e:\work\dangerzone\flashdriverwin32\Release\i386\amifldrv32.pdb
Static task
static1
1 signatures
General
-
Target
Lucidicity Perm Unban.rar
-
Size
8.6MB
-
MD5
cdc0c2f8f87ba7d22d41003c678dab4c
-
SHA1
cf38077c3b728af905dedcdbbc62f783f6f582f7
-
SHA256
bed1471cef20e9e5894f91fffc715a4ded6685fdd4bd1e30179c009fea87d518
-
SHA512
514cec16cff1e1af81991f00d6ff74425b2f6fa54ad9d9beca5148331995177352204a6884a01ad47a68592405ee27b2a29f247a833de54110decdd700b0e00b
-
SSDEEP
196608:u0o6R3d4lWBK9Bnbkv3QlIy161MLlPEcgbRl4mtqaWMunuOxLy:u0B6WI/nE3Nyc/jb6RMi7xG
Score
3/10
Malware Config
Signatures
-
Unsigned PE 12 IoCs
Checks for missing Authenticode signature.
resource unpack001/Lucidicity Perm Unban/Alternate/AFUWIN.EXE unpack001/Lucidicity Perm Unban/Alternate/AFUWINx64.EXE unpack001/Lucidicity Perm Unban/Alternate/AMIDEWIN.exe unpack001/Lucidicity Perm Unban/Alternate/AMIDEWINx64.EXE unpack001/Lucidicity Perm Unban/Alternate/AMIFLDRV32.SYS unpack001/Lucidicity Perm Unban/Alternate/Ucoredll.dll unpack001/Lucidicity Perm Unban/Alternate/wflash2.exe unpack001/Lucidicity Perm Unban/Alternate/wflash2x64.exe unpack001/Lucidicity Perm Unban/GRINX64v2/AMIDEWIN.EXE unpack001/Lucidicity Perm Unban/GRINX64v2/AMIDEWINx64.EXE unpack001/Lucidicity Perm Unban/GRINX64v2/DMIEDIT.EXE unpack001/Lucidicity Perm Unban/GRINX64v2/UCOREDLL.DLL
Files
-
Lucidicity Perm Unban.rar.rar
-
Cache Cleaner/Cache Cleaner.bat
-
Instructions.txt
-
Lucidicity Perm Unban/Alternate/AFUWIN.EXE.exe windows:5 windows x86 arch:x86
934f17ab3f92cf88be0e65d7cec254df
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
user32
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
RegisterClassExA
ExitWindowsEx
BlockInput
SystemParametersInfoA
wsprintfA
MessageBoxA
kernel32
SetConsoleCtrlHandler
FreeLibrary
GetCurrentProcess
GetProcAddress
LoadLibraryA
GetVersionExA
DeleteFileA
GetCurrentDirectoryA
GetModuleFileNameA
GetModuleHandleA
CreateFileA
CreateMutexA
DeviceIoControl
GetWindowsDirectoryA
GetSystemDirectoryA
GetFullPathNameA
CreateThread
LocalFree
CreateNamedPipeA
WriteFile
ReadFile
SetFirmwareEnvironmentVariableA
GetFirmwareEnvironmentVariableA
GetLastError
SetThreadExecutionState
Sleep
SetEndOfFile
GetProcessHeap
ReadConsoleInputA
SetConsoleMode
CloseHandle
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
HeapFree
WideCharToMultiByte
HeapAlloc
RtlUnwind
GetModuleHandleW
ExitProcess
GetCommandLineA
RaiseException
HeapReAlloc
MultiByteToWideChar
GetFileAttributesA
WriteConsoleW
GetFileType
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapSize
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DeleteCriticalSection
SetHandleCount
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetFilePointer
HeapCreate
VirtualFree
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteConsoleA
GetConsoleOutputCP
SetStdHandle
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
advapi32
RegSetValueExA
RegCreateKeyA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
OpenSCManagerA
DeleteService
ControlService
OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
RegQueryValueExA
shell32
ShellExecuteA
Sections
.text Size: 421KB - Virtual size: 420KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 57KB - Virtual size: 57KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 73KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Lucidicity Perm Unban/Alternate/AFUWINx64.EXE.exe windows:5 windows x64 arch:x64
64ec05f37b9ac515da59abb185da43ba
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
user32
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
RegisterClassExA
ExitWindowsEx
BlockInput
SystemParametersInfoA
wsprintfA
MessageBoxA
kernel32
SetConsoleCtrlHandler
FreeLibrary
GetCurrentProcess
GetProcAddress
LoadLibraryA
GetVersionExA
DeleteFileA
GetCurrentDirectoryA
GetModuleFileNameA
GetModuleHandleA
CreateFileA
CreateMutexA
DeviceIoControl
GetWindowsDirectoryA
GetSystemDirectoryA
GetFullPathNameA
CreateThread
LocalFree
CreateNamedPipeA
WriteFile
ReadFile
SetFirmwareEnvironmentVariableA
GetFirmwareEnvironmentVariableA
GetLastError
SetThreadExecutionState
Sleep
SetEndOfFile
GetProcessHeap
ReadConsoleInputA
SetConsoleMode
CloseHandle
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
HeapFree
WideCharToMultiByte
HeapAlloc
RtlLookupFunctionEntry
RtlUnwindEx
GetModuleHandleW
ExitProcess
GetCommandLineA
RaiseException
RtlPcToFileHeader
MultiByteToWideChar
GetFileAttributesA
HeapReAlloc
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
HeapSize
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DeleteCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
SetFilePointer
HeapSetInformation
HeapCreate
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
advapi32
RegSetValueExA
RegCreateKeyA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
OpenSCManagerA
DeleteService
ControlService
OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
RegQueryValueExA
shell32
ShellExecuteA
Sections
.text Size: 471KB - Virtual size: 471KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 80KB - Virtual size: 80KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 18KB - Virtual size: 83KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 25KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Lucidicity Perm Unban/Alternate/AMIDEWIN.exe.exe windows:6 windows x86 arch:x86
b282bdad58484c02f16aa70f1bef501d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
ReadConsoleInputA
GetVersionExA
GetFullPathNameA
CloseHandle
Sleep
GetCurrentProcess
GetSystemDirectoryA
GetWindowsDirectoryA
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
GetCurrentDirectoryA
DeleteFileA
GetLastError
CreateMutexA
GetModuleFileNameA
SetThreadExecutionState
SetConsoleCtrlHandler
CreateFileA
DeviceIoControl
ReadFile
WriteFile
CreateNamedPipeA
CreateThread
LocalFree
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetTimeZoneInformation
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
HeapFree
GetCommandLineA
RtlUnwind
HeapAlloc
RaiseException
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThreadId
IsProcessorFeaturePresent
DeleteCriticalSection
FlushFileBuffers
GetConsoleCP
GetConsoleMode
IsDebuggerPresent
GetStdHandle
GetFileType
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
GetProcessHeap
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadConsoleW
SetFilePointerEx
HeapReAlloc
GetStringTypeW
CompareStringW
LCMapStringW
SetStdHandle
WriteConsoleW
OutputDebugStringW
CreateFileW
SetEnvironmentVariableA
SetEndOfFile
GetSystemFirmwareTable
SetConsoleMode
shell32
ShellExecuteA
user32
RegisterClassExA
DefWindowProcA
DispatchMessageA
TranslateMessage
CreateWindowExA
MessageBoxA
BlockInput
SystemParametersInfoA
ExitWindowsEx
wsprintfA
GetMessageA
advapi32
