFreeUnicodeString
NtQueryVolumeInformationFile
ZwCreateFile
ZwQueryValueKey
ZwQueryDirectoryFile
ZwFreeVirtualMemory
RtlNtStatusToDosError
ZwEnumerateValueKey
ZwClose
ZwFlushKey
RtlTimeToTimeFields
ZwQueryAttributesFile
ZwFlushBuffersFile

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlW
InternetOpenW

dbghelp

MiniDumpWriteDump

advapi32

DeleteService
OpenThreadToken
GetUserNameW
GetTokenInformation
EqualSid
LookupPrivilegeValueW
AllocateAndInitializeSid
FreeSid
RegOpenKeyExW
RegFlushKey
AdjustTokenPrivileges
RegCloseKey
DeleteAce
GetAclInformation
SetNamedSecurityInfoW
GetAce
ControlService
OpenSCManagerA
StartServiceA
OpenServiceW
OpenProcessToken
CloseServiceHandle
CreateServiceW
BuildExplicitAccessWithNameW
SetEntriesInAclW
GetNamedSecurityInfoW

ole32

CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
SafeArrayPutElement
SafeArrayCreateVectorEx
SafeArrayDestroy
SysAllocString

msi

ord66
ord173
ord70
ord41
ord45

Exports

Exports

aboveWin10
addBootEntry
addLogicalDrive
addPve
adjustorBegin
adjustorEnd
alignNtfsClust
alignNtfsClust1
alignPart
alignParts1
allowConv2FAT32
allowConv2Gpt
allowConv2Logical
allowConvDynamic2Basic
allowCpyDisk
allowExtendNtfsVolume
allowMigrateOs
applConf
assignDriveLetter
batchFileBakPath
batchFileExist
batchFilePath
blkChkerLogName
bootPve
breakCommand
changeLogicalDrive
checkUpdate
checkVolSize
checkWinPeType
chkBlk
cleanPves
clearExecutionState
clearLastOpErr
clearPves
cloneDeviceView
closeBatchCmds
closeBlkChker
closeCommand
closeDevice
closeMsgQueue
closeRecyclebinFiles
compFile
cpyDisk
createBatchCmds
createBlkChker
createCommand
createDevice
createDeviceView
createDiskUuidFile
createDummyPves
createMsgQueue
createRecyclebinFiles
createSnapshot
defaultSsPerClust
delAllBootEntries
delBatchFile
delBootEntry
delDir
delGptReservedPart
delPve
dirExists
disablePagingExecutiveValue
dve
dynamic2Basic
emptyRecyclebin
enumDisks
errText
estimateUsedSects
estimateUsedSects4Merge
exec
extendPve
extendSpace
extendedPves
fileDiff
files4Wiper
files4Wiper2
firstNePve
firstNePve2
forceLock
fsRange
getLastOpErr
getProductName
getProductName2
gpt2Mbr
gptPart2MbrLogical
gptPart2MbrPrimary
hasNewVerion
hasOtherOs
initDves
initEmptyPve
integrityCheck
is32ProgramOnWin64Os
is64BitProgram
isAdminAcct
isDbrDisk
isDynamicDisk
isEmptyDisk
isExtPart
isGptDisk
isGptEfiSystemPart
isGptMsrPart
isGptSysPart
isMbrDisk
isMounted
isRecoveryPart
isSectorsCpy
isServer
isSysPart
isVolumeExist
isWinPe
langDefaultId
langOpen
langOpen2
langTxt
langTxtW
lastNePve
lockVolume
logicalDrives
logstr
makePe
manageDriver
maxLabelLen
mbr2Gpt
mergePves
mergeSpace
mergeUs2Pve
migrateOs
moduleDir
movSpace
need2Shutdown
need2UpdateSystem
numOfBlks
numOfDisks
numOfDrives
numOfDves
numOfLangs
numOfLdmDves
numOfMdaDrvCallers
numOfMsgs
numOfNePves
numOfNePves2
numOfOsPves
numOfPves
numOfRecyclebinFiles
osVersionNumbers
partMaximum
partMinSects
partMinimum
partMinimum1
partReserved
partTyp
peekMsg
popMsg
postMsg
psi
pushCmd
pve
pveChanged
queryDve
rangeOfSsPerClust
readActivRec2
readOsVersion
readOsVersion2
readPipe
readVersion
ready2Perform
rebootSystem
rebuildPves
recyclebinFile
refresh
releaseDeviceView
releaseDummyPves
releasePves4Ex
removeLogicalDrive
removeLogicalDrives
runInEFIMode
saveCmds2File
saveGlobalInfo
saveGlobalInfo2
seekNePve
seekNePve2
seekNextNePve
seekPve
sendEmail
setAutoMount
setDisablePagingExecutive
setDiskOffline
setDiskReadonly
setExceptionFilter
setExecutionState
setLastOpErr
setupCore
setupCore2
setupDriverName
shutdownSystem
siOfBootPart
siOfSysPart
siOn1stPaint
size2Str
specialDir
sqliteClose
sqliteCloseDb
sqliteCreate
sqliteExec
sqliteOpenDb
startingSector
sysPve
systemBits
systemInfo2Log
tryLockVolume
uncompressNtfsFile
unmountVolume
updateSystem
validate
visibleSects
visibleSects1
windowsDir
wiperLogName
writeActivRec2
writeBlkChkerLog

Sections

.text
Size: 685KB - Virtual size: 685KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 661KB - Virtual size: 661KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dll_sha
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mscanner-pro-portable/x64/dm.st.exe
.exe windows:5 windows x64 arch:x64

1fa08bc506abdedc32ce7588aa02e757

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6f:d3:58:f0:5e:31:d8:d4:e3:43:80:28:5c:46:4c:40
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

30/06/2023, 00:00

Not After

29/06/2025, 23:59

Subject

CN=Panzhihua Bada Technology Co.\, Ltd.,O=Panzhihua Bada Technology Co.\, Ltd.,ST=Sichuan Sheng,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit
GetErrorInfo
GetActiveObject
VariantInit
SysFreeString

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey

user32

MessageBoxA
CharNextW
LoadStringW
SetClassLongPtrW
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
CreateWindowExW
WindowFromPoint
WaitMessage
ValidateRect
UpdateWindow
UnregisterClassW
UnionRect
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenuEx
TrackPopupMenu
ToUnicode
ToAsciiEx
TabbedTextOutA
TabbedTextOutW
SystemParametersInfoW
SubtractRect
AnimateWindow
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRectEmpty
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenuInfo
SetMenuDefaultItem
SetMenu
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetCapture
SetActiveWindow
SendNotifyMessageW
SendMessageA
SendMessageW
ScrollWindowEx
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PtInRect
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LockWindowUpdate
LoadStringW
LoadMenuW
LoadKeyboardLayoutW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsMenu
IsIconic
IsDialogMessageA
IsDialogMessageW
IsClipboardFormatAvailable
IsChild
InvalidateRgn
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowRgn
GetWindowRect
GetWindowPlacement
GetWindowDC
GetUpdateRgn
GetUpdateRect
GetTopWindow
GetTabbedTextExtentA
GetTabbedTextExtentW
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetScrollBarInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageExtraInfo
GetMessageW
GetMenuStringW
GetMenuState
GetMenuItemRect
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenuDefaultItem
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDlgItem
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameW
GetClassInfoExW
GetClassInfoW
GetCaretPos
GetCapture
GetAsyncKeyState
GetAncestor
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EndMenu
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextA
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DragDetect
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateAcceleratorTableW
CountClipboardFormats
CopyImage
CopyIcon
CloseClipboard
ClientToScreen
ChildWindowFromPointEx
CheckMenuItem
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
HeapFree
HeapAlloc
GetProcessHeap
lstrlenW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsDBCSLeadByteEx
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetConsoleOutputCP
GetConsoleCP
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwindEx
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
GetFileType
GetFileSize
CreateFileW
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
lstrcmpW
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
UnmapViewOfFile
TryEnterCriticalSection
SwitchToThread
SuspendThread
SleepEx
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryW
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
QueryDosDeviceW
IsDebuggerPresent
OutputDebugStringW
MultiByteToWideChar
MulDiv
MapViewOfFile
LockResource
LocalFree
LoadResource
LoadLibraryW
LeaveCriticalSection
IsValidLocale
InitializeCriticalSection
HeapSize
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalSize
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryW
GetVolumeInformationW
GetVersionExW
GetVersion
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathW
GetSystemInfo
GetSystemTimes
GetSystemDirectoryW
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLogicalDrives
GetLogicalDriveStringsW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesExW
GetFileAttributesW
GetExitCodeThread
GetEnvironmentVariableW
GetDriveTypeW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameW
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
FreeLibrary
FormatMessageW
FindResourceW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumSystemLocalesW
EnumResourceNamesW
EnumCalendarInfoW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateThread
CreateMutexW
CreateFileMappingW
CreateFileW
CreateEventW
CreateDirectoryW
CopyFileW
CompareStringW
CloseHandle
Sleep
GetStringTypeW

gdi32

WidenPath
UpdateColors
UnrealizeObject
TextOutA
TextOutW
StrokePath
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextJustification
SetTextColor
SetStretchBltMode
SetRectRgn
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SelectClipRgn
SelectClipPath
SaveDC
RoundRect
RestoreDC
Rectangle
RectVisible
RectInRegion
RealizePalette
PtInRegion
Polyline
Polygon
PolyPolyline
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PathToRegion
PatBlt
OffsetWindowOrgEx
OffsetRgn
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetViewportOrgEx
GetTextMetricsA
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextExtentExPointA
GetTextExtentExPointW
GetTextColor
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetROP2
GetPixel
GetPaletteEntries
GetObjectType
GetObjectW
GetNearestPaletteIndex
GetNearestColor
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetCurrentObject
GetClipRgn
GetClipBox
GetBrushOrgEx
GetBkMode
GetBitmapBits
GdiFlush
FrameRgn
FillRgn
FillPath
ExtTextOutA
ExtTextOutW
ExtSelectClipRgn
ExtFloodFill
ExcludeClipRect
EqualRgn
EnumFontsW
EnumFontFamiliesExW
EndPath
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
DPtoLP
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgnIndirect
CreateRectRgn
CreatePolygonRgn
CreatePenIndirect
CreatePen
CreatePatternBrush
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateEllipticRgn
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
Chord
BitBlt
BeginPath
ArcTo
Arc
AngleArc
AbortDoc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_AddMasked
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

msvcrt

memset
memcpy

shell32

ShellExecuteW
Shell_NotifyIconW
SHGetSpecialFolderLocation
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

gdiplus

GdipDrawCachedBitmap
GdipMeasureDriverString
GdipDrawDriverString
GdipMeasureCharacterRanges
GdipMeasureString
GdipDrawString
GdipComment
GdipEndContainer
GdipBeginContainer2
GdipBeginContainerI
GdipBeginContainer
GdipRestoreGraphics
GdipSaveGraphics
GdipIsVisibleRectI
GdipIsVisibleRect
GdipIsVisiblePointI
GdipIsVisiblePoint
GdipIsVisibleClipEmpty
GdipGetVisibleClipBoundsI
GdipGetVisibleClipBounds
GdipIsClipEmpty
GdipGetClipBoundsI
GdipGetClipBounds
GdipGetClip
GdipTranslateClipI
GdipTranslateClip
GdipResetClip
GdipSetClipHrgn
GdipSetClipRegion
GdipSetClipPath
GdipSetClipRectI
GdipSetClipRect
GdipSetClipGraphics
GdipEnumerateMetafileSrcRectDestPointsI
GdipEnumerateMetafileSrcRectDestPoints
GdipEnumerateMetafileSrcRectDestRectI
GdipEnumerateMetafileSrcRectDestRect
GdipEnumerateMetafileSrcRectDestPointI
GdipEnumerateMetafileSrcRectDestPoint
GdipEnumerateMetafileDestPointsI
GdipEnumerateMetafileDestPoints
GdipEnumerateMetafileDestRectI
GdipEnumerateMetafileDestRect
GdipEnumerateMetafileDestPointI
GdipEnumerateMetafileDestPoint
GdipDrawImagePointsRectI
GdipDrawImagePointsRect
GdipDrawImageRectRectI
GdipDrawImageRectRect
GdipDrawImagePointRectI
GdipDrawImagePointRect
GdipDrawImagePointsI
GdipDrawImagePoints
GdipDrawImageRectI
GdipDrawImageRect
GdipDrawImageI
GdipDrawImage
GdipFillRegion
GdipFillClosedCurve2I
GdipFillClosedCurve2
GdipFillClosedCurveI
GdipFillClosedCurve
GdipFillPath
GdipFillPieI
GdipFillPie
GdipFillEllipseI
GdipFillEllipse
GdipFillPolygonI
GdipFillPolygon
GdipFillRectanglesI
GdipFillRectangles
GdipFillRectangleI
GdipFillRectangle
GdipGraphicsClear
GdipDrawClosedCurve2I
GdipDrawClosedCurve2
GdipDrawClosedCurveI
GdipDrawClosedCurve
GdipDrawCurve3I
GdipDrawCurve3
GdipDrawCurve2I
GdipDrawCurve2
GdipDrawCurveI
GdipDrawCurve
GdipDrawPath
GdipDrawPolygonI
GdipDrawPolygon
GdipDrawPieI
GdipDrawPie
GdipDrawEllipseI
GdipDrawEllipse
GdipDrawRectanglesI
GdipDrawRectangles
GdipDrawRectangleI
GdipDrawRectangle
GdipDrawBeziersI
GdipDrawBeziers
GdipDrawBezierI
GdipDrawBezier
GdipDrawArcI
GdipDrawArc
GdipDrawLinesI
GdipDrawLines
GdipDrawLineI
GdipDrawLine
GdipGetNearestColor
GdipTransformPointsI
GdipTransformPoints
GdipGetDpiY
GdipGetDpiX
GdipSetPageScale
GdipSetPageUnit
GdipGetPageScale
GdipGetPageUnit
GdipGetWorldTransform
GdipRotateWorldTransform
GdipScaleWorldTransform
GdipTranslateWorldTransform
GdipMultiplyWorldTransform
GdipResetWorldTransform
GdipSetWorldTransform
GdipGetInterpolationMode
GdipSetInterpolationMode
GdipGetTextContrast
GdipSetTextContrast
GdipGetTextRenderingHint
GdipSetTextRenderingHint
GdipGetPixelOffsetMode
GdipSetPixelOffsetMode
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipGetCompositingQuality
GdipSetCompositingQuality
GdipGetRenderingOrigin
GdipSetRenderingOrigin
GdipGetCompositingMode
GdipSetCompositingMode
GdipReleaseDC
GdipGetDC
GdipDeleteGraphics
GdipCreateFromHWNDICM
GdipCreateFromHWND
GdipCreateFromHDC2
GdipCreateFromHDC
GdipFlush
GdipSetPropertyItem
GdipRemovePropertyItem
GdipGetAllPropertyItems
GdipGetPropertySize
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipGetPropertyIdList
GdipGetPropertyCount
GdipGetImagePaletteSize
GdipSetImagePalette
GdipGetImagePalette
GdipImageRotateFlip
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetEncoderParameterList
GdipGetEncoderParameterListSize
GdipGetImageThumbnail
GdipGetImagePixelFormat
GdipGetImageRawFormat
GdipGetImageFlags
GdipGetImageVerticalResolution
GdipGetImageHorizontalResolution
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageType
GdipGetImageDimension
GdipGetImageBounds
GdipGetImageGraphicsContext
GdipSaveAddImage
GdipSaveAdd
GdipSaveImageToStream
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromFileICM
GdipLoadImageFromStreamICM
GdipLoadImageFromFile
GdipLoadImageFromStream
GdipGetCustomLineCapWidthScale
GdipSetCustomLineCapWidthScale
GdipGetCustomLineCapBaseInset
GdipSetCustomLineCapBaseInset
GdipGetCustomLineCapBaseCap
GdipSetCustomLineCapBaseCap
GdipGetCustomLineCapStrokeJoin
GdipSetCustomLineCapStrokeJoin
GdipGetCustomLineCapStrokeCaps
GdipSetCustomLineCapStrokeCaps
GdipCloneCustomLineCap
GdipDeleteCustomLineCap
GdipCreateCustomLineCap
GdipGetPenCompoundArray
GdipSetPenCompoundArray
GdipGetPenCompoundCount
GdipGetPenDashArray
GdipSetPenDashArray
GdipGetPenDashCount
GdipSetPenDashOffset
GdipGetPenDashOffset
GdipSetPenDashStyle
GdipGetPenDashStyle
GdipGetPenFillType
GdipGetPenBrushFill
GdipSetPenBrushFill
GdipGetPenColor
GdipSetPenColor
GdipRotatePenTransform
GdipScalePenTransform
GdipTranslatePenTransform
GdipMultiplyPenTransform
GdipResetPenTransform
GdipGetPenTransform
GdipSetPenTransform
GdipGetPenMode
GdipSetPenMode
GdipGetPenMiterLimit
GdipSetPenMiterLimit
GdipGetPenCustomEndCap
GdipSetPenCustomEndCap
GdipGetPenCustomStartCap
GdipSetPenCustomStartCap
GdipGetPenLineJoin
GdipSetPenLineJoin
GdipGetPenDashCap197819
GdipGetPenEndCap
GdipGetPenStartCap
GdipSetPenDashCap197819
GdipSetPenEndCap
GdipSetPenStartCap
GdipSetPenLineCap197819
GdipGetPenWidth
GdipSetPenWidth
GdipDeletePen
GdipClonePen
GdipCreatePen2
GdipCreatePen1
GdipRotateLineTransform
GdipScaleLineTransform
GdipTranslateLineTransform
GdipMultiplyLineTransform
GdipResetLineTransform
GdipSetLineTransform
GdipGetLineTransform
GdipGetLineWrapMode
GdipSetLineWrapMode
GdipSetLineLinearBlend
GdipSetLineSigmaBlend
GdipSetLinePresetBlend
GdipGetLinePresetBlend
GdipGetLinePresetBlendCount
GdipSetLineBlend
GdipGetLineBlend
GdipGetLineBlendCount
GdipGetLineGammaCorrection
GdipSetLineGammaCorrection
GdipGetLineRectI
GdipGetLineRect
GdipGetLineColors
GdipSetLineColors
GdipCreateLineBrushFromRectWithAngleI
GdipCreateLineBrushFromRectWithAngle
GdipCreateLineBrushFromRectI
GdipCreateLineBrushFromRect
GdipCreateLineBrushI
GdipCreateLineBrush
GdipGetSolidFillColor
GdipSetSolidFillColor
GdipCreateSolidFill
GdipGetTextureImage
GdipGetTextureWrapMode
GdipSetTextureWrapMode
GdipRotateTextureTransform
GdipScaleTextureTransform
GdipTranslateTextureTransform
GdipMultiplyTextureTransform
GdipResetTextureTransform
GdipSetTextureTransform
GdipGetTextureTransform
GdipCreateTextureIAI
GdipCreateTexture2I
GdipCreateTextureIA
GdipCreateTexture2
GdipCreateTexture
GdipGetHatchBackgroundColor
GdipGetHatchForegroundColor
GdipGetHatchStyle
GdipCreateHatchBrush
GdipGetBrushType
GdipDeleteBrush
GdipCloneBrush
GdipGetRegionScansI
GdipGetRegionScans
GdipGetRegionScansCount
GdipIsVisibleRegionRectI
GdipIsVisibleRegionRect
GdipIsVisibleRegionPointI
GdipIsVisibleRegionPoint
GdipGetRegionData
GdipGetRegionDataSize
GdipIsEqualRegion
GdipIsInfiniteRegion
GdipIsEmptyRegion
GdipGetRegionHRgn
GdipGetRegionBoundsI
GdipGetRegionBounds
GdipTransformRegion
GdipTranslateRegionI
GdipTranslateRegion
GdipCombineRegionRegion
GdipCombineRegionPath
GdipCombineRegionRectI
GdipCombineRegionRect
GdipSetEmpty
GdipSetInfinite
GdipDeleteRegion
GdipCloneRegion
GdipCreateRegionHrgn
GdipCreateRegionRgnData
GdipCreateRegionPath
GdipCreateRegionRectI
GdipCreateRegionRect
GdipCreateRegion
GdipIsMatrixEqual
GdipIsMatrixIdentity
GdipIsMatrixInvertible
GdipGetMatrixElements
GdipVectorTransformMatrixPointsI
GdipVectorTransformMatrixPoints
GdipTransformMatrixPointsI
GdipTransformMatrixPoints
GdipInvertMatrix
GdipShearMatrix
GdipRotateMatrix
GdipScaleMatrix
GdipTranslateMatrix
GdipMultiplyMatrix
GdipSetMatrixElements
GdipDeleteMatrix
GdipCloneMatrix
GdipCreateMatrix3I
GdipCreateMatrix3
GdipCreateMatrix2
GdipCreateMatrix
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc

dm.api

hasNewVerion
readVersion
osVersionNumbers
systemBits
is32ProgramOnWin64Os
isWinPe
is64BitProgram
isServer
readOsVersion
systemInfo2Log
logstr
applConf
shutdownSystem
isAdminAcct
clearExecutionState
setExecutionState
fileDiff
delDir
dirExists
moduleDir
langTxtW
langOpen2
langDefaultId
closeBlkChker
writeBlkChkerLog
blkChkerLogName
chkBlk
numOfBlks
createBlkChker
closeDevice
createDevice
numOfMdaDrvCallers
manageDriver
setupDriverName
writeActivRec2
readActivRec2
adjustorBegin
clearPves
getProductName
psi
pve
dve
numOfDves
refresh
releaseDeviceView
cloneDeviceView
createDeviceView

winmm

timeGetTime
PlaySoundW

Sections

.text
Size: 9.2MB - Virtual size: 9.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 753KB - Virtual size: 753KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 50KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 496B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 507KB - Virtual size: 507KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mscanner-pro-portable/x64/languages/ARJ.lng
mscanner-pro-portable/x64/languages/BGR.lng
mscanner-pro-portable/x64/languages/CHS.lng
mscanner-pro-portable/x64/languages/CHT.lng
mscanner-pro-portable/x64/languages/CSY.lng
mscanner-pro-portable/x64/languages/DEU.lng
mscanner-pro-portable/x64/languages/ELL.lng
mscanner-pro-portable/x64/languages/ENG.lng
mscanner-pro-portable/x64/languages/ESP.lng
mscanner-pro-portable/x64/languages/FIN.lng
mscanner-pro-portable/x64/languages/FRA.lng
mscanner-pro-portable/x64/languages/HEB.lng
mscanner-pro-portable/x64/languages/HRV.lng
mscanner-pro-portable/x64/languages/HUN.lng
mscanner-pro-portable/x64/languages/ITA.lng
mscanner-pro-portable/x64/languages/JPN.lng
.ps1
mscanner-pro-portable/x64/languages/KOR.lng
mscanner-pro-portable/x64/languages/NLD.lng
mscanner-pro-portable/x64/languages/NOR.lng
mscanner-pro-portable/x64/languages/PLK.lng
mscanner-pro-portable/x64/languages/PTG.lng
mscanner-pro-portable/x64/languages/ROM.lng
mscanner-pro-portable/x64/languages/RUS.lng
.ps1
mscanner-pro-portable/x64/languages/SLV.lng
mscanner-pro-portable/x64/languages/SVE.lng
mscanner-pro-portable/x64/languages/TRK.lng
mscanner-pro-portable/x64/languages/UKR.lng
mscanner-pro-portable/x64/pro.api
mscanner-pro-portable/x64/readme.url
.url
mscanner-pro-portable/x86/core.dll
.zip
drivers/win7/amd64/MDA_NTDRV.sys
.sys windows:6 windows x64 arch:x64

c7bce6d53c2b7a032ae8e88bd6efa8f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Work\projects\common\bin\Win7\amd64\MDA_NTDRV.pdb

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoGetLowerDeviceObject
IoBuildDeviceIoControlRequest
IoDeleteSymbolicLink
ExFreePoolWithTag
RtlInitUnicodeString
IoDeleteDevice
KeSetEvent
KeInitializeEvent
IoFreeMdl
MmMapLockedPagesSpecifyCache
IoGetDeviceObjectPointer
IoBuildAsynchronousFsdRequest
IofCompleteRequest
KeWaitForSingleObject
IoFreeIrp
IoGetAttachedDeviceReference
RtlCompareUnicodeString
MmUnlockPages
ObfReferenceObject
IoCreateSymbolicLink
ObfDereferenceObject
RtlUnicodeStringToInteger
IoCreateDevice
ObDereferenceObjectDeferDelete
IofCallDriver
KeBugCheckEx
RtlAnsiCharToUnicodeChar

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
drivers/win7/i386/MDA_NTDRV.sys
.sys windows:6 windows x86 arch:x86

c50e07f3c00e76404fa0d1348a11541a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Work\projects\common\bin\Win7\i386\MDA_NTDRV.pdb

Imports

ntoskrnl.exe

IoGetLowerDeviceObject
RtlCompareUnicodeString
RtlInitUnicodeString
ObfDereferenceObject
IoDeleteDevice
IoDeleteSymbolicLink
ObfReferenceObject
IoGetDeviceObjectPointer
memset
IoFreeIrp
KeSetEvent
IoFreeMdl
MmUnlockPages
ExFreePoolWithTag
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
IoBuildAsynchronousFsdRequest
IofCompleteRequest
MmMapLockedPagesSpecifyCache
IoGetAttachedDeviceReference
RtlUnicodeStringToInteger
ExAllocatePoolWithTag
memcpy
ObDereferenceObjectDeferDelete
IoBuildDeviceIoControlRequest
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
RtlAnsiCharToUnicodeChar