OpenProcessToken
LookupPrivilegeValueA
RegOpenKeyExA
CloseServiceHandle
ControlService
CreateServiceA
StartServiceA
OpenServiceA
OpenSCManagerA
DeleteService
AdjustTokenPrivileges
Sections
.text Size: 208KB - Virtual size: 207KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 92KB - Virtual size: 92KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 42KB - Virtual size: 80KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 23KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Lucidicity Perm Unban/Alternate/AMIDEWINx64.EXE.exe windows:6 windows x64 arch:x64
a411d6c4955ed012fe763a4108288ce7
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
ReadConsoleInputA
GetVersionExA
GetFullPathNameA
CloseHandle
Sleep
GetCurrentProcess
GetSystemDirectoryA
GetWindowsDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
GetCurrentDirectoryA
DeleteFileA
GetLastError
CreateMutexA
GetModuleFileNameA
GetModuleHandleA
SetThreadExecutionState
SetConsoleCtrlHandler
CreateFileA
DeviceIoControl
ReadFile
WriteFile
CreateNamedPipeA
CreateThread
LocalFree
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetTimeZoneInformation
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
HeapFree
GetCommandLineA
RtlLookupFunctionEntry
RtlUnwindEx
HeapAlloc
RtlPcToFileHeader
RaiseException
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThreadId
DeleteCriticalSection
FlushFileBuffers
GetConsoleCP
GetConsoleMode
IsDebuggerPresent
IsProcessorFeaturePresent
GetStdHandle
GetFileType
GetStartupInfoW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
GetProcessHeap
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadConsoleW
SetFilePointerEx
HeapReAlloc
GetStringTypeW
CompareStringW
LCMapStringW
SetStdHandle
WriteConsoleW
OutputDebugStringW
CreateFileW
SetEnvironmentVariableA
SetEndOfFile
GetSystemFirmwareTable
SetConsoleMode
shell32
ShellExecuteA
user32
RegisterClassExA
DefWindowProcA
DispatchMessageA
TranslateMessage
CreateWindowExA
MessageBoxA
BlockInput
SystemParametersInfoA
ExitWindowsEx
wsprintfA
GetMessageA
advapi32
OpenProcessToken
LookupPrivilegeValueA
RegOpenKeyExA
CloseServiceHandle
ControlService
CreateServiceA
StartServiceA
OpenServiceA
OpenSCManagerA
DeleteService
AdjustTokenPrivileges
Sections
.text Size: 242KB - Virtual size: 241KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 110KB - Virtual size: 110KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 78KB - Virtual size: 120KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Lucidicity Perm Unban/Alternate/AMIFLDRV32.SYS.sys windows:6 windows x86 arch:x86
50f0715b008e893d7f4c99e7145a6ebf
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ObReferenceObjectByHandle
ZwOpenSection
RtlInitUnicodeString
ZwUnmapViewOfSection
MmFreeContiguousMemory
IoFreeMdl
MmMapLockedPagesSpecifyCache
PsGetVersion
MmBuildMdlForNonPagedPool
IoAllocateMdl
MmGetPhysicalAddress
ZwMapViewOfSection
MmUnmapLockedPages
DbgPrint
IoDeleteDevice
IoDeleteSymbolicLink
memmove
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
memset
KeTickCount
ZwClose
WRITE_REGISTER_ULONG
WRITE_REGISTER_USHORT
WRITE_REGISTER_UCHAR
READ_REGISTER_ULONG
READ_REGISTER_USHORT
READ_REGISTER_UCHAR
MmUnmapIoSpace
MmAllocateContiguousMemory
MmMapIoSpace
hal
KfLowerIrql
WRITE_PORT_ULONG
WRITE_PORT_USHORT
WRITE_PORT_UCHAR
READ_PORT_ULONG
READ_PORT_USHORT
READ_PORT_UCHAR
HalTranslateBusAddress
KfRaiseIrql
Sections
.text Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 292B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 120B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 458B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Lucidicity Perm Unban/Alternate/AMIFLDRV64.SYS.sys windows:6 windows x64 arch:x64
b05ee5c816a30bc52378c759486af0b9
Code Sign
61:20:4d:b4:00:00:00:00:00:27Certificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before15-04-2011 19:45Not After15-04-2021 19:55SubjectCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:55:cd:b4:e7:e8:ee:b9:dd:5d:89:fc:1d:75:88:caCertificate
IssuerCN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30-08-2017 00:00Not After24-09-2020 12:00SubjectSERIALNUMBER=J912954,CN=American Megatrends\, Inc.,O=American Megatrends\, Inc.,L=Norcross,ST=Georgia,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130747656f72676961,1.3.6.1.4.1.311.60.2.1.3=#13025553Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate
IssuerCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22-10-2014 00:00Not After22-10-2024 00:00SubjectCN=DigiCert Timestamp Responder,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before18-04-2012 12:00Not After18-04-2027 12:00SubjectCN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before10-11-2006 00:00Not After10-11-2021 00:00SubjectCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:85:7f:83:dc:2a:6c:a9:79:b8:00:00:00:00:00:85Certificate
IssuerCN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before05-06-2019 18:06Not After03-06-2020 18:06SubjectCN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0b:aa:c1:00:00:00:00:00:09Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before18-04-2012 23:48Not After18-04-2027 23:58SubjectCN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
d0:52:29:92:52:f0:f0:bd:70:b5:e7:c4:6b:9c:a7:1a:99:a0:52:b4:7f:69:35:82:be:cb:6f:0d:56:7e:82:45Signer
Actual PE Digestd0:52:29:92:52:f0:f0:bd:70:b5:e7:c4:6b:9c:a7:1a:99:a0:52:b4:7f:69:35:82:be:cb:6f:0d:56:7e:82:45Digest Algorithmsha256PE Digest Matchestrue44:4c:e1:60:87:68:88:4d:1e:97:42:f8:0c:cf:4f:53:e0:aa:70:9dSigner
Actual PE Digest44:4c:e1:60:87:68:88:4d:1e:97:42:f8:0c:cf:4f:53:e0:aa:70:9dDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
e:\work\dangerzone\flashdriverwin64\Release\amd64\amifldrv64.pdb
Imports
ntoskrnl.exe
ZwMapViewOfSection
RtlInitUnicodeString
ZwUnmapViewOfSection
ZwClose
ObReferenceObjectByHandle
ZwOpenSection
MmUnmapLockedPages
MmFreeContiguousMemory
MmBuildMdlForNonPagedPool
IoFreeMdl
MmGetPhysicalAddress
MmMapIoSpace
PsGetVersion
IoAllocateMdl
MmAllocateContiguousMemory
DbgPrint
IoDeleteSymbolicLink
IoDeleteDevice
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
KeBugCheckEx
MmMapLockedPagesSpecifyCache
MmUnmapIoSpace
hal
HalTranslateBusAddress
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 620B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 394B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 264B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 1024B - Virtual size: 954B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
Lucidicity Perm Unban/Alternate/Flash.cmd
-
Lucidicity Perm Unban/Alternate/Flash64.cmd
-
Lucidicity Perm Unban/Alternate/Flashx64.cmd
-
Lucidicity Perm Unban/Alternate/IMAGEO2V.rom
-