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
drivers/winlh/amd64/MDA_NTDRV.sys
.sys windows:6 windows x64 arch:x64

c7bce6d53c2b7a032ae8e88bd6efa8f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Work\projects\common\bin\WinLH\amd64\MDA_NTDRV.pdb

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoGetLowerDeviceObject
IoBuildDeviceIoControlRequest
IoDeleteSymbolicLink
ExFreePoolWithTag
RtlInitUnicodeString
IoDeleteDevice
KeSetEvent
KeInitializeEvent
IoFreeMdl
MmMapLockedPagesSpecifyCache
IoGetDeviceObjectPointer
IoBuildAsynchronousFsdRequest
IofCompleteRequest
KeWaitForSingleObject
IoFreeIrp
IoGetAttachedDeviceReference
RtlCompareUnicodeString
MmUnlockPages
ObfReferenceObject
IoCreateSymbolicLink
ObfDereferenceObject
RtlUnicodeStringToInteger
IoCreateDevice
ObDereferenceObjectDeferDelete
IofCallDriver
KeBugCheckEx
RtlAnsiCharToUnicodeChar

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
drivers/winlh/i386/MDA_NTDRV.sys
.sys windows:6 windows x86 arch:x86

c50e07f3c00e76404fa0d1348a11541a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Work\projects\common\bin\WinLH\i386\MDA_NTDRV.pdb

Imports

ntoskrnl.exe

IoGetLowerDeviceObject
RtlCompareUnicodeString
RtlInitUnicodeString
ObfDereferenceObject
IoDeleteDevice
IoDeleteSymbolicLink
ObfReferenceObject
IoGetDeviceObjectPointer
memset
IoFreeIrp
KeSetEvent
IoFreeMdl
MmUnlockPages
ExFreePoolWithTag
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
IoBuildAsynchronousFsdRequest
IofCompleteRequest
MmMapLockedPagesSpecifyCache
IoGetAttachedDeviceReference
RtlUnicodeStringToInteger
ExAllocatePoolWithTag
memcpy
ObDereferenceObjectDeferDelete
IoBuildDeviceIoControlRequest
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
RtlAnsiCharToUnicodeChar

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 353B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
drivers/winnet/amd64/MDA_NTDRV.sys
.sys windows:6 windows x64 arch:x64

c6c3757641cc088e31875efbec074068

Code Sign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:a4:dc:11:45:80:2f:ec:91:84:a6:94:26:47:ba:3b
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

18/05/2016, 09:48

Not After

18/05/2017, 09:48

Subject

CN=Bada Technology Co.\,Ltd,O=Bada Technology Co.\,Ltd,L=Panzhihua,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

29/04/2015, 17:12

Not After

29/04/2025, 17:12

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:c2:85:30:e9:3b:36
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 22:46

Not After

31/12/2019, 23:59

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

22:1d:12:bf:d7:45:75:71:13:37:96:2b:82:e2:2b:52
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

18/05/2016, 09:26

Not After

18/05/2017, 09:26

Subject

CN=Bada Technology Co.\,Ltd,O=Bada Technology Co.\,Ltd,L=Panzhihua,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/11/2014, 00:58

Not After

08/11/2029, 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

29/04/2015, 17:12

Not After

29/04/2025, 17:12

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:c2:85:30:e9:3b:36
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 22:46

Not After

31/12/2019, 23:59

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

2c:9f:c3:85:e6:31:b3:80:e2:cd:15:c1:88:d4:fd:19:31:c8:d7:7a:47:cc:92:1e:2b:a2:fb:ca:c8:80:ff:93
Signer

Actual PE Digest

2c:9f:c3:85:e6:31:b3:80:e2:cd:15:c1:88:d4:fd:19:31:c8:d7:7a:47:cc:92:1e:2b:a2:fb:ca:c8:80:ff:93

Digest Algorithm

sha256

PE Digest Matches

true

f1:32:8e:f7:f4:68:ae:54:18:37:51:6a:a4:77:11:bb:93:60:7f:e8
Signer

Actual PE Digest

f1:32:8e:f7:f4:68:ae:54:18:37:51:6a:a4:77:11:bb:93:60:7f:e8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Work\projects\common\bin\WinNET\amd64\MDA_NTDRV.pdb

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoBuildDeviceIoControlRequest
IoDeleteSymbolicLink
ExFreePoolWithTag
RtlInitUnicodeString
IoDeleteDevice
KeSetEvent
KeInitializeEvent
IoFreeMdl
MmMapLockedPagesSpecifyCache
IoGetDeviceObjectPointer
IoBuildAsynchronousFsdRequest
IofCompleteRequest
KeWaitForSingleObject
IoFreeIrp
IoGetAttachedDeviceReference
MmUnlockPages
ObfReferenceObject
IoCreateSymbolicLink
ObfDereferenceObject
RtlUnicodeStringToInteger
IoCreateDevice
IofCallDriver
KeBugCheckEx
RtlAnsiCharToUnicodeChar

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
drivers/winnet/i386/MDA_NTDRV.sys
.sys windows:6 windows x86 arch:x86

c282198bc24c5a8e2d143c1f82a4470a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Work\projects\common\bin\WinNET\i386\MDA_NTDRV.pdb

Imports

ntoskrnl.exe

IoDeleteDevice
IoDeleteSymbolicLink
ObfReferenceObject
IoGetDeviceObjectPointer
RtlInitUnicodeString
memset
IoFreeIrp
KeSetEvent
IoFreeMdl
MmUnlockPages
ExFreePoolWithTag
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
IoBuildAsynchronousFsdRequest
IofCompleteRequest
MmMapLockedPagesSpecifyCache
ObfDereferenceObject
IoGetAttachedDeviceReference
RtlUnicodeStringToInteger
ExAllocatePoolWithTag
memcpy
IoBuildDeviceIoControlRequest
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
RtlAnsiCharToUnicodeChar

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 354B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 846B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
drivers/winxp/i386/MDA_NTDRV.sys
.sys windows:6 windows x86 arch:x86

c282198bc24c5a8e2d143c1f82a4470a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Work\projects\common\bin\WinXP\i386\MDA_NTDRV.pdb

Imports

ntoskrnl.exe

IoDeleteDevice
IoDeleteSymbolicLink
ObfReferenceObject
IoGetDeviceObjectPointer
RtlInitUnicodeString
memset
IoFreeIrp
KeSetEvent
IoFreeMdl
MmUnlockPages
ExFreePoolWithTag
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
IoBuildAsynchronousFsdRequest
IofCompleteRequest
MmMapLockedPagesSpecifyCache
ObfDereferenceObject
IoGetAttachedDeviceReference
RtlUnicodeStringToInteger
ExAllocatePoolWithTag
memcpy
IoBuildDeviceIoControlRequest
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
RtlAnsiCharToUnicodeChar

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 353B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 846B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 334B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mscanner-pro-portable/x86/dm.api
.dll windows:5 windows x86 arch:x86

48be9861e036760e6ee3fb322a536b5b

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6f:d3:58:f0:5e:31:d8:d4:e3:43:80:28:5c:46:4c:40
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

30/06/2023, 00:00

Not After

29/06/2025, 23:59

Subject

CN=Panzhihua Bada Technology Co.\, Ltd.,O=Panzhihua Bada Technology Co.\, Ltd.,ST=Sichuan Sheng,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Max\Work\projects\dm\bin\Win32\release\dm.pdb

Imports

kernel32

GetTimeFormatA
FindNextFileW
DeleteFileW
CloseHandle
GetLocalTime
FindClose
GetVersionExW
CopyFileW
GetLocaleInfoW
WideCharToMultiByte
GetUserDefaultLangID
WaitForSingleObject
CreateProcessW
FindFirstFileW
SetThreadExecutionState
CreateFileA
lstrcpyW
lstrlenW
lstrcpynW
SetEnvironmentVariableA
CompareStringW
FlushFileBuffers
CreateFileW
WriteConsoleW
SetStdHandle
GetStringTypeW
HeapReAlloc
GetConsoleMode
GetConsoleCP
SetFilePointer
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
GetTimeZoneInformation
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
DeleteCriticalSection
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
MultiByteToWideChar
OutputDebugStringW
OutputDebugStringA
FreeLibrary
GetCurrentProcess
GetModuleHandleW
GetCurrentThread
GetSystemDirectoryW
LoadLibraryW
Sleep
ReadFile
GetLastError
GetProcAddress
LoadLibraryA
RemoveDirectoryW
CreatePipe
GetModuleFileNameA
SetFileAttributesW
GlobalMemoryStatusEx
GetSystemInfo
LocalFree
PeekNamedPipe
SetEvent
GetExitCodeProcess
TerminateProcess
CreateEventW
WaitForMultipleObjects
GetTempPathW
CreateDirectoryA
GetSystemWindowsDirectoryW
GetExitCodeThread
CreateThread
GetTempFileNameW
FindVolumeClose
GetDriveTypeW
CreateDirectoryW
FindNextVolumeW
GetModuleFileNameW
GetLongPathNameW
MoveFileW
FindFirstVolumeW
DecodePointer
EncodePointer
GetCurrentThreadId
GetCommandLineA
HeapFree
GetSystemTimeAsFileTime
ExitThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
HeapAlloc
RaiseException
IsProcessorFeaturePresent
HeapSize
ExitProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetDateFormatA

user32

ExitWindowsEx
SetActiveWindow
SetCapture
SetFocus
MessageBoxW
ReleaseCapture
EnableWindow
wsprintfW
GetSystemMetrics

shell32

ShellExecuteExW
SHFileOperationW
SHGetSpecialFolderPathW
SHGetDesktopFolder
SHEmptyRecycleBinW
SHGetMalloc
SHGetFolderLocation

shlwapi

PathRemoveFileSpecW
StrStrIW
PathFileExistsW
SHCreateStreamOnFileEx

ntdll

ZwSetInformationFile
RtlDeleteCriticalSection
ZwDeleteFile
RtlLeaveCriticalSection
ZwDeviceIoControlFile
ZwQueryInformationProcess
ZwLoadKey
ZwOpenFile
ZwQueryInformationToken
ZwAdjustPrivilegesToken
ZwOpenProcessToken
NtSetVolumeInformationFile
ZwSetValueKey
RtlGetVersion
RtlInitAnsiString
RtlInitUnicodeString
ZwReadFile
RtlSystemTimeToLocalTime
RtlQueryEnvironmentVariable_U
ZwQuerySystemTime
ZwFsControlFile
RtlAnsiStringToUnicodeString
RtlEnterCriticalSection
ZwUnloadKey
ZwQueryInformationFile
ZwWriteFile
RtlInitializeCriticalSection
ZwDelayExecution
RtlDosPathNameToNtPathName_U
ZwAllocateVirtualMemory
ZwOpenKey
ZwAllocateUuids
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
ZwOpenDirectoryObject
ZwQueryDirectoryObject
RtlFreeUnicodeString
NtQueryVolumeInformationFile
ZwCreateFile
ZwQueryValueKey
ZwQueryDirectoryFile
ZwFreeVirtualMemory
RtlNtStatusToDosError
ZwEnumerateValueKey
ZwClose
ZwFlushKey
RtlTimeToTimeFields
ZwQueryAttributesFile
ZwFlushBuffersFile

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlW
InternetOpenW

dbghelp

MiniDumpWriteDump

advapi32

DeleteService
OpenThreadToken
GetUserNameW
GetTokenInformation
EqualSid
LookupPrivilegeValueW
AllocateAndInitializeSid
FreeSid
RegOpenKeyExW
RegFlushKey
AdjustTokenPrivileges
RegCloseKey
DeleteAce
GetAclInformation
SetNamedSecurityInfoW
GetAce
ControlService
OpenSCManagerA
StartServiceA
OpenServiceW
OpenProcessToken
CloseServiceHandle
CreateServiceW
BuildExplicitAccessWithNameW
SetEntriesInAclW
GetNamedSecurityInfoW

ole32

CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
SafeArrayPutElement
SafeArrayCreateVectorEx
SafeArrayDestroy
SysAllocString

msi

ord66
ord173
ord70
ord41
ord45

Exports

Exports

aboveWin10
addBootEntry
addLogicalDrive
addPve
adjustorBegin
adjustorEnd
alignNtfsClust
alignNtfsClust1
alignPart
alignParts1
allowConv2FAT32
allowConv2Gpt
allowConv2Logical
allowConvDynamic2Basic
allowCpyDisk
allowExtendNtfsVolume
allowMigrateOs
applConf
assignDriveLetter
batchFileBakPath
batchFileExist
batchFilePath
blkChkerLogName
bootPve
breakCommand
changeLogicalDrive
checkUpdate
checkVolSize
checkWinPeType
chkBlk
cleanPves
clearExecutionState
clearLastOpErr
clearPves
cloneDeviceView
closeBatchCmds
closeBlkChker
closeCommand
closeDevice
closeMsgQueue
closeRecyclebinFiles
compFile
cpyDisk
createBatchCmds
createBlkChker
createCommand
createDevice
createDeviceView
createDiskUuidFile
createDummyPves
createMsgQueue
createRecyclebinFiles
createSnapshot
defaultSsPerClust
delAllBootEntries
delBatchFile
delBootEntry
delDir
delGptReservedPart
delPve
dirExists
disablePagingExecutiveValue
dve
dynamic2Basic
emptyRecyclebin
enumDisks
errText
estimateUsedSects
estimateUsedSects4Merge
exec
extendPve
extendSpace
extendedPves
fileDiff
files4Wiper
files4Wiper2
firstNePve
firstNePve2
forceLock
fsRange
getLastOpErr
getProductName
getProductName2
gpt2Mbr
gptPart2MbrLogical
gptPart2MbrPrimary
hasNewVerion
hasOtherOs
initDves
initEmptyPve
integrityCheck
is32ProgramOnWin64Os
is64BitProgram
isAdminAcct
isDbrDisk
isDynamicDisk
isEmptyDisk
isExtPart
isGptDisk
isGptEfiSystemPart
isGptMsrPart
isGptSysPart
isMbrDisk
isMounted
isRecoveryPart
isSectorsCpy
isServer
isSysPart
isVolumeExist
isWinPe
langDefaultId
langOpen
langOpen2
langTxt
langTxtW
lastNePve
lockVolume
logicalDrives
logstr
makePe
manageDriver
maxLabelLen
mbr2Gpt
mergePves
mergeSpace
mergeUs2Pve
migrateOs
moduleDir
movSpace
need2Shutdown
need2UpdateSystem
numOfBlks
numOfDisks
numOfDrives
numOfDves
numOfLangs
numOfLdmDves
numOfMdaDrvCallers
numOfMsgs
numOfNePves
numOfNePves2
numOfOsPves
numOfPves
numOfRecyclebinFiles
osVersionNumbers
partMaximum
partMinSects
partMinimum
partMinimum1
partReserved
partTyp
peekMsg
popMsg
postMsg
psi
pushCmd
pve
pveChanged
queryDve
rangeOfSsPerClust
readActivRec2
readOsVersion
readOsVersion2
readPipe
readVersion
ready2Perform
rebootSystem
rebuildPves
recyclebinFile
refresh
releaseDeviceView
releaseDummyPves
releasePves4Ex
removeLogicalDrive
removeLogicalDrives
runInEFIMode
saveCmds2File
saveGlobalInfo
saveGlobalInfo2
seekNePve
seekNePve2
seekNextNePve
seekPve
sendEmail
setAutoMount
setDisablePagingExecutive
setDiskOffline
setDiskReadonly
setExceptionFilter
setExecutionState
setLastOpErr
setupCore
setupCore2
setupDriverName
shutdownSystem
siOfBootPart
siOfSysPart
siOn1stPaint
size2Str
specialDir
sqliteClose
sqliteCloseDb
sqliteCreate
sqliteExec
sqliteOpenDb
startingSector
sysPve
systemBits
systemInfo2Log
tryLockVolume
uncompressNtfsFile
unmountVolume
updateSystem
validate
visibleSects
visibleSects1
windowsDir
wiperLogName
writeActivRec2
writeBlkChkerLog

Sections

.text
Size: 611KB - Virtual size: 611KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 549KB - Virtual size: 549KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dll_sha
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mscanner-pro-portable/x86/dm.st.exe
.exe windows:5 windows x86 arch:x86

31b05fa1bc23aebb211e9d4a572d91b8

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6f:d3:58:f0:5e:31:d8:d4:e3:43:80:28:5c:46:4c:40
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

30/06/2023, 00:00

Not After

29/06/2025, 23:59

Subject

CN=Panzhihua Bada Technology Co.\, Ltd.,O=Panzhihua Bada Technology Co.\, Ltd.,ST=Sichuan Sheng,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit
GetErrorInfo
GetActiveObject
VariantInit
SysFreeString

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey

user32

MessageBoxA
CharNextW
LoadStringW
SetClassLongW
GetClassLongW
SetWindowLongW
GetWindowLongW
CreateWindowExW
WindowFromPoint
WaitMessage
ValidateRect
UpdateWindow
UnregisterClassW
UnionRect
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenuEx
TrackPopupMenu
ToUnicode
ToAsciiEx
TabbedTextOutA
TabbedTextOutW
SystemParametersInfoW
SubtractRect
AnimateWindow
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRectEmpty
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenuInfo
SetMenuDefaultItem
SetMenu
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetCapture
SetActiveWindow
SendNotifyMessageW
SendMessageA
SendMessageW
ScrollWindowEx
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PtInRect
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LockWindowUpdate
LoadStringW
LoadMenuW
LoadKeyboardLayoutW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsMenu
IsIconic
IsDialogMessageA
IsDialogMessageW
IsClipboardFormatAvailable
IsChild
InvalidateRgn
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowRgn
GetWindowRect
GetWindowPlacement
GetWindowDC
GetUpdateRgn
GetUpdateRect
GetTopWindow
GetTabbedTextExtentA
GetTabbedTextExtentW
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetScrollBarInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageExtraInfo
GetMessageW
GetMenuStringW
GetMenuState
GetMenuItemRect
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenuDefaultItem
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDlgItem
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameW
GetClassInfoExW
GetClassInfoW
GetCaretPos
GetCapture
GetAsyncKeyState
GetAncestor
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EndMenu
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextA
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DragDetect
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateAcceleratorTableW
CountClipboardFormats
CopyImage
CopyIcon
CloseClipboard
ClientToScreen
ChildWindowFromPointEx
CheckMenuItem
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsDBCSLeadByteEx
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetConsoleOutputCP
GetConsoleCP
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
GetFileType
GetFileSize
CreateFileW
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
lstrcmpW
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
UnmapViewOfFile
TryEnterCriticalSection
SwitchToThread
SuspendThread
SleepEx
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryW
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
QueryDosDeviceW
IsDebuggerPresent
OutputDebugStringW
MultiByteToWideChar
MulDiv
MapViewOfFile
LockResource
LocalFree
LoadResource
LoadLibraryW
LeaveCriticalSection
IsValidLocale
InitializeCriticalSection
HeapSize
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalSize
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryW
GetVolumeInformationW
GetVersionExW
GetVersion
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathW
GetSystemInfo
GetSystemTimes
GetSystemDirectoryW
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLogicalDrives
GetLogicalDriveStringsW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesExW
GetFileAttributesW
GetExitCodeThread
GetEnvironmentVariableW
GetDriveTypeW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameW
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumSystemLocalesW
EnumResourceNamesW
EnumCalendarInfoW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateThread
CreateMutexW
CreateFileMappingW
CreateFileW
CreateEventW
CreateDirectoryW
CopyFileW
CompareStringW
CloseHandle
Sleep
GetStringTypeW

gdi32

WidenPath
UpdateColors
UnrealizeObject
TextOutA
TextOutW
StrokePath
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextJustification
SetTextColor
SetStretchBltMode
SetRectRgn
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SelectClipRgn
SelectClipPath
SaveDC
RoundRect
RestoreDC
Rectangle
RectVisible
RectInRegion
RealizePalette
PtInRegion
Polyline
Polygon
PolyPolyline
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PathToRegion
PatBlt
OffsetWindowOrgEx
OffsetRgn
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetViewportOrgEx
GetTextMetricsA
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextExtentExPointA
GetTextExtentExPointW
GetTextColor
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetROP2
GetPixel
GetPaletteEntries
GetObjectType
GetObjectW
GetNearestPaletteIndex
GetNearestColor
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetCurrentObject
GetClipRgn
GetClipBox
GetBrushOrgEx
GetBkMode
GetBitmapBits
GdiFlush
FrameRgn
FillRgn
FillPath
ExtTextOutA
ExtTextOutW
ExtSelectClipRgn
ExtFloodFill
ExcludeClipRect
EqualRgn
EnumFontsW
EnumFontFamiliesExW
EndPath
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
DPtoLP
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgnIndirect
CreateRectRgn
CreatePolygonRgn
CreatePenIndirect
CreatePen
CreatePatternBrush
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateEllipticRgn
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
Chord
BitBlt
BeginPath
ArcTo
Arc
AngleArc
AbortDoc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_AddMasked
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

msvcrt

memset
memcpy

shell32

ShellExecuteW
Shell_NotifyIconW
SHGetSpecialFolderLocation
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