Lucidicity Perm Unban/Alternate/LeCrud.sys.sys windows:6 windows x86 arch:x86
5e86a8bfdb59df4f1abb84e801cafc85
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21-12-2012 00:00Not After30-12-2020 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18-10-2012 00:00Not After29-12-2020 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before08-11-2006 00:00Not After07-11-2021 23:59SubjectCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
61:0c:12:06:00:00:00:00:00:1bCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23-05-2006 17:01Not After23-05-2016 17:11SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
51:b8:04:3b:2d:ed:31:42:a7:c3:8f:95:bc:d7:65:f0Certificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before03-03-2014 00:00Not After02-03-2017 23:59SubjectCN=LENOVO,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LENOVO,L=Morrisville,ST=North Carolina,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08-02-2010 00:00Not After07-02-2020 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
6d:5e:60:59:be:aa:82:f9:d1:ee:78:99:34:2a:cc:f2:69:2d:84:afSigner
Actual PE Digest6d:5e:60:59:be:aa:82:f9:d1:ee:78:99:34:2a:cc:f2:69:2d:84:afDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
D:\VC\LeCrud\bin\i386\LeCrud.pdb
Imports
ntoskrnl.exe
RtlInitUnicodeString
MmUnmapIoSpace
MmMapIoSpace
memcpy
IoFreeMdl
MmUnlockPages
ExFreePoolWithTag
ExAllocatePoolWithTag
MmFreeContiguousMemory
MmProbeAndLockPages
IoDeleteSymbolicLink
IoAllocateMdl
MmGetPhysicalAddress
MmAllocateContiguousMemory
strncmp
memset
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
MmBuildMdlForNonPagedPool
IoDeleteDevice
RtlUnwind
hal
KeGetCurrentIrql
Sections
.text Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 336B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 332B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Lucidicity Perm Unban/Alternate/LeCrud64.sys.sys windows:6 windows x64 arch:x64
db4408247c447c666c12863d8fa61ff5
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21-12-2012 00:00Not After30-12-2020 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18-10-2012 00:00Not After29-12-2020 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before08-11-2006 00:00Not After07-11-2021 23:59SubjectCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
61:0c:12:06:00:00:00:00:00:1bCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23-05-2006 17:01Not After23-05-2016 17:11SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
51:b8:04:3b:2d:ed:31:42:a7:c3:8f:95:bc:d7:65:f0Certificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before03-03-2014 00:00Not After02-03-2017 23:59SubjectCN=LENOVO,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LENOVO,L=Morrisville,ST=North Carolina,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08-02-2010 00:00Not After07-02-2020 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
2a:ea:0b:de:86:41:99:92:f0:18:6f:81:e2:bb:3c:94:4a:d0:63:43Signer
Actual PE Digest2a:ea:0b:de:86:41:99:92:f0:18:6f:81:e2:bb:3c:94:4a:d0:63:43Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
D:\VC\LeCrud\bin\amd64\LeCrud.pdb
Imports
ntoskrnl.exe
ExAllocatePoolWithTag
IoDeleteSymbolicLink
ExFreePoolWithTag
strncmp
RtlInitUnicodeString
IoDeleteDevice
MmFreeContiguousMemory
MmUnmapIoSpace
MmBuildMdlForNonPagedPool
IoFreeMdl
MmGetPhysicalAddress
MmMapIoSpace
IofCompleteRequest
MmProbeAndLockPages
MmUnlockPages
IoCreateSymbolicLink
IoCreateDevice
IoAllocateMdl
MmAllocateContiguousMemory
KeBugCheckEx
__C_specific_handler
Sections
.text Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 548B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 272B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 156B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Lucidicity Perm Unban/Alternate/Lic_CS.txt
-
Lucidicity Perm Unban/Alternate/Lic_US.txt
-
Lucidicity Perm Unban/Alternate/Ucoredll.dll.dll windows:4 windows x86 arch:x86
37ae7efc843fbf181678fe2949903556
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetCurrentDirectoryA
Sleep
DeviceIoControl
GetVersionExA
GetCurrentProcess
SetProcessAffinityMask
GetLastError
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetFileSize
CloseHandle
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
GetModuleHandleA
WideCharToMultiByte
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
FlushFileBuffers
SetStdHandle
LCMapStringA
LCMapStringW
RtlUnwind
CompareStringA
CompareStringW
SetEnvironmentVariableA
advapi32
StartServiceA
OpenServiceA
DeleteService
CreateServiceA
OpenSCManagerA
CloseServiceHandle
ControlService
Exports
Exports
fnUCAPI_Compress
fnUCAPI_Decompress
fnUCAPI_DeleteModuleByID
fnUCAPI_DeleteModuleByIndex
fnUCAPI_DeleteNCB
fnUCAPI_DeleteROMHole
fnUCAPI_FreeDRVBy16Bit
fnUCAPI_GETDMIDATA
fnUCAPI_GetBiosCoreVersion
fnUCAPI_GetBiosGroupInfo
fnUCAPI_GetDRVVersion
fnUCAPI_GetDllVersion
fnUCAPI_GetInitGroupInfo
fnUCAPI_GetModuleInfoByID
fnUCAPI_GetModuleInfoByIndex
fnUCAPI_GetNCBInfo
fnUCAPI_GetNumberOfModules
fnUCAPI_GetNumberOfNCBs
fnUCAPI_GetNumberOfROMHoles
fnUCAPI_GetROMHoleInfo
fnUCAPI_GetRomImageGroupInfo
fnUCAPI_InsertModule
fnUCAPI_InsertNCB
fnUCAPI_InsertROMHole
fnUCAPI_LoadDRVBy16Bit
fnUCAPI_LoadROMFile
fnUCAPI_LoadSYSDriver
fnUCAPI_LoadVxDDriver
fnUCAPI_RebuildROM
fnUCAPI_RegisterBiosGroup
fnUCAPI_RegisterInitGroup
fnUCAPI_RegisterRomImageGroup
fnUCAPI_ReplaceModule
fnUCAPI_ReplaceNCB
fnUCAPI_ReplaceROMHole
fnUCAPI_SETDMIDATA
fnUCAPI_SetCallGate32
fnUCAPI_SetSelector32
fnUCAPI_SetSelectorPhy32
fnUCAPI_UnloadROMFile
fnUCAPI_UnloadSYSDriver
fnUCAPI_UnloadVxDDriver
Sections
.text Size: 72KB - Virtual size: 71KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 223KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Lucidicity Perm Unban/Alternate/Ucoresys.sys.sys windows:4 windows x86 arch:x86
072f277c4d89044b84c482307008a355
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15-06-2007 00:00Not After14-06-2012 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04-12-2003 00:00Not After03-12-2013 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before16-07-2004 00:00Not After15-07-2014 23:59SubjectCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
61:0c:12:06:00:00:00:00:00:1bCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23-05-2006 17:01Not After23-05-2016 17:11SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
08:df:d8:0b:28:26:71:65:54:b1:fb:8c:fa:50:43:d7Certificate
IssuerCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USNot Before30-09-2006 00:00Not After16-11-2009 23:59SubjectCN=American Megatrends\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarters,O=American Megatrends\, Inc.,L=Norcross,ST=Georgia,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
58:5d:db:1d:04:c7:4b:32:3b:2e:01:b5:59:b7:19:db:74:e5:e6:daSigner
Actual PE Digest58:5d:db:1d:04:c7:4b:32:3b:2e:01:b5:59:b7:19:db:74:e5:e6:daDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
MmMapIoSpace
MmUnmapIoSpace
READ_REGISTER_UCHAR
READ_REGISTER_USHORT
READ_REGISTER_ULONG
WRITE_REGISTER_UCHAR
WRITE_REGISTER_USHORT
WRITE_REGISTER_ULONG
ZwClose
ZwMapViewOfSection
ObReferenceObjectByHandle
ZwOpenSection
MmUnmapLockedPages
ZwUnmapViewOfSection
IoDeleteDevice
IoDeleteSymbolicLink
MmAllocateNonCachedMemory
MmFreeNonCachedMemory
Ke386SetIoAccessMap
Ke386IoSetAccessProcess
IoGetCurrentProcess
memmove
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
DbgPrint
MmAllocateContiguousMemory
MmIsAddressValid
MmGetPhysicalAddress
IoAllocateMdl
MmFreeContiguousMemory
MmBuildMdlForNonPagedPool
MmMapLockedPages
RtlInitUnicodeString
IoFreeMdl
hal
KfLowerIrql
WRITE_PORT_ULONG
WRITE_PORT_USHORT
WRITE_PORT_UCHAR
READ_PORT_ULONG
READ_PORT_USHORT
READ_PORT_UCHAR
HalTranslateBusAddress
KfRaiseIrql
Sections
.text Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 32B - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 384B - Virtual size: 378B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Lucidicity Perm Unban/Alternate/Ucorew64.sys.sys windows:4 windows x64 arch:x64
0dcd262801389f839ce909cb173448e2
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15-06-2007 00:00Not After14-06-2012 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04-12-2003 00:00Not After03-12-2013 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before16-07-2004 00:00Not After15-07-2014 23:59SubjectCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
61:0c:12:06:00:00:00:00:00:1bCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23-05-2006 17:01Not After23-05-2016 17:11SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
08:df:d8:0b:28:26:71:65:54:b1:fb:8c:fa:50:43:d7Certificate
IssuerCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USNot Before30-09-2006 00:00Not After16-11-2009 23:59SubjectCN=American Megatrends\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarters,O=American Megatrends\, Inc.,L=Norcross,ST=Georgia,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
c5:51:73:b9:26:23:5b:86:78:bd:db:9b:49:a1:a8:b9:a9:2a:1a:daSigner
Actual PE Digestc5:51:73:b9:26:23:5b:86:78:bd:db:9b:49:a1:a8:b9:a9:2a:1a:daDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ntoskrnl.exe
MmMapLockedPages
MmBuildMdlForNonPagedPool
IoAllocateMdl
MmGetPhysicalAddress
MmIsAddressValid
MmAllocateContiguousMemory
DbgPrint
MmUnmapLockedPages
MmMapIoSpace
MmUnmapIoSpace
IoFreeMdl
ZwMapViewOfSection
ObReferenceObjectByHandle
ZwOpenSection
RtlInitUnicodeString
ZwUnmapViewOfSection
IoDeleteDevice
IoDeleteSymbolicLink
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
ZwClose
MmFreeContiguousMemory
hal
HalTranslateBusAddress
Sections
.text Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.pdata Size: 160B - Virtual size: 144B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 800B - Virtual size: 794B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
Lucidicity Perm Unban/Alternate/changes.txt
-
Lucidicity Perm Unban/Alternate/package.iss
-
Lucidicity Perm Unban/Alternate/readme.txt
-
Lucidicity Perm Unban/Alternate/wflash2.exe.exe windows:1 windows x86 arch:x86
3d31c9d1576f28b8fd664eebb643023d
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
Imports
user32
CharUpperA
ExitWindowsEx
MessageBoxA
advapi32
AdjustTokenPrivileges
CloseServiceHandle
ControlService
CreateServiceA
DeleteService
LookupPrivilegeValueA
OpenProcessToken
OpenSCManagerA
OpenServiceA
StartServiceA
kernel32
CloseHandle
CreateEventA
CreateFileA
CreateProcessA
DeviceIoControl
ExitProcess
FindClose
FindFirstFileA
FlushFileBuffers
FormatMessageA
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentThreadId
GetEnvironmentStringsA
GetExitCodeProcess
GetFileAttributesA
GetFileType
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetOEMCP
GetProcAddress
GetStdHandle
GetVersion
LoadLibraryA
MultiByteToWideChar
ReadConsoleInputA
ReadFile
SetConsoleCtrlHandler
SetConsoleMode
SetEnvironmentVariableA
SetEnvironmentVariableW
SetFilePointer
SetStdHandle
SetUnhandledExceptionFilter
Sleep
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteFile
Sections
AUTO Size: 67KB - Virtual size: 66KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.idata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
DGROUP Size: 10KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 5KB - Virtual size:
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Lucidicity Perm Unban/Alternate/wflash2x64.exe.exe windows:5 windows x64 arch:x64
6ad3c473b23c3c19ad9a162b9fd94c99
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
SetEndOfFile
SetEnvironmentVariableA
DeviceIoControl
Sleep
GetCurrentDirectoryA
CloseHandle
CreateFileA
GetNativeSystemInfo
GetModuleHandleA
GetProcAddress
GetCurrentProcess
GetLastError
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapAlloc
WriteConsoleW
GetFileType
GetStdHandle
DebugBreak
GetModuleFileNameW
GetModuleHandleW
ExitProcess
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
HeapReAlloc
GetCommandLineA
RtlUnwindEx
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WriteFile
WideCharToMultiByte
GetConsoleCP
FlushFileBuffers
DeleteCriticalSection
SetHandleCount
GetStartupInfoA
HeapSetInformation
HeapCreate
MultiByteToWideChar
ReadFile
GetModuleFileNameA
SetFilePointer
GetFileAttributesA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
LoadLibraryW
SetStdHandle
LoadLibraryA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteConsoleA
GetConsoleOutputCP
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
CompareStringA
CompareStringW
GetProcessHeap
user32
ExitWindowsEx
MessageBoxA
advapi32
LookupPrivilegeValueA
AdjustTokenPrivileges
DeleteService
ControlService
OpenServiceA
StartServiceA
CreateServiceA
OpenSCManagerA
CloseServiceHandle
OpenProcessToken
Sections
.text Size: 103KB - Virtual size: 102KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 18KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 436B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 962B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Lucidicity Perm Unban/GRINX64v2/AMIDEWIN.EXE.exe windows:4 windows x86 arch:x86
e4bef79f59242df9daf28c2c8193c40e
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetCurrentDirectoryA
SetFileAttributesA
GetFileAttributesA
GetSystemDirectoryA
CopyFileA
GetCurrentProcess
GetTimeZoneInformation
CreateProcessA
WaitForSingleObject
Sleep
GetVersionExA
DeviceIoControl
GetLastError
SetFilePointer
WriteFile
ReadFile
CreateFileA
SetProcessAffinityMask
CloseHandle
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