gdiplus

GdipDrawCachedBitmap
GdipMeasureDriverString
GdipDrawDriverString
GdipMeasureCharacterRanges
GdipMeasureString
GdipDrawString
GdipComment
GdipEndContainer
GdipBeginContainer2
GdipBeginContainerI
GdipBeginContainer
GdipRestoreGraphics
GdipSaveGraphics
GdipIsVisibleRectI
GdipIsVisibleRect
GdipIsVisiblePointI
GdipIsVisiblePoint
GdipIsVisibleClipEmpty
GdipGetVisibleClipBoundsI
GdipGetVisibleClipBounds
GdipIsClipEmpty
GdipGetClipBoundsI
GdipGetClipBounds
GdipGetClip
GdipTranslateClipI
GdipTranslateClip
GdipResetClip
GdipSetClipHrgn
GdipSetClipRegion
GdipSetClipPath
GdipSetClipRectI
GdipSetClipRect
GdipSetClipGraphics
GdipEnumerateMetafileSrcRectDestPointsI
GdipEnumerateMetafileSrcRectDestPoints
GdipEnumerateMetafileSrcRectDestRectI
GdipEnumerateMetafileSrcRectDestRect
GdipEnumerateMetafileSrcRectDestPointI
GdipEnumerateMetafileSrcRectDestPoint
GdipEnumerateMetafileDestPointsI
GdipEnumerateMetafileDestPoints
GdipEnumerateMetafileDestRectI
GdipEnumerateMetafileDestRect
GdipEnumerateMetafileDestPointI
GdipEnumerateMetafileDestPoint
GdipDrawImagePointsRectI
GdipDrawImagePointsRect
GdipDrawImageRectRectI
GdipDrawImageRectRect
GdipDrawImagePointRectI
GdipDrawImagePointRect
GdipDrawImagePointsI
GdipDrawImagePoints
GdipDrawImageRectI
GdipDrawImageRect
GdipDrawImageI
GdipDrawImage
GdipFillRegion
GdipFillClosedCurve2I
GdipFillClosedCurve2
GdipFillClosedCurveI
GdipFillClosedCurve
GdipFillPath
GdipFillPieI
GdipFillPie
GdipFillEllipseI
GdipFillEllipse
GdipFillPolygonI
GdipFillPolygon
GdipFillRectanglesI
GdipFillRectangles
GdipFillRectangleI
GdipFillRectangle
GdipGraphicsClear
GdipDrawClosedCurve2I
GdipDrawClosedCurve2
GdipDrawClosedCurveI
GdipDrawClosedCurve
GdipDrawCurve3I
GdipDrawCurve3
GdipDrawCurve2I
GdipDrawCurve2
GdipDrawCurveI
GdipDrawCurve
GdipDrawPath
GdipDrawPolygonI
GdipDrawPolygon
GdipDrawPieI
GdipDrawPie
GdipDrawEllipseI
GdipDrawEllipse
GdipDrawRectanglesI
GdipDrawRectangles
GdipDrawRectangleI
GdipDrawRectangle
GdipDrawBeziersI
GdipDrawBeziers
GdipDrawBezierI
GdipDrawBezier
GdipDrawArcI
GdipDrawArc
GdipDrawLinesI
GdipDrawLines
GdipDrawLineI
GdipDrawLine
GdipGetNearestColor
GdipTransformPointsI
GdipTransformPoints
GdipGetDpiY
GdipGetDpiX
GdipSetPageScale
GdipSetPageUnit
GdipGetPageScale
GdipGetPageUnit
GdipGetWorldTransform
GdipRotateWorldTransform
GdipScaleWorldTransform
GdipTranslateWorldTransform
GdipMultiplyWorldTransform
GdipResetWorldTransform
GdipSetWorldTransform
GdipGetInterpolationMode
GdipSetInterpolationMode
GdipGetTextContrast
GdipSetTextContrast
GdipGetTextRenderingHint
GdipSetTextRenderingHint
GdipGetPixelOffsetMode
GdipSetPixelOffsetMode
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipGetCompositingQuality
GdipSetCompositingQuality
GdipGetRenderingOrigin
GdipSetRenderingOrigin
GdipGetCompositingMode
GdipSetCompositingMode
GdipReleaseDC
GdipGetDC
GdipDeleteGraphics
GdipCreateFromHWNDICM
GdipCreateFromHWND
GdipCreateFromHDC2
GdipCreateFromHDC
GdipFlush
GdipSetPropertyItem
GdipRemovePropertyItem
GdipGetAllPropertyItems
GdipGetPropertySize
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipGetPropertyIdList
GdipGetPropertyCount
GdipGetImagePaletteSize
GdipSetImagePalette
GdipGetImagePalette
GdipImageRotateFlip
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetEncoderParameterList
GdipGetEncoderParameterListSize
GdipGetImageThumbnail
GdipGetImagePixelFormat
GdipGetImageRawFormat
GdipGetImageFlags
GdipGetImageVerticalResolution
GdipGetImageHorizontalResolution
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageType
GdipGetImageDimension
GdipGetImageBounds
GdipGetImageGraphicsContext
GdipSaveAddImage
GdipSaveAdd
GdipSaveImageToStream
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromFileICM
GdipLoadImageFromStreamICM
GdipLoadImageFromFile
GdipLoadImageFromStream
GdipGetCustomLineCapWidthScale
GdipSetCustomLineCapWidthScale
GdipGetCustomLineCapBaseInset
GdipSetCustomLineCapBaseInset
GdipGetCustomLineCapBaseCap
GdipSetCustomLineCapBaseCap
GdipGetCustomLineCapStrokeJoin
GdipSetCustomLineCapStrokeJoin
GdipGetCustomLineCapStrokeCaps
GdipSetCustomLineCapStrokeCaps
GdipCloneCustomLineCap
GdipDeleteCustomLineCap
GdipCreateCustomLineCap
GdipGetPenCompoundArray
GdipSetPenCompoundArray
GdipGetPenCompoundCount
GdipGetPenDashArray
GdipSetPenDashArray
GdipGetPenDashCount
GdipSetPenDashOffset
GdipGetPenDashOffset
GdipSetPenDashStyle
GdipGetPenDashStyle
GdipGetPenFillType
GdipGetPenBrushFill
GdipSetPenBrushFill
GdipGetPenColor
GdipSetPenColor
GdipRotatePenTransform
GdipScalePenTransform
GdipTranslatePenTransform
GdipMultiplyPenTransform
GdipResetPenTransform
GdipGetPenTransform
GdipSetPenTransform
GdipGetPenMode
GdipSetPenMode
GdipGetPenMiterLimit
GdipSetPenMiterLimit
GdipGetPenCustomEndCap
GdipSetPenCustomEndCap
GdipGetPenCustomStartCap
GdipSetPenCustomStartCap
GdipGetPenLineJoin
GdipSetPenLineJoin
GdipGetPenDashCap197819
GdipGetPenEndCap
GdipGetPenStartCap
GdipSetPenDashCap197819
GdipSetPenEndCap
GdipSetPenStartCap
GdipSetPenLineCap197819
GdipGetPenWidth
GdipSetPenWidth
GdipDeletePen
GdipClonePen
GdipCreatePen2
GdipCreatePen1
GdipRotateLineTransform
GdipScaleLineTransform
GdipTranslateLineTransform
GdipMultiplyLineTransform
GdipResetLineTransform
GdipSetLineTransform
GdipGetLineTransform
GdipGetLineWrapMode
GdipSetLineWrapMode
GdipSetLineLinearBlend
GdipSetLineSigmaBlend
GdipSetLinePresetBlend
GdipGetLinePresetBlend
GdipGetLinePresetBlendCount
GdipSetLineBlend
GdipGetLineBlend
GdipGetLineBlendCount
GdipGetLineGammaCorrection
GdipSetLineGammaCorrection
GdipGetLineRectI
GdipGetLineRect
GdipGetLineColors
GdipSetLineColors
GdipCreateLineBrushFromRectWithAngleI
GdipCreateLineBrushFromRectWithAngle
GdipCreateLineBrushFromRectI
GdipCreateLineBrushFromRect
GdipCreateLineBrushI
GdipCreateLineBrush
GdipGetSolidFillColor
GdipSetSolidFillColor
GdipCreateSolidFill
GdipGetTextureImage
GdipGetTextureWrapMode
GdipSetTextureWrapMode
GdipRotateTextureTransform
GdipScaleTextureTransform
GdipTranslateTextureTransform
GdipMultiplyTextureTransform
GdipResetTextureTransform
GdipSetTextureTransform
GdipGetTextureTransform
GdipCreateTextureIAI
GdipCreateTexture2I
GdipCreateTextureIA
GdipCreateTexture2
GdipCreateTexture
GdipGetHatchBackgroundColor
GdipGetHatchForegroundColor
GdipGetHatchStyle
GdipCreateHatchBrush
GdipGetBrushType
GdipDeleteBrush
GdipCloneBrush
GdipGetRegionScansI
GdipGetRegionScans
GdipGetRegionScansCount
GdipIsVisibleRegionRectI
GdipIsVisibleRegionRect
GdipIsVisibleRegionPointI
GdipIsVisibleRegionPoint
GdipGetRegionData
GdipGetRegionDataSize
GdipIsEqualRegion
GdipIsInfiniteRegion
GdipIsEmptyRegion
GdipGetRegionHRgn
GdipGetRegionBoundsI
GdipGetRegionBounds
GdipTransformRegion
GdipTranslateRegionI
GdipTranslateRegion
GdipCombineRegionRegion
GdipCombineRegionPath
GdipCombineRegionRectI
GdipCombineRegionRect
GdipSetEmpty
GdipSetInfinite
GdipDeleteRegion
GdipCloneRegion
GdipCreateRegionHrgn
GdipCreateRegionRgnData
GdipCreateRegionPath
GdipCreateRegionRectI
GdipCreateRegionRect
GdipCreateRegion
GdipIsMatrixEqual
GdipIsMatrixIdentity
GdipIsMatrixInvertible
GdipGetMatrixElements
GdipVectorTransformMatrixPointsI
GdipVectorTransformMatrixPoints
GdipTransformMatrixPointsI
GdipTransformMatrixPoints
GdipInvertMatrix
GdipShearMatrix
GdipRotateMatrix
GdipScaleMatrix
GdipTranslateMatrix
GdipMultiplyMatrix
GdipSetMatrixElements
GdipDeleteMatrix
GdipCloneMatrix
GdipCreateMatrix3I
GdipCreateMatrix3
GdipCreateMatrix2
GdipCreateMatrix
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc

dm.api

hasNewVerion
readVersion
osVersionNumbers
systemBits
is32ProgramOnWin64Os
isWinPe
is64BitProgram
isServer
readOsVersion
systemInfo2Log
logstr
applConf
shutdownSystem
isAdminAcct
clearExecutionState
setExecutionState
fileDiff
delDir
dirExists
moduleDir
langTxtW
langOpen2
langDefaultId
closeBlkChker
writeBlkChkerLog
blkChkerLogName
chkBlk
numOfBlks
createBlkChker
closeDevice
createDevice
numOfMdaDrvCallers
manageDriver
setupDriverName
writeActivRec2
readActivRec2
adjustorBegin
clearPves
getProductName
psi
pve
dve
numOfDves
refresh
releaseDeviceView
cloneDeviceView
createDeviceView

winmm

timeGetTime
PlaySoundW

Sections

.text
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 76B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 571KB - Virtual size: 571KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mscanner-pro-portable/x86/languages/ARJ.lng
mscanner-pro-portable/x86/languages/BGR.lng
mscanner-pro-portable/x86/languages/CHS.lng
mscanner-pro-portable/x86/languages/CHT.lng
mscanner-pro-portable/x86/languages/CSY.lng
mscanner-pro-portable/x86/languages/DEU.lng
mscanner-pro-portable/x86/languages/ELL.lng
mscanner-pro-portable/x86/languages/ENG.lng
mscanner-pro-portable/x86/languages/ESP.lng
mscanner-pro-portable/x86/languages/FIN.lng
mscanner-pro-portable/x86/languages/FRA.lng
mscanner-pro-portable/x86/languages/HEB.lng
mscanner-pro-portable/x86/languages/HRV.lng
mscanner-pro-portable/x86/languages/HUN.lng
mscanner-pro-portable/x86/languages/ITA.lng
mscanner-pro-portable/x86/languages/JPN.lng
.ps1
mscanner-pro-portable/x86/languages/KOR.lng
mscanner-pro-portable/x86/languages/NLD.lng
mscanner-pro-portable/x86/languages/NOR.lng
mscanner-pro-portable/x86/languages/PLK.lng
mscanner-pro-portable/x86/languages/PTG.lng
mscanner-pro-portable/x86/languages/ROM.lng
mscanner-pro-portable/x86/languages/RUS.lng
.ps1
mscanner-pro-portable/x86/languages/SLV.lng
mscanner-pro-portable/x86/languages/SVE.lng
mscanner-pro-portable/x86/languages/TRK.lng
mscanner-pro-portable/x86/languages/UKR.lng
mscanner-pro-portable/x86/pro.api
mscanner-pro-portable/x86/readme.url
.url
mscanner-pro-setup.exe
.exe windows:4 windows x86 arch:x86

7192d3773f389d45ebac3cc67d054a8a

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6f:d3:58:f0:5e:31:d8:d4:e3:43:80:28:5c:46:4c:40
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

30/06/2023, 00:00

Not After

29/06/2025, 23:59

Subject

CN=Panzhihua Bada Technology Co.\, Ltd.,O=Panzhihua Bada Technology Co.\, Ltd.,ST=Sichuan Sheng,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
Sleep
GetTickCount
CreateFileW
GetFileSize
MoveFileW
SetFileAttributesW
GetModuleFileNameW
CopyFileW
ExitProcess
SetEnvironmentVariableW
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
GetVersion
SetErrorMode
lstrlenW
GetCurrentProcess
CompareFileTime
GlobalUnlock
GlobalLock
CreateThread
GetLastError
CreateDirectoryW
CreateProcessW
RemoveDirectoryW
lstrcmpiA
GetTempFileNameW
WriteFile
lstrcpyA
lstrcpyW
MoveFileExW
lstrcatW
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
GetModuleHandleA
ExpandEnvironmentStringsW
GetShortPathNameW
SearchPathW
lstrcmpiW
SetFileTime
CloseHandle
GlobalFree
lstrcmpW
GlobalAlloc
WaitForSingleObject
GetDiskFreeSpaceW
lstrcpynW
GetExitCodeProcess
FindFirstFileW
FindNextFileW
DeleteFileW
SetFilePointer
ReadFile
FindClose
MulDiv
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetPrivateProfileStringW
WritePrivateProfileStringW
FreeLibrary
LoadLibraryExW
GetModuleHandleW

user32

GetSystemMenu
SetClassLongW
IsWindowEnabled
EnableMenuItem
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
LoadBitmapW
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
wsprintfW
ScreenToClient
GetWindowRect
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
GetDC
SetWindowTextW
PostQuitMessage
ShowWindow
GetDlgItem
IsWindow
LoadImageW
SetWindowLongW
TrackPopupMenu
AppendMenuW
CreatePopupMenu
EndPaint
SetTimer
FindWindowExW
SendMessageTimeoutW
SetForegroundWindow

gdi32

SelectObject
SetBkMode
CreateFontIndirectW
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW

advapi32

RegDeleteKeyW
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumKeyW

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 168KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 851B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 610B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

e2ee55bddad4241d619d6a8a38e2d869

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
lstrcpyW
MulDiv
lstrlenW
HeapFree
GetCurrentDirectoryW
lstrcmpiW
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
SetCurrentDirectoryW
HeapAlloc

user32

DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
GetPropW
CharPrevW
DrawFocusRect
GetWindowLongW
DrawTextW
GetClientRect
GetDlgItem
GetSysColor
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapDialogRect
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
CharNextW
SendMessageW
MapWindowPoints
RemovePropW
GetWindowTextW

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 630B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
core.dll
.zip
drivers/win7/amd64/MDA_NTDRV.sys
.sys windows:6 windows x64 arch:x64

c7bce6d53c2b7a032ae8e88bd6efa8f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Work\projects\common\bin\Win7\amd64\MDA_NTDRV.pdb

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoGetLowerDeviceObject
IoBuildDeviceIoControlRequest
IoDeleteSymbolicLink
ExFreePoolWithTag
RtlInitUnicodeString
IoDeleteDevice
KeSetEvent
KeInitializeEvent
IoFreeMdl
MmMapLockedPagesSpecifyCache
IoGetDeviceObjectPointer
IoBuildAsynchronousFsdRequest
IofCompleteRequest
KeWaitForSingleObject
IoFreeIrp
IoGetAttachedDeviceReference
RtlCompareUnicodeString
MmUnlockPages
ObfReferenceObject
IoCreateSymbolicLink
ObfDereferenceObject
RtlUnicodeStringToInteger
IoCreateDevice
ObDereferenceObjectDeferDelete
IofCallDriver
KeBugCheckEx
RtlAnsiCharToUnicodeChar