DeleteFileA
GetCommandLineA
GetVersion
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
FlushFileBuffers
GetProcAddress
GetFullPathNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
RtlUnwind
SetStdHandle
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetDriveTypeA
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
SetEndOfFile
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
SetEnvironmentVariableA
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
user32
wsprintfA
advapi32
StartServiceA
OpenServiceA
DeleteService
CreateServiceA
OpenSCManagerA
CloseServiceHandle
ControlService
Sections
.text Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 36KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 40KB - Virtual size: 45KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
Lucidicity Perm Unban/GRINX64v2/AMIDEWINx64.EXE.exe windows:6 windows x64 arch:x64
ed928bd060b03bab412d37a11b9d26a0
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
ReadConsoleInputA
SetConsoleMode
GetCommandLineA
QueryPerformanceCounter
GetCurrentProcessId
GetFullPathNameA
CloseHandle
Sleep
GetCurrentProcess
GetSystemDirectoryA
GetWindowsDirectoryA
CreateFileA
DeviceIoControl
GetModuleFileNameA
GetModuleHandleA
GetCurrentDirectoryA
DeleteFileA
GetLastError
CreateMutexA
SetThreadExecutionState
SetConsoleCtrlHandler
ReadFile
WriteFile
CreateNamedPipeA
CreateThread
LocalFree
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetTimeZoneInformation
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
HeapFree
RtlLookupFunctionEntry
RtlUnwindEx
HeapAlloc
RtlPcToFileHeader
RaiseException
GetEnvironmentStringsW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThreadId
DeleteCriticalSection
FlushFileBuffers
GetConsoleCP
GetConsoleMode
IsDebuggerPresent
IsProcessorFeaturePresent
GetStdHandle
GetFileType
GetStartupInfoW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
GetProcessHeap
ReadConsoleW
SetFilePointerEx
HeapReAlloc
GetStringTypeW
CompareStringW
LCMapStringW
SetStdHandle
WriteConsoleW
OutputDebugStringW
CreateFileW
SetEnvironmentVariableA
SetEndOfFile
GetVersionExA
LoadLibraryA
GetProcAddress
HeapSize
FreeLibrary
FreeEnvironmentStringsW
shell32
ShellExecuteA
user32
DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
RegisterClassExA
MessageBoxA
BlockInput
SystemParametersInfoA
ExitWindowsEx
CreateWindowExA
wsprintfA
advapi32
ControlService
RegOpenKeyExA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
CloseServiceHandle
CreateServiceA
DeleteService
OpenSCManagerA
OpenServiceA
StartServiceA
Sections
.text Size: 240KB - Virtual size: 239KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 114KB - Virtual size: 114KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 78KB - Virtual size: 116KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Lucidicity Perm Unban/GRINX64v2/DMI16.EXE
-
Lucidicity Perm Unban/GRINX64v2/DMIEDIT.EXE.exe windows:6 windows x64 arch:x64
9bbd972bee7030506f62236dff565e85
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
user32
LoadCursorW
LoadCursorA
MapVirtualKeyA
GetKeyNameTextA
IsDialogMessageA
SetWindowTextA
CheckDlgButton
SetDlgItemTextA
MoveWindow
GetMonitorInfoA
MonitorFromWindow
GetScrollInfo
SetScrollInfo
LoadIconA
GetTopWindow
GetClassLongPtrA
GetClassLongA
SetWindowLongPtrA
GetWindowLongPtrA
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthA
GetWindowTextA
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
SetForegroundWindow
GetForegroundWindow
TrackPopupMenu
SetWindowPlacement
GetWindowPlacement
IsChild
CreateWindowExA
GetClassInfoExA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
RegisterWindowMessageA
UnhookWindowsHookEx
DestroyCursor
EndDialog
CreateDialogIndirectParamA
DestroyWindow
CallNextHookEx
SetWindowsHookExA
ValidateRect
DispatchMessageA
TranslateMessage
GetMessageA
ClientToScreen
EndPaint
BeginPaint
GetWindowDC
ReuseDDElParam
UnpackDDElParam
WinHelpA
LoadImageA
LoadIconW
GetWindow
IntersectRect
SetRectEmpty
SetActiveWindow
InsertMenuItemA
DestroyMenu
SetMenu
GetMenu
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
GetCapture
GetActiveWindow
SetFocus
GetDlgCtrlID
LockWindowUpdate
IsIconic
IsWindowVisible
GetNextDlgGroupItem
DrawFocusRect
GetIconInfo
ShowWindow
GetClassInfoA
EnableWindow
UpdateWindow
ReleaseCapture
IsWindow
GetSysColor
SetCursorPos
SetTimer
KillTimer
DrawIcon
SetWindowRgn
IsRectEmpty
GetSystemMenu
SetParent
IsZoomed
RealChildWindowFromPoint
LoadAcceleratorsW
GetDCEx
LoadMenuW
CopyImage
SendDlgItemMessageA
ShowOwnedPopups
WindowFromPoint
ScreenToClient
GetCursorPos
SetWindowPos
SetMenuItemInfoA
UnionRect
GetTabbedTextExtentW
PostThreadMessageA
CopyAcceleratorTableA
GetNextDlgTabItem
RedrawWindow
ReleaseDC
PeekMessageA
InvalidateRect
SetWindowLongA
InflateRect
GetDC
PtInRect
SendMessageA
GetClientRect
MessageBeep
GetParent
SetCapture
PostQuitMessage
GetWindowRect
SetCursor
IsMenu
CopyRect
ModifyMenuA
DestroyIcon
InsertMenuA
UnregisterClassA
GetSystemMetrics
SystemParametersInfoA
RemoveMenu
GetMenuItemCount
AppendMenuA
LoadBitmapW
GetSysColorBrush
CreatePopupMenu
GetMenuItemInfoA
GetDesktopWindow
TabbedTextOutA
GetMenuState
SetRect
DrawTextExA
DrawEdge
GrayStringA
CreateMenu
DeleteMenu
DrawIconEx
GetSubMenu
DrawTextA
GetMenuItemID
FillRect
GetWindowLongA
OffsetRect
CharUpperA
GetFocus
GetKeyState
EndDeferWindowPos
BeginDeferWindowPos
DeferWindowPos
EqualRect
GetDlgItem
GetClassNameA
OpenClipboard
PostMessageA
CloseClipboard
IsWindowEnabled
MessageBoxA
GetWindowThreadProcessId
GetLastActivePopup
GetMenuStringA
wsprintfA
RegisterClassExA
BlockInput
ExitWindowsEx
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetAsyncKeyState
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
GetMenuDefaultItem
WaitMessage
IsClipboardFormatAvailable
SetLayeredWindowAttributes
EnumDisplayMonitors
SetClipboardData
EmptyClipboard
DrawStateA
LoadImageW
DrawFrameControl
UpdateLayeredWindow
MonitorFromPoint
TrackMouseEvent
GetComboBoxInfo
GetKeyboardLayout
IsCharLowerA
MapVirtualKeyExA
RegisterClipboardFormatA
GetKeyboardState
ToAsciiEx
CreateAcceleratorTableA
DestroyAcceleratorTable
SetClassLongPtrA
GetDoubleClickTime
CopyIcon
SetMenuDefaultItem
CharUpperBuffA
FrameRect
DrawMenuBar
DefFrameProcA
DefMDIChildProcA
TranslateMDISysAccel
GetUpdateRect
SubtractRect
MapDialogRect
GetWindowRgn
BringWindowToTop
kernel32
SetThreadExecutionState
SetConsoleCtrlHandler
DeviceIoControl
CreateNamedPipeA
CreateThread
GetSystemTimeAsFileTime
GetTimeZoneInformation
ExitProcess
AreFileApisANSI
GetCommandLineA
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
GetSystemInfo
VirtualAlloc
VirtualQuery
ExitThread
IsDebuggerPresent
IsProcessorFeaturePresent
HeapQueryInformation
SetStdHandle
GetFileType
IsValidCodePage
GetConsoleCP
GetConsoleMode
GetStdHandle
GetSystemDirectoryA
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
SetConsoleMode
SetFilePointerEx
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
ReadConsoleW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
WriteConsoleW
OutputDebugStringW
CreateFileW
SetEnvironmentVariableA
ReadConsoleInputA
GetStartupInfoW
FindResourceExW
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
DecodePointer
GetModuleHandleA
DeleteCriticalSection
lstrlenA
FindResourceW
LoadResource
WideCharToMultiByte
SizeofResource
lstrcatA
LockResource
CreateMutexA
WinExec
lstrcpyA
WaitForSingleObject
CloseHandle
GetCurrentDirectoryA
FindResourceA
GetCPInfo
MultiByteToWideChar
lstrcmpiA
GetVersion
FreeResource
GlobalLock
GlobalUnlock
GetCurrentProcessId
GetModuleFileNameA
SetLastError
GlobalAlloc
GlobalSize
GlobalFree
LocalFree
MulDiv
FormatMessageA
CopyFileA
GetCurrentThread
GetCurrentThreadId
LoadLibraryExW
GlobalDeleteAtom
lstrcmpA
CompareStringA
GetModuleHandleW
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
OutputDebugStringA
GetModuleFileNameW
GetModuleHandleExW
LoadLibraryW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
GlobalAddAtomA
GlobalGetAtomNameA
SetEvent
CreateEventA
SetThreadPriority
SuspendThread
ResumeThread
EncodePointer
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetSystemDirectoryW
lstrcmpW
GlobalFindAtomA
GetDiskFreeSpaceA
GetFileAttributesA
GetFileTime
GetFullPathNameA
SetFileTime
GetTempFileNameA
ReplaceFileA
SystemTimeToFileTime
GetUserDefaultLCID
CreateFileA
DeleteFileA
FindClose
FindFirstFileA
FlushFileBuffers
GetFileSize
LockFile
ReadFile
SetEndOfFile
SetFilePointer
UnlockFile
WriteFile
DuplicateHandle
GetCurrentProcess
LoadLibraryExA
GetShortPathNameA
MoveFileA
GetVolumeInformationA
GetThreadLocale
GetStringTypeExA
SetErrorMode
FileTimeToSystemTime
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GlobalFlags
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetACP
GetOEMCP
FileTimeToLocalFileTime
GetFileAttributesExA
GetFileSizeEx
LocalFileTimeToFileTime
GetWindowsDirectoryA
VerSetConditionMask
VerifyVersionInfoA
GetTickCount
GetProfileIntA
GetTempPathA
Sleep
SearchPathA
VirtualProtect
advapi32
RegOpenKeyExA
RegQueryValueA
RegCloseKey
RegQueryValueExA
StartServiceA
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
RegSetValueA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegEnumKeyA
SetFileSecurityA
GetFileSecurityA
RegOpenKeyExW
RegEnumValueA
RegEnumKeyExA
gdi32
CreatePen
Escape
PtVisible
Ellipse
Rectangle
CreateCompatibleBitmap
GetPixel
SelectObject
DeleteObject
SetPixel
GetDeviceCaps
CreateDIBSection
DeleteDC
GetBkMode
CreateHatchBrush
PatBlt
GetTextExtentPoint32W
BitBlt
GetCurrentObject
CopyMetaFileA
CreateDCA
CreateBitmap
CreatePatternBrush
CreateRectRgn
ExcludeClipRect
GetClipBox
GetCurrentPositionEx
GetObjectType
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
RestoreDC
SaveDC
SelectClipRgn
ExtTextOutA
CreateSolidBrush
TextOutA
GetTextExtentPoint32A
CreateFontA
CreateFontIndirectA
GetObjectA
GetStockObject
CreateCompatibleDC
GetBoundsRect
FillRgn
SetPaletteEntries
ExtFloodFill
SetPixelV
PtInRegion
FrameRgn
RoundRect
CreateRoundRectRgn
OffsetRgn
GetRgnBox
EnumFontFamiliesExA
Polyline
Polygon
CreatePolygonRgn
SetDIBColorTable
StretchBlt
GetTextCharsetInfo
EnumFontFamiliesA
CreateDIBitmap
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
GetTextFaceA
GetWindowOrgEx
GetTextExtentPointA
GetTextColor
GetTextAlign
GetStretchBltMode
GetPolyFillMode
GetNearestColor
GetROP2
GetBkColor
SetRectRgn
CombineRgn
StretchDIBits
GetCharWidthA
GetTextMetricsA
LPtoDP
CreateEllipticRgn
SetAbortProc
AbortDoc
EndPage
StartPage
EndDoc
DPtoLP
GetViewportOrgEx
CreateRectRgnIndirect
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
MoveToEx
StartDocA
SetTextAlign
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SetBkColor
SelectPalette
ExtSelectClipRgn
RectVisible
msimg32
AlphaBlend
TransparentBlt
comdlg32
GetSaveFileNameA
winspool.drv
OpenPrinterA
GetJobA
ClosePrinter
DocumentPropertiesA
shell32
SHAppBarMessage
DragQueryFileA
DragFinish
SHGetFileInfoA
ExtractIconA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetDesktopFolder
ShellExecuteA
comctl32
ImageList_Draw
ImageList_GetIcon
ImageList_GetImageCount
shlwapi
PathIsUNCA
PathStripToRootA
PathRemoveFileSpecW
StrFormatKBSizeA
PathFindFileNameA
PathFindExtensionA
uxtheme
GetThemeColor
GetWindowTheme
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
DrawThemeText
OpenThemeData
CloseThemeData
GetThemePartSize
IsAppThemed
GetThemeSysColor
GetCurrentThemeName
ole32
OleGetClipboard
CoLockObjectExternal
OleLockRunning
CreateStreamOnHGlobal
CoInitializeEx
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoDisconnectObject
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
DoDragDrop
RegisterDragDrop
RevokeDragDrop
oleaut32
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VariantChangeType
VariantClear
VariantInit
SysAllocStringByteLen
SysFreeString
VariantCopy
VarBstrFromDate
LoadTypeLi
SysAllocString
SysAllocStringLen
oleacc
AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject
gdiplus
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
imm32
ImmReleaseContext
ImmGetOpenStatus
ImmGetContext
winmm
PlaySoundA
Sections
.text Size: 2.2MB - Virtual size: 2.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 775KB - Virtual size: 774KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 107KB - Virtual size: 2.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 98KB - Virtual size: 97KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 31KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 70KB - Virtual size: 69KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Lucidicity Perm Unban/GRINX64v2/UCOREDLL.DLL.dll windows:4 windows x86 arch:x86
6b893ca0388ae7a60f134fafc899b16d
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetCurrentDirectoryA
Sleep
DeviceIoControl
GetVersionExA
GetCurrentProcess
SetProcessAffinityMask
GetLastError
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetFileSize
CloseHandle
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
GetModuleHandleA
WideCharToMultiByte
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
RtlUnwind
TerminateProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
FlushFileBuffers
SetStdHandle
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
SetEnvironmentVariableA
advapi32
StartServiceA
OpenServiceA
DeleteService
CreateServiceA
OpenSCManagerA
CloseServiceHandle
ControlService
Exports
Exports
fnUCAPI_Compress
fnUCAPI_Decompress
fnUCAPI_DeleteModuleByID
fnUCAPI_DeleteModuleByIndex
fnUCAPI_DeleteNCB
fnUCAPI_DeleteROMHole
fnUCAPI_FreeDRVBy16Bit
fnUCAPI_GETDMIDATA