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
drivers/win7/i386/MDA_NTDRV.sys
.sys windows:6 windows x86 arch:x86

c50e07f3c00e76404fa0d1348a11541a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Work\projects\common\bin\Win7\i386\MDA_NTDRV.pdb

Imports

ntoskrnl.exe

IoGetLowerDeviceObject
RtlCompareUnicodeString
RtlInitUnicodeString
ObfDereferenceObject
IoDeleteDevice
IoDeleteSymbolicLink
ObfReferenceObject
IoGetDeviceObjectPointer
memset
IoFreeIrp
KeSetEvent
IoFreeMdl
MmUnlockPages
ExFreePoolWithTag
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
IoBuildAsynchronousFsdRequest
IofCompleteRequest
MmMapLockedPagesSpecifyCache
IoGetAttachedDeviceReference
RtlUnicodeStringToInteger
ExAllocatePoolWithTag
memcpy
ObDereferenceObjectDeferDelete
IoBuildDeviceIoControlRequest
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
RtlAnsiCharToUnicodeChar

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
drivers/winlh/amd64/MDA_NTDRV.sys
.sys windows:6 windows x64 arch:x64

c7bce6d53c2b7a032ae8e88bd6efa8f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Work\projects\common\bin\WinLH\amd64\MDA_NTDRV.pdb

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoGetLowerDeviceObject
IoBuildDeviceIoControlRequest
IoDeleteSymbolicLink
ExFreePoolWithTag
RtlInitUnicodeString
IoDeleteDevice
KeSetEvent
KeInitializeEvent
IoFreeMdl
MmMapLockedPagesSpecifyCache
IoGetDeviceObjectPointer
IoBuildAsynchronousFsdRequest
IofCompleteRequest
KeWaitForSingleObject
IoFreeIrp
IoGetAttachedDeviceReference
RtlCompareUnicodeString
MmUnlockPages
ObfReferenceObject
IoCreateSymbolicLink
ObfDereferenceObject
RtlUnicodeStringToInteger
IoCreateDevice
ObDereferenceObjectDeferDelete
IofCallDriver
KeBugCheckEx
RtlAnsiCharToUnicodeChar

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
drivers/winlh/i386/MDA_NTDRV.sys
.sys windows:6 windows x86 arch:x86

c50e07f3c00e76404fa0d1348a11541a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Work\projects\common\bin\WinLH\i386\MDA_NTDRV.pdb

Imports

ntoskrnl.exe

IoGetLowerDeviceObject
RtlCompareUnicodeString
RtlInitUnicodeString
ObfDereferenceObject
IoDeleteDevice
IoDeleteSymbolicLink
ObfReferenceObject
IoGetDeviceObjectPointer
memset
IoFreeIrp
KeSetEvent
IoFreeMdl
MmUnlockPages
ExFreePoolWithTag
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
IoBuildAsynchronousFsdRequest
IofCompleteRequest
MmMapLockedPagesSpecifyCache
IoGetAttachedDeviceReference
RtlUnicodeStringToInteger
ExAllocatePoolWithTag
memcpy
ObDereferenceObjectDeferDelete
IoBuildDeviceIoControlRequest
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
RtlAnsiCharToUnicodeChar

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 353B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
drivers/winnet/amd64/MDA_NTDRV.sys
.sys windows:6 windows x64 arch:x64

c6c3757641cc088e31875efbec074068

Code Sign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:a4:dc:11:45:80:2f:ec:91:84:a6:94:26:47:ba:3b
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

18/05/2016, 09:48

Not After

18/05/2017, 09:48

Subject

CN=Bada Technology Co.\,Ltd,O=Bada Technology Co.\,Ltd,L=Panzhihua,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

29/04/2015, 17:12

Not After

29/04/2025, 17:12

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:c2:85:30:e9:3b:36
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 22:46

Not After

31/12/2019, 23:59

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

22:1d:12:bf:d7:45:75:71:13:37:96:2b:82:e2:2b:52
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

18/05/2016, 09:26

Not After

18/05/2017, 09:26

Subject

CN=Bada Technology Co.\,Ltd,O=Bada Technology Co.\,Ltd,L=Panzhihua,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/11/2014, 00:58

Not After

08/11/2029, 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

29/04/2015, 17:12

Not After

29/04/2025, 17:12

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:c2:85:30:e9:3b:36
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 22:46

Not After

31/12/2019, 23:59

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

2c:9f:c3:85:e6:31:b3:80:e2:cd:15:c1:88:d4:fd:19:31:c8:d7:7a:47:cc:92:1e:2b:a2:fb:ca:c8:80:ff:93
Signer

Actual PE Digest

2c:9f:c3:85:e6:31:b3:80:e2:cd:15:c1:88:d4:fd:19:31:c8:d7:7a:47:cc:92:1e:2b:a2:fb:ca:c8:80:ff:93

Digest Algorithm

sha256

PE Digest Matches

true

f1:32:8e:f7:f4:68:ae:54:18:37:51:6a:a4:77:11:bb:93:60:7f:e8
Signer

Actual PE Digest

f1:32:8e:f7:f4:68:ae:54:18:37:51:6a:a4:77:11:bb:93:60:7f:e8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Work\projects\common\bin\WinNET\amd64\MDA_NTDRV.pdb

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoBuildDeviceIoControlRequest
IoDeleteSymbolicLink
ExFreePoolWithTag
RtlInitUnicodeString
IoDeleteDevice
KeSetEvent
KeInitializeEvent
IoFreeMdl
MmMapLockedPagesSpecifyCache
IoGetDeviceObjectPointer
IoBuildAsynchronousFsdRequest
IofCompleteRequest
KeWaitForSingleObject
IoFreeIrp
IoGetAttachedDeviceReference
MmUnlockPages
ObfReferenceObject
IoCreateSymbolicLink
ObfDereferenceObject
RtlUnicodeStringToInteger
IoCreateDevice
IofCallDriver
KeBugCheckEx
RtlAnsiCharToUnicodeChar

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
drivers/winnet/i386/MDA_NTDRV.sys
.sys windows:6 windows x86 arch:x86

c282198bc24c5a8e2d143c1f82a4470a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Work\projects\common\bin\WinNET\i386\MDA_NTDRV.pdb

Imports

ntoskrnl.exe

IoDeleteDevice
IoDeleteSymbolicLink
ObfReferenceObject
IoGetDeviceObjectPointer
RtlInitUnicodeString
memset
IoFreeIrp
KeSetEvent
IoFreeMdl
MmUnlockPages
ExFreePoolWithTag
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
IoBuildAsynchronousFsdRequest
IofCompleteRequest
MmMapLockedPagesSpecifyCache
ObfDereferenceObject
IoGetAttachedDeviceReference
RtlUnicodeStringToInteger
ExAllocatePoolWithTag
memcpy
IoBuildDeviceIoControlRequest
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
RtlAnsiCharToUnicodeChar

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 354B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 846B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
drivers/winxp/i386/MDA_NTDRV.sys
.sys windows:6 windows x86 arch:x86

c282198bc24c5a8e2d143c1f82a4470a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Work\projects\common\bin\WinXP\i386\MDA_NTDRV.pdb

Imports

ntoskrnl.exe

IoDeleteDevice
IoDeleteSymbolicLink
ObfReferenceObject
IoGetDeviceObjectPointer
RtlInitUnicodeString
memset
IoFreeIrp
KeSetEvent
IoFreeMdl
MmUnlockPages
ExFreePoolWithTag
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
IoBuildAsynchronousFsdRequest
IofCompleteRequest
MmMapLockedPagesSpecifyCache
ObfDereferenceObject
IoGetAttachedDeviceReference
RtlUnicodeStringToInteger
ExAllocatePoolWithTag
memcpy
IoBuildDeviceIoControlRequest
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
RtlAnsiCharToUnicodeChar

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 353B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 846B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 334B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dm.api
.dll windows:5 windows x64 arch:x64

351b182fefb6c188a88749b83afabad1

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6f:d3:58:f0:5e:31:d8:d4:e3:43:80:28:5c:46:4c:40
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

30/06/2023, 00:00

Not After

29/06/2025, 23:59

Subject

CN=Panzhihua Bada Technology Co.\, Ltd.,O=Panzhihua Bada Technology Co.\, Ltd.,ST=Sichuan Sheng,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetDateFormatA
FindNextFileW
DeleteFileW
CloseHandle
GetLocalTime
FindClose
GetVersionExW
CopyFileW
GetLocaleInfoW
WideCharToMultiByte
GetUserDefaultLangID
WaitForSingleObject
CreateProcessW
FindFirstFileW
SetThreadExecutionState
CreateFileA
lstrcpyW
lstrlenW
lstrcpynW
SetEnvironmentVariableA
CompareStringW
FlushFileBuffers
CreateFileW
WriteConsoleW
SetStdHandle
GetStringTypeW
HeapReAlloc
GetConsoleMode
GetConsoleCP
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
GetTimeZoneInformation
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetVersion
HeapSetInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
DeleteCriticalSection
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
MultiByteToWideChar
OutputDebugStringW
OutputDebugStringA
FreeLibrary
GetCurrentProcess
GetModuleHandleW
GetCurrentThread
GetSystemDirectoryW
LoadLibraryW
Sleep
ReadFile
GetLastError
GetProcAddress
LoadLibraryA
RemoveDirectoryW
CreatePipe
GetModuleFileNameA
SetFileAttributesW
GlobalMemoryStatusEx
GetSystemInfo
LocalFree
PeekNamedPipe
SetEvent
GetExitCodeProcess
TerminateProcess
CreateEventW
WaitForMultipleObjects
GetTempPathW
CreateDirectoryA
GetSystemWindowsDirectoryW
GetExitCodeThread
CreateThread
GetTempFileNameW
FindVolumeClose
GetDriveTypeW
CreateDirectoryW
FindNextVolumeW
GetModuleFileNameW
GetLongPathNameW
MoveFileW
FindFirstVolumeW
DecodePointer
EncodePointer
GetCurrentThreadId
FlsSetValue
GetCommandLineA
HeapFree
GetSystemTimeAsFileTime
ExitThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WriteFile
GetStdHandle
HeapAlloc
RaiseException
RtlPcToFileHeader
RtlUnwindEx
HeapSize
ExitProcess
FlsGetValue
FlsFree
SetLastError
FlsAlloc
GetTimeFormatA

user32

ExitWindowsEx
SetActiveWindow
SetCapture
SetFocus
MessageBoxW
ReleaseCapture
EnableWindow
wsprintfW
GetSystemMetrics

shell32

ShellExecuteExW
SHFileOperationW
SHGetSpecialFolderPathW
SHGetDesktopFolder
SHEmptyRecycleBinW
SHGetMalloc
SHGetFolderLocation

shlwapi

PathRemoveFileSpecW
StrStrIW
PathFileExistsW
SHCreateStreamOnFileEx

ntdll

ZwSetInformationFile
RtlDeleteCriticalSection
ZwDeleteFile
RtlLeaveCriticalSection
ZwDeviceIoControlFile
ZwQueryInformationProcess
ZwLoadKey
ZwOpenFile
ZwQueryInformationToken
ZwAdjustPrivilegesToken
ZwOpenProcessToken
NtSetVolumeInformationFile
ZwSetValueKey
RtlGetVersion
RtlInitAnsiString
RtlInitUnicodeString
ZwReadFile
RtlSystemTimeToLocalTime
RtlQueryEnvironmentVariable_U
ZwQuerySystemTime
ZwFsControlFile
RtlAnsiStringToUnicodeString
RtlEnterCriticalSection
ZwUnloadKey
ZwQueryInformationFile
ZwWriteFile
RtlInitializeCriticalSection
ZwDelayExecution
RtlDosPathNameToNtPathName_U
ZwAllocateVirtualMemory
ZwOpenKey
ZwAllocateUuids
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
ZwOpenDirectoryObject
ZwQueryDirectoryObject
RtlFreeUnicodeString
NtQueryVolumeInformationFile
ZwCreateFile
ZwQueryValueKey
ZwQueryDirectoryFile
ZwFreeVirtualMemory
RtlNtStatusToDosError
ZwEnumerateValueKey
ZwClose
ZwFlushKey
RtlTimeToTimeFields
ZwQueryAttributesFile
ZwFlushBuffersFile