fnUCAPI_GetBiosCoreVersion
fnUCAPI_GetBiosGroupInfo
fnUCAPI_GetDRVVersion
fnUCAPI_GetDllVersion
fnUCAPI_GetInitGroupInfo
fnUCAPI_GetModuleInfoByID
fnUCAPI_GetModuleInfoByIndex
fnUCAPI_GetNCBInfo
fnUCAPI_GetNumberOfModules
fnUCAPI_GetNumberOfNCBs
fnUCAPI_GetNumberOfROMHoles
fnUCAPI_GetROMHoleInfo
fnUCAPI_GetRomImageGroupInfo
fnUCAPI_InsertModule
fnUCAPI_InsertNCB
fnUCAPI_InsertROMHole
fnUCAPI_LoadDRVBy16Bit
fnUCAPI_LoadROMFile
fnUCAPI_LoadSYSDriver
fnUCAPI_LoadVxDDriver
fnUCAPI_RebuildROM
fnUCAPI_RegisterBiosGroup
fnUCAPI_RegisterInitGroup
fnUCAPI_RegisterRomImageGroup
fnUCAPI_ReplaceModule
fnUCAPI_ReplaceNCB
fnUCAPI_ReplaceROMHole
fnUCAPI_SETDMIDATA
fnUCAPI_SetCallGate32
fnUCAPI_SetSelector32
fnUCAPI_SetSelectorPhy32
fnUCAPI_UnloadROMFile
fnUCAPI_UnloadSYSDriver
fnUCAPI_UnloadVxDDriver
Sections
.text Size: 76KB - Virtual size: 73KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 231KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Lucidicity Perm Unban/GRINX64v2/UCORESYS.SYS.sys windows:4 windows x86 arch:x86
072f277c4d89044b84c482307008a355
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15-06-2007 00:00Not After14-06-2012 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04-12-2003 00:00Not After03-12-2013 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before16-07-2004 00:00Not After15-07-2014 23:59SubjectCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
61:0c:12:06:00:00:00:00:00:1bCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23-05-2006 17:01Not After23-05-2016 17:11SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
08:df:d8:0b:28:26:71:65:54:b1:fb:8c:fa:50:43:d7Certificate
IssuerCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USNot Before30-09-2006 00:00Not After16-11-2009 23:59SubjectCN=American Megatrends\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarters,O=American Megatrends\, Inc.,L=Norcross,ST=Georgia,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
58:5d:db:1d:04:c7:4b:32:3b:2e:01:b5:59:b7:19:db:74:e5:e6:daSigner
Actual PE Digest58:5d:db:1d:04:c7:4b:32:3b:2e:01:b5:59:b7:19:db:74:e5:e6:daDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
MmMapIoSpace
MmUnmapIoSpace
READ_REGISTER_UCHAR
READ_REGISTER_USHORT
READ_REGISTER_ULONG
WRITE_REGISTER_UCHAR
WRITE_REGISTER_USHORT
WRITE_REGISTER_ULONG
ZwClose
ZwMapViewOfSection
ObReferenceObjectByHandle
ZwOpenSection
MmUnmapLockedPages
ZwUnmapViewOfSection
IoDeleteDevice
IoDeleteSymbolicLink
MmAllocateNonCachedMemory
MmFreeNonCachedMemory
Ke386SetIoAccessMap
Ke386IoSetAccessProcess
IoGetCurrentProcess
memmove
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
DbgPrint
MmAllocateContiguousMemory
MmIsAddressValid
MmGetPhysicalAddress
IoAllocateMdl
MmFreeContiguousMemory
MmBuildMdlForNonPagedPool
MmMapLockedPages
RtlInitUnicodeString
IoFreeMdl
hal
KfLowerIrql
WRITE_PORT_ULONG
WRITE_PORT_USHORT
WRITE_PORT_UCHAR
READ_PORT_ULONG
READ_PORT_USHORT
READ_PORT_UCHAR
HalTranslateBusAddress
KfRaiseIrql
Sections
.text Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 32B - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 384B - Virtual size: 378B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Lucidicity Perm Unban/GRINX64v2/UCOREVXD.VXD
-
Lucidicity Perm Unban/GRINX64v2/UCOREW64.SYS.sys windows:4 windows x64 arch:x64
0dcd262801389f839ce909cb173448e2
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15-06-2007 00:00Not After14-06-2012 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04-12-2003 00:00Not After03-12-2013 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before16-07-2004 00:00Not After15-07-2014 23:59SubjectCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
61:0c:12:06:00:00:00:00:00:1bCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23-05-2006 17:01Not After23-05-2016 17:11SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
08:df:d8:0b:28:26:71:65:54:b1:fb:8c:fa:50:43:d7Certificate
IssuerCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USNot Before30-09-2006 00:00Not After16-11-2009 23:59SubjectCN=American Megatrends\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarters,O=American Megatrends\, Inc.,L=Norcross,ST=Georgia,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
c5:51:73:b9:26:23:5b:86:78:bd:db:9b:49:a1:a8:b9:a9:2a:1a:daSigner
Actual PE Digestc5:51:73:b9:26:23:5b:86:78:bd:db:9b:49:a1:a8:b9:a9:2a:1a:daDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ntoskrnl.exe
MmMapLockedPages
MmBuildMdlForNonPagedPool
IoAllocateMdl
MmGetPhysicalAddress
MmIsAddressValid
MmAllocateContiguousMemory
DbgPrint
MmUnmapLockedPages
MmMapIoSpace
MmUnmapIoSpace
IoFreeMdl
ZwMapViewOfSection
ObReferenceObjectByHandle
ZwOpenSection
RtlInitUnicodeString
ZwUnmapViewOfSection
IoDeleteDevice
IoDeleteSymbolicLink
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
ZwClose
MmFreeContiguousMemory
hal
HalTranslateBusAddress
Sections
.text Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.pdata Size: 160B - Virtual size: 144B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 800B - Virtual size: 794B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
Lucidicity Perm Unban/GRINX64v2/amifldrv64.sys.sys windows:6 windows x64 arch:x64
363922cc73591e60f2af113182414230
Code Sign
61:20:4d:b4:00:00:00:00:00:27Certificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before15-04-2011 19:45Not After15-04-2021 19:55SubjectCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
09:f4:3c:81:c1:eb:27:87:6e:e1:ae:fe:aa:5a:0f:5dCertificate
IssuerCN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=USNot Before24-06-2014 00:00Not After30-08-2017 12:00SubjectSERIALNUMBER=780491,CN=American Megatrends\, Inc.,O=American Megatrends\, Inc.,POSTALCODE=30093,STREET=5555 Oakbrook Parkway Suite 200,L=Norcross,ST=Georgia,C=US,1.3.6.1.4.1.311.60.2.1.2=#130747656f72676961,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6eExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate
IssuerCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22-10-2014 00:00Not After22-10-2024 00:00SubjectCN=DigiCert Timestamp Responder,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before18-04-2012 12:00Not After18-04-2027 12:00SubjectCN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before10-11-2006 00:00Not After10-11-2021 00:00SubjectCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
6a:eb:58:7e:dc:d0:12:89:ab:c8:43:16:ae:88:95:9c:23:56:63:feSigner
Actual PE Digest6a:eb:58:7e:dc:d0:12:89:ab:c8:43:16:ae:88:95:9c:23:56:63:feDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
d:\amibios\utility\amiflashdriver\flashdriverwin64\Release\amd64\amifldrv64.pdb
Imports
ntoskrnl.exe
ZwMapViewOfSection
RtlInitUnicodeString
ZwUnmapViewOfSection
ZwClose
ObReferenceObjectByHandle