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlW
InternetOpenW

dbghelp

MiniDumpWriteDump

advapi32

DeleteService
OpenThreadToken
GetUserNameW
GetTokenInformation
EqualSid
LookupPrivilegeValueW
AllocateAndInitializeSid
FreeSid
RegOpenKeyExW
RegFlushKey
AdjustTokenPrivileges
RegCloseKey
DeleteAce
GetAclInformation
SetNamedSecurityInfoW
GetAce
ControlService
OpenSCManagerA
StartServiceA
OpenServiceW
OpenProcessToken
CloseServiceHandle
CreateServiceW
BuildExplicitAccessWithNameW
SetEntriesInAclW
GetNamedSecurityInfoW

ole32

CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
SafeArrayPutElement
SafeArrayCreateVectorEx
SafeArrayDestroy
SysAllocString

msi

ord66
ord173
ord70
ord41
ord45

Exports

Exports

aboveWin10
addBootEntry
addLogicalDrive
addPve
adjustorBegin
adjustorEnd
alignNtfsClust
alignNtfsClust1
alignPart
alignParts1
allowConv2FAT32
allowConv2Gpt
allowConv2Logical
allowConvDynamic2Basic
allowCpyDisk
allowExtendNtfsVolume
allowMigrateOs
applConf
assignDriveLetter
batchFileBakPath
batchFileExist
batchFilePath
blkChkerLogName
bootPve
breakCommand
changeLogicalDrive
checkUpdate
checkVolSize
checkWinPeType
chkBlk
cleanPves
clearExecutionState
clearLastOpErr
clearPves
cloneDeviceView
closeBatchCmds
closeBlkChker
closeCommand
closeDevice
closeMsgQueue
closeRecyclebinFiles
compFile
cpyDisk
createBatchCmds
createBlkChker
createCommand
createDevice
createDeviceView
createDiskUuidFile
createDummyPves
createMsgQueue
createRecyclebinFiles
createSnapshot
defaultSsPerClust
delAllBootEntries
delBatchFile
delBootEntry
delDir
delGptReservedPart
delPve
dirExists
disablePagingExecutiveValue
dve
dynamic2Basic
emptyRecyclebin
enumDisks
errText
estimateUsedSects
estimateUsedSects4Merge
exec
extendPve
extendSpace
extendedPves
fileDiff
files4Wiper
files4Wiper2
firstNePve
firstNePve2
forceLock
fsRange
getLastOpErr
getProductName
getProductName2
gpt2Mbr
gptPart2MbrLogical
gptPart2MbrPrimary
hasNewVerion
hasOtherOs
initDves
initEmptyPve
integrityCheck
is32ProgramOnWin64Os
is64BitProgram
isAdminAcct
isDbrDisk
isDynamicDisk
isEmptyDisk
isExtPart
isGptDisk
isGptEfiSystemPart
isGptMsrPart
isGptSysPart
isMbrDisk
isMounted
isRecoveryPart
isSectorsCpy
isServer
isSysPart
isVolumeExist
isWinPe
langDefaultId
langOpen
langOpen2
langTxt
langTxtW
lastNePve
lockVolume
logicalDrives
logstr
makePe
manageDriver
maxLabelLen
mbr2Gpt
mergePves
mergeSpace
mergeUs2Pve
migrateOs
moduleDir
movSpace
need2Shutdown
need2UpdateSystem
numOfBlks
numOfDisks
numOfDrives
numOfDves
numOfLangs
numOfLdmDves
numOfMdaDrvCallers
numOfMsgs
numOfNePves
numOfNePves2
numOfOsPves
numOfPves
numOfRecyclebinFiles
osVersionNumbers
partMaximum
partMinSects
partMinimum
partMinimum1
partReserved
partTyp
peekMsg
popMsg
postMsg
psi
pushCmd
pve
pveChanged
queryDve
rangeOfSsPerClust
readActivRec2
readOsVersion
readOsVersion2
readPipe
readVersion
ready2Perform
rebootSystem
rebuildPves
recyclebinFile
refresh
releaseDeviceView
releaseDummyPves
releasePves4Ex
removeLogicalDrive
removeLogicalDrives
runInEFIMode
saveCmds2File
saveGlobalInfo
saveGlobalInfo2
seekNePve
seekNePve2
seekNextNePve
seekPve
sendEmail
setAutoMount
setDisablePagingExecutive
setDiskOffline
setDiskReadonly
setExceptionFilter
setExecutionState
setLastOpErr
setupCore
setupCore2
setupDriverName
shutdownSystem
siOfBootPart
siOfSysPart
siOn1stPaint
size2Str
specialDir
sqliteClose
sqliteCloseDb
sqliteCreate
sqliteExec
sqliteOpenDb
startingSector
sysPve
systemBits
systemInfo2Log
tryLockVolume
uncompressNtfsFile
unmountVolume
updateSystem
validate
visibleSects
visibleSects1
windowsDir
wiperLogName
writeActivRec2
writeBlkChkerLog

Sections

.text
Size: 685KB - Virtual size: 685KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 661KB - Virtual size: 661KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dll_sha
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dm.st.exe
.exe windows:5 windows x64 arch:x64

1fa08bc506abdedc32ce7588aa02e757

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6f:d3:58:f0:5e:31:d8:d4:e3:43:80:28:5c:46:4c:40
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

30/06/2023, 00:00

Not After

29/06/2025, 23:59

Subject

CN=Panzhihua Bada Technology Co.\, Ltd.,O=Panzhihua Bada Technology Co.\, Ltd.,ST=Sichuan Sheng,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit
GetErrorInfo
GetActiveObject
VariantInit
SysFreeString

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey

user32

MessageBoxA
CharNextW
LoadStringW
SetClassLongPtrW
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
CreateWindowExW
WindowFromPoint
WaitMessage
ValidateRect
UpdateWindow
UnregisterClassW
UnionRect
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenuEx
TrackPopupMenu
ToUnicode
ToAsciiEx
TabbedTextOutA
TabbedTextOutW
SystemParametersInfoW
SubtractRect
AnimateWindow
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRectEmpty
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenuInfo
SetMenuDefaultItem
SetMenu
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetCapture
SetActiveWindow
SendNotifyMessageW
SendMessageA
SendMessageW
ScrollWindowEx
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PtInRect
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LockWindowUpdate
LoadStringW
LoadMenuW
LoadKeyboardLayoutW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsMenu
IsIconic
IsDialogMessageA
IsDialogMessageW
IsClipboardFormatAvailable
IsChild
InvalidateRgn
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowRgn
GetWindowRect
GetWindowPlacement
GetWindowDC
GetUpdateRgn
GetUpdateRect
GetTopWindow
GetTabbedTextExtentA
GetTabbedTextExtentW
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetScrollBarInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageExtraInfo
GetMessageW
GetMenuStringW
GetMenuState
GetMenuItemRect
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenuDefaultItem
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDlgItem
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameW
GetClassInfoExW
GetClassInfoW
GetCaretPos
GetCapture
GetAsyncKeyState
GetAncestor
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EndMenu
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextA
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DragDetect
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateAcceleratorTableW
CountClipboardFormats
CopyImage
CopyIcon
CloseClipboard
ClientToScreen
ChildWindowFromPointEx
CheckMenuItem
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
HeapFree
HeapAlloc
GetProcessHeap
lstrlenW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsDBCSLeadByteEx
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetConsoleOutputCP
GetConsoleCP
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwindEx
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
GetFileType
GetFileSize
CreateFileW
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
lstrcmpW
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
UnmapViewOfFile
TryEnterCriticalSection
SwitchToThread
SuspendThread
SleepEx
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryW
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
QueryDosDeviceW
IsDebuggerPresent
OutputDebugStringW
MultiByteToWideChar
MulDiv
MapViewOfFile
LockResource
LocalFree
LoadResource
LoadLibraryW
LeaveCriticalSection
IsValidLocale
InitializeCriticalSection
HeapSize
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalSize
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryW
GetVolumeInformationW
GetVersionExW
GetVersion
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathW
GetSystemInfo
GetSystemTimes
GetSystemDirectoryW
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLogicalDrives
GetLogicalDriveStringsW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesExW
GetFileAttributesW
GetExitCodeThread
GetEnvironmentVariableW
GetDriveTypeW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameW
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
FreeLibrary
FormatMessageW
FindResourceW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumSystemLocalesW
EnumResourceNamesW
EnumCalendarInfoW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateThread
CreateMutexW
CreateFileMappingW
CreateFileW
CreateEventW
CreateDirectoryW
CopyFileW
CompareStringW
CloseHandle
Sleep
GetStringTypeW

gdi32

WidenPath
UpdateColors
UnrealizeObject
TextOutA
TextOutW
StrokePath
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextJustification
SetTextColor
SetStretchBltMode
SetRectRgn
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SelectClipRgn
SelectClipPath
SaveDC
RoundRect
RestoreDC
Rectangle
RectVisible
RectInRegion
RealizePalette
PtInRegion
Polyline
Polygon
PolyPolyline
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PathToRegion
PatBlt
OffsetWindowOrgEx
OffsetRgn
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetViewportOrgEx
GetTextMetricsA
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextExtentExPointA
GetTextExtentExPointW
GetTextColor
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetROP2
GetPixel
GetPaletteEntries
GetObjectType
GetObjectW
GetNearestPaletteIndex
GetNearestColor
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetCurrentObject
GetClipRgn
GetClipBox
GetBrushOrgEx
GetBkMode
GetBitmapBits
GdiFlush
FrameRgn
FillRgn
FillPath
ExtTextOutA
ExtTextOutW
ExtSelectClipRgn
ExtFloodFill
ExcludeClipRect
EqualRgn
EnumFontsW
EnumFontFamiliesExW
EndPath
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
DPtoLP
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgnIndirect
CreateRectRgn
CreatePolygonRgn
CreatePenIndirect
CreatePen
CreatePatternBrush
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateEllipticRgn
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
Chord
BitBlt
BeginPath
ArcTo
Arc
AngleArc
AbortDoc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_AddMasked
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

msvcrt

memset
memcpy

shell32

ShellExecuteW
Shell_NotifyIconW
SHGetSpecialFolderLocation
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