ZwOpenSection
MmUnmapLockedPages
MmMapLockedPages
MmFreeContiguousMemory
MmBuildMdlForNonPagedPool
IoFreeMdl
MmGetPhysicalAddress
MmMapIoSpace
PsGetVersion
MmIsAddressValid
IoAllocateMdl
MmAllocateContiguousMemory
DbgPrint
IoDeleteSymbolicLink
IoDeleteDevice
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
KeBugCheckEx
MmMapLockedPagesSpecifyCache
MmUnmapIoSpace
hal
HalTranslateBusAddress
Sections
.text Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 572B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 272B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 192B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 1024B - Virtual size: 1010B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
Lucidicity Perm Unban/Serials.bat
-
Lucidicity Perm Unban/Volumeid/Volumeid.exe.exe windows:5 windows x86 arch:x86
196b8047c609ccadce7fd294c9a3e6a2
Code Sign
33:00:00:00:99:aa:c5:81:9f:8c:a2:7d:8a:00:00:00:00:00:99Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before30-03-2016 19:21Not After30-06-2017 19:21SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:98FD-C61E-E641,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04-06-2015 17:42Not After04-09-2016 17:42SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31-08-2010 22:19Not After31-08-2020 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03-04-2007 12:53Not After03-04-2021 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28-10-2015 20:31Not After28-01-2017 20:31SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08-07-2011 20:59Not After08-07-2026 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
31:e8:46:24:b9:5c:81:15:5d:a7:f1:1a:ab:8f:86:bc:b4:c8:0e:61:43:9d:61:34:48:d8:23:fc:f3:c1:26:44Signer
Actual PE Digest31:e8:46:24:b9:5c:81:15:5d:a7:f1:1a:ab:8f:86:bc:b4:c8:0e:61:43:9d:61:34:48:d8:23:fc:f3:c1:26:44Digest Algorithmsha256PE Digest Matchestrue0b:59:24:99:54:12:f4:c9:d5:03:9a:1b:01:0c:88:29:cd:1c:f0:10Signer
Actual PE Digest0b:59:24:99:54:12:f4:c9:d5:03:9a:1b:01:0c:88:29:cd:1c:f0:10Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\Builds\13810\Tools\Volumeid_master\bin\Win32\Release\volumeid.pdb
Imports
kernel32
FormatMessageA
GetDriveTypeA
CreateFileA
GetVolumeInformationA
GetVersionExA
LCMapStringW
CloseHandle
GetTimeFormatW
GetDateFormatW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetStringTypeW
OutputDebugStringW
SetFilePointer
DeviceIoControl
ReadFile
WriteFile
GetLastError
GetCommandLineW
GetVersion
LoadLibraryA
GetModuleHandleA
GetStdHandle
LocalFree
LocalAlloc
GetProcAddress
GetModuleFileNameW
GetModuleFileNameA
CompareStringW
GetFileType
ReadConsoleW
RtlUnwind
WriteConsoleW
SetFilePointerEx
HeapReAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
EnterCriticalSection
LeaveCriticalSection
SetStdHandle
HeapAlloc
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
HeapFree
GetConsoleMode
GetNumberOfConsoleInputEvents
PeekConsoleInputA
ReadConsoleInputA
SetConsoleMode
GetCommandLineA
DeleteCriticalSection
FatalAppExitA
FlushFileBuffers
GetConsoleCP
IsDebuggerPresent
IsProcessorFeaturePresent
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
GetModuleHandleW
CreateSemaphoreW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCurrentThread
GetCurrentThreadId
GetProcessHeap
SetConsoleCtrlHandler
FreeLibrary
LoadLibraryExW
CreateFileW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
user32
SendMessageA
DialogBoxIndirectParamA
EndDialog
GetDlgItem
SetWindowTextA
SetCursor
LoadCursorA
InflateRect
GetSysColorBrush
gdi32
StartPage
EndDoc
StartDocA
SetMapMode
GetDeviceCaps
EndPage
comdlg32
PrintDlgA
advapi32
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyA
RegCloseKey
RegSetValueExA
version
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueA
VerQueryValueW
GetFileVersionInfoSizeA
Sections
.text Size: 147KB - Virtual size: 146KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 51KB - Virtual size: 51KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Lucidicity Perm Unban/Volumeid/Volumeid64.exe.exe windows:5 windows x64 arch:x64
735aed1002ee8ff1be0e1dee668e8b0d
Code Sign
33:00:00:00:9b:e0:74:37:cb:3d:4d:8d:2e:00:00:00:00:00:9bCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before30-03-2016 19:21Not After30-06-2017 19:21SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:728D-C45F-F9EB,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04-06-2015 17:42Not After04-09-2016 17:42SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31-08-2010 22:19Not After31-08-2020 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03-04-2007 12:53Not After03-04-2021 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28-10-2015 20:31Not After28-01-2017 20:31SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08-07-2011 20:59Not After08-07-2026 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
65:97:9c:4b:c0:56:29:3c:65:68:1d:c8:51:cc:90:6a:97:43:fe:d9:91:a6:db:5c:b9:5c:47:8e:bf:73:7b:f7Signer
Actual PE Digest65:97:9c:4b:c0:56:29:3c:65:68:1d:c8:51:cc:90:6a:97:43:fe:d9:91:a6:db:5c:b9:5c:47:8e:bf:73:7b:f7Digest Algorithmsha256PE Digest Matchestrue25:f3:81:49:d7:50:ad:69:9f:da:99:18:45:e2:bd:84:7c:66:4c:a4Signer
Actual PE Digest25:f3:81:49:d7:50:ad:69:9f:da:99:18:45:e2:bd:84:7c:66:4c:a4Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
FormatMessageA
GetDriveTypeA
CreateFileA
GetVolumeInformationA
GetVersionExA
LCMapStringW
CloseHandle
GetStringTypeW
OutputDebugStringW
SetFilePointer
DeviceIoControl
ReadFile
WriteFile
GetLastError
GetCommandLineW
GetVersion
LoadLibraryA
GetModuleHandleA
GetStdHandle
LocalFree
LocalAlloc
GetProcAddress
GetModuleFileNameW
GetModuleFileNameA
GetFileType
ReadConsoleW
WriteConsoleW
SetFilePointerEx
HeapReAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
SetStdHandle
HeapAlloc
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
GetCommandLineA
DeleteCriticalSection
FlushFileBuffers
GetConsoleCP
RtlUnwindEx
IsDebuggerPresent
IsProcessorFeaturePresent
GetStartupInfoW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCurrentThreadId
GetProcessHeap
LoadLibraryExW
CreateFileW
QueryPerformanceCounter
GetCurrentProcessId
HeapSize
user32
SendMessageA
DialogBoxIndirectParamA
EndDialog
GetDlgItem
SetWindowTextA
SetCursor
LoadCursorA
InflateRect
GetSysColorBrush
gdi32
StartPage
EndDoc
StartDocA
SetMapMode
GetDeviceCaps
EndPage
comdlg32
PrintDlgA
advapi32
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyA
RegCloseKey
RegSetValueExA
version
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueA
VerQueryValueW
GetFileVersionInfoSizeA
Sections
.text Size: 79KB - Virtual size: 79KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 56KB - Virtual size: 55KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