gdiplus

GdipDrawCachedBitmap
GdipMeasureDriverString
GdipDrawDriverString
GdipMeasureCharacterRanges
GdipMeasureString
GdipDrawString
GdipComment
GdipEndContainer
GdipBeginContainer2
GdipBeginContainerI
GdipBeginContainer
GdipRestoreGraphics
GdipSaveGraphics
GdipIsVisibleRectI
GdipIsVisibleRect
GdipIsVisiblePointI
GdipIsVisiblePoint
GdipIsVisibleClipEmpty
GdipGetVisibleClipBoundsI
GdipGetVisibleClipBounds
GdipIsClipEmpty
GdipGetClipBoundsI
GdipGetClipBounds
GdipGetClip
GdipTranslateClipI
GdipTranslateClip
GdipResetClip
GdipSetClipHrgn
GdipSetClipRegion
GdipSetClipPath
GdipSetClipRectI
GdipSetClipRect
GdipSetClipGraphics
GdipEnumerateMetafileSrcRectDestPointsI
GdipEnumerateMetafileSrcRectDestPoints
GdipEnumerateMetafileSrcRectDestRectI
GdipEnumerateMetafileSrcRectDestRect
GdipEnumerateMetafileSrcRectDestPointI
GdipEnumerateMetafileSrcRectDestPoint
GdipEnumerateMetafileDestPointsI
GdipEnumerateMetafileDestPoints
GdipEnumerateMetafileDestRectI
GdipEnumerateMetafileDestRect
GdipEnumerateMetafileDestPointI
GdipEnumerateMetafileDestPoint
GdipDrawImagePointsRectI
GdipDrawImagePointsRect
GdipDrawImageRectRectI
GdipDrawImageRectRect
GdipDrawImagePointRectI
GdipDrawImagePointRect
GdipDrawImagePointsI
GdipDrawImagePoints
GdipDrawImageRectI
GdipDrawImageRect
GdipDrawImageI
GdipDrawImage
GdipFillRegion
GdipFillClosedCurve2I
GdipFillClosedCurve2
GdipFillClosedCurveI
GdipFillClosedCurve
GdipFillPath
GdipFillPieI
GdipFillPie
GdipFillEllipseI
GdipFillEllipse
GdipFillPolygonI
GdipFillPolygon
GdipFillRectanglesI
GdipFillRectangles
GdipFillRectangleI
GdipFillRectangle
GdipGraphicsClear
GdipDrawClosedCurve2I
GdipDrawClosedCurve2
GdipDrawClosedCurveI
GdipDrawClosedCurve
GdipDrawCurve3I
GdipDrawCurve3
GdipDrawCurve2I
GdipDrawCurve2
GdipDrawCurveI
GdipDrawCurve
GdipDrawPath
GdipDrawPolygonI
GdipDrawPolygon
GdipDrawPieI
GdipDrawPie
GdipDrawEllipseI
GdipDrawEllipse
GdipDrawRectanglesI
GdipDrawRectangles
GdipDrawRectangleI
GdipDrawRectangle
GdipDrawBeziersI
GdipDrawBeziers
GdipDrawBezierI
GdipDrawBezier
GdipDrawArcI
GdipDrawArc
GdipDrawLinesI
GdipDrawLines
GdipDrawLineI
GdipDrawLine
GdipGetNearestColor
GdipTransformPointsI
GdipTransformPoints
GdipGetDpiY
GdipGetDpiX
GdipSetPageScale
GdipSetPageUnit
GdipGetPageScale
GdipGetPageUnit
GdipGetWorldTransform
GdipRotateWorldTransform
GdipScaleWorldTransform
GdipTranslateWorldTransform
GdipMultiplyWorldTransform
GdipResetWorldTransform
GdipSetWorldTransform
GdipGetInterpolationMode
GdipSetInterpolationMode
GdipGetTextContrast
GdipSetTextContrast
GdipGetTextRenderingHint
GdipSetTextRenderingHint
GdipGetPixelOffsetMode
GdipSetPixelOffsetMode
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipGetCompositingQuality
GdipSetCompositingQuality
GdipGetRenderingOrigin
GdipSetRenderingOrigin
GdipGetCompositingMode
GdipSetCompositingMode
GdipReleaseDC
GdipGetDC
GdipDeleteGraphics
GdipCreateFromHWNDICM
GdipCreateFromHWND
GdipCreateFromHDC2
GdipCreateFromHDC
GdipFlush
GdipSetPropertyItem
GdipRemovePropertyItem
GdipGetAllPropertyItems
GdipGetPropertySize
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipGetPropertyIdList
GdipGetPropertyCount
GdipGetImagePaletteSize
GdipSetImagePalette
GdipGetImagePalette
GdipImageRotateFlip
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetEncoderParameterList
GdipGetEncoderParameterListSize
GdipGetImageThumbnail
GdipGetImagePixelFormat
GdipGetImageRawFormat
GdipGetImageFlags
GdipGetImageVerticalResolution
GdipGetImageHorizontalResolution
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageType
GdipGetImageDimension
GdipGetImageBounds
GdipGetImageGraphicsContext
GdipSaveAddImage
GdipSaveAdd
GdipSaveImageToStream
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromFileICM
GdipLoadImageFromStreamICM
GdipLoadImageFromFile
GdipLoadImageFromStream
GdipGetCustomLineCapWidthScale
GdipSetCustomLineCapWidthScale
GdipGetCustomLineCapBaseInset
GdipSetCustomLineCapBaseInset
GdipGetCustomLineCapBaseCap
GdipSetCustomLineCapBaseCap
GdipGetCustomLineCapStrokeJoin
GdipSetCustomLineCapStrokeJoin
GdipGetCustomLineCapStrokeCaps
GdipSetCustomLineCapStrokeCaps
GdipCloneCustomLineCap
GdipDeleteCustomLineCap
GdipCreateCustomLineCap
GdipGetPenCompoundArray
GdipSetPenCompoundArray
GdipGetPenCompoundCount
GdipGetPenDashArray
GdipSetPenDashArray
GdipGetPenDashCount
GdipSetPenDashOffset
GdipGetPenDashOffset
GdipSetPenDashStyle
GdipGetPenDashStyle
GdipGetPenFillType
GdipGetPenBrushFill
GdipSetPenBrushFill
GdipGetPenColor
GdipSetPenColor
GdipRotatePenTransform
GdipScalePenTransform
GdipTranslatePenTransform
GdipMultiplyPenTransform
GdipResetPenTransform
GdipGetPenTransform
GdipSetPenTransform
GdipGetPenMode
GdipSetPenMode
GdipGetPenMiterLimit
GdipSetPenMiterLimit
GdipGetPenCustomEndCap
GdipSetPenCustomEndCap
GdipGetPenCustomStartCap
GdipSetPenCustomStartCap
GdipGetPenLineJoin
GdipSetPenLineJoin
GdipGetPenDashCap197819
GdipGetPenEndCap
GdipGetPenStartCap
GdipSetPenDashCap197819
GdipSetPenEndCap
GdipSetPenStartCap
GdipSetPenLineCap197819
GdipGetPenWidth
GdipSetPenWidth
GdipDeletePen
GdipClonePen
GdipCreatePen2
GdipCreatePen1
GdipRotateLineTransform
GdipScaleLineTransform
GdipTranslateLineTransform
GdipMultiplyLineTransform
GdipResetLineTransform
GdipSetLineTransform
GdipGetLineTransform
GdipGetLineWrapMode
GdipSetLineWrapMode
GdipSetLineLinearBlend
GdipSetLineSigmaBlend
GdipSetLinePresetBlend
GdipGetLinePresetBlend
GdipGetLinePresetBlendCount
GdipSetLineBlend
GdipGetLineBlend
GdipGetLineBlendCount
GdipGetLineGammaCorrection
GdipSetLineGammaCorrection
GdipGetLineRectI
GdipGetLineRect
GdipGetLineColors
GdipSetLineColors
GdipCreateLineBrushFromRectWithAngleI
GdipCreateLineBrushFromRectWithAngle
GdipCreateLineBrushFromRectI
GdipCreateLineBrushFromRect
GdipCreateLineBrushI
GdipCreateLineBrush
GdipGetSolidFillColor
GdipSetSolidFillColor
GdipCreateSolidFill
GdipGetTextureImage
GdipGetTextureWrapMode
GdipSetTextureWrapMode
GdipRotateTextureTransform
GdipScaleTextureTransform
GdipTranslateTextureTransform
GdipMultiplyTextureTransform
GdipResetTextureTransform
GdipSetTextureTransform
GdipGetTextureTransform
GdipCreateTextureIAI
GdipCreateTexture2I
GdipCreateTextureIA
GdipCreateTexture2
GdipCreateTexture
GdipGetHatchBackgroundColor
GdipGetHatchForegroundColor
GdipGetHatchStyle
GdipCreateHatchBrush
GdipGetBrushType
GdipDeleteBrush
GdipCloneBrush
GdipGetRegionScansI
GdipGetRegionScans
GdipGetRegionScansCount
GdipIsVisibleRegionRectI
GdipIsVisibleRegionRect
GdipIsVisibleRegionPointI
GdipIsVisibleRegionPoint
GdipGetRegionData
GdipGetRegionDataSize
GdipIsEqualRegion
GdipIsInfiniteRegion
GdipIsEmptyRegion
GdipGetRegionHRgn
GdipGetRegionBoundsI
GdipGetRegionBounds
GdipTransformRegion
GdipTranslateRegionI
GdipTranslateRegion
GdipCombineRegionRegion
GdipCombineRegionPath
GdipCombineRegionRectI
GdipCombineRegionRect
GdipSetEmpty
GdipSetInfinite
GdipDeleteRegion
GdipCloneRegion
GdipCreateRegionHrgn
GdipCreateRegionRgnData
GdipCreateRegionPath
GdipCreateRegionRectI
GdipCreateRegionRect
GdipCreateRegion
GdipIsMatrixEqual
GdipIsMatrixIdentity
GdipIsMatrixInvertible
GdipGetMatrixElements
GdipVectorTransformMatrixPointsI
GdipVectorTransformMatrixPoints
GdipTransformMatrixPointsI
GdipTransformMatrixPoints
GdipInvertMatrix
GdipShearMatrix
GdipRotateMatrix
GdipScaleMatrix
GdipTranslateMatrix
GdipMultiplyMatrix
GdipSetMatrixElements
GdipDeleteMatrix
GdipCloneMatrix
GdipCreateMatrix3I
GdipCreateMatrix3
GdipCreateMatrix2
GdipCreateMatrix
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc

dm.api

hasNewVerion
readVersion
osVersionNumbers
systemBits
is32ProgramOnWin64Os
isWinPe
is64BitProgram
isServer
readOsVersion
systemInfo2Log
logstr
applConf
shutdownSystem
isAdminAcct
clearExecutionState
setExecutionState
fileDiff
delDir
dirExists
moduleDir
langTxtW
langOpen2
langDefaultId
closeBlkChker
writeBlkChkerLog
blkChkerLogName
chkBlk
numOfBlks
createBlkChker
closeDevice
createDevice
numOfMdaDrvCallers
manageDriver
setupDriverName
writeActivRec2
readActivRec2
adjustorBegin
clearPves
getProductName
psi
pve
dve
numOfDves
refresh
releaseDeviceView
cloneDeviceView
createDeviceView

winmm

timeGetTime
PlaySoundW

Sections

.text
Size: 9.2MB - Virtual size: 9.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 753KB - Virtual size: 753KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 50KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 496B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 507KB - Virtual size: 507KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
languages/ARJ.lng
languages/BGR.lng
languages/CHS.lng
languages/CHT.lng
languages/CSY.lng
languages/DEU.lng
languages/ELL.lng
languages/ENG.lng
languages/ESP.lng
languages/FIN.lng
languages/FRA.lng
languages/HEB.lng
languages/HRV.lng
languages/HUN.lng
languages/ITA.lng
languages/JPN.lng
.ps1
languages/KOR.lng
languages/NLD.lng
languages/NOR.lng
languages/PLK.lng
languages/PTG.lng
languages/ROM.lng
languages/RUS.lng
.ps1
languages/SLV.lng
languages/SVE.lng
languages/TRK.lng
languages/UKR.lng

Sharing

General

Malware Config

Signatures

Files

c7bce6d53c2b7a032ae8e88bd6efa8f2

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 756B

.data Size: 512B - Virtual size: 392B

.pdata Size: 512B - Virtual size: 300B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 60B

c50e07f3c00e76404fa0d1348a11541a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 512B - Virtual size: 352B

.data Size: 512B - Virtual size: 96B

INIT Size: 1024B - Virtual size: 944B

.reloc Size: 512B - Virtual size: 388B

c7bce6d53c2b7a032ae8e88bd6efa8f2

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 756B

.data Size: 512B - Virtual size: 392B

.pdata Size: 512B - Virtual size: 300B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 60B

c50e07f3c00e76404fa0d1348a11541a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 512B - Virtual size: 353B

.data Size: 512B - Virtual size: 96B

INIT Size: 1024B - Virtual size: 944B

.reloc Size: 512B - Virtual size: 388B

c6c3757641cc088e31875efbec074068

Code Sign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1bCertificate

Extended Key Usages

Key Usages

5e:a4:dc:11:45:80:2f:ec:91:84:a6:94:26:47:ba:3bCertificate

Extended Key Usages

Key Usages

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79Certificate

Extended Key Usages

Key Usages

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39Certificate

Extended Key Usages

Key Usages

19:c2:85:30:e9:3b:36Certificate

Key Usages

01Certificate

Key Usages

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1bCertificate

Extended Key Usages

Key Usages

22:1d:12:bf:d7:45:75:71:13:37:96:2b:82:e2:2b:52Certificate

Extended Key Usages

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 756B

.data
Size: 512B - Virtual size: 392B

.pdata
Size: 512B - Virtual size: 300B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 60B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 512B - Virtual size: 352B

.data
Size: 512B - Virtual size: 96B

INIT
Size: 1024B - Virtual size: 944B

.reloc
Size: 512B - Virtual size: 388B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 756B

.data
Size: 512B - Virtual size: 392B

.pdata
Size: 512B - Virtual size: 300B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 60B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 512B - Virtual size: 353B

.data
Size: 512B - Virtual size: 96B

INIT
Size: 1024B - Virtual size: 944B

.reloc
Size: 512B - Virtual size: 388B

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

5e:a4:dc:11:45:80:2f:ec:91:84:a6:94:26:47:ba:3b
Certificate

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39
Certificate

19:c2:85:30:e9:3b:36
Certificate

01
Certificate

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

22:1d:12:bf:d7:45:75:71:13:37:96:2b:82:e2:2b:52
Certificate

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39
Certificate

19:c2:85:30:e9:3b:36
Certificate

01
Certificate

2c:9f:c3:85:e6:31:b3:80:e2:cd:15:c1:88:d4:fd:19:31:c8:d7:7a:47:cc:92:1e:2b:a2:fb:ca:c8:80:ff:93
Signer

f1:32:8e:f7:f4:68:ae:54:18:37:51:6a:a4:77:11:bb:93:60:7f:e8
Signer

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 720B

.data
Size: 512B - Virtual size: 392B

.pdata
Size: 512B - Virtual size: 288B

INIT
Size: 1024B - Virtual size: 960B

.reloc
Size: 512B - Virtual size: 60B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 512B - Virtual size: 354B

.data
Size: 512B - Virtual size: 96B

INIT
Size: 1024B - Virtual size: 846B

.reloc
Size: 512B - Virtual size: 364B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 384B - Virtual size: 353B

.data
Size: 128B - Virtual size: 96B

INIT
Size: 896B - Virtual size: 846B

.reloc
Size: 384B - Virtual size: 334B

01
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

6f:d3:58:f0:5e:31:d8:d4:e3:43:80:28:5c:46:4c:40
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate