0d45fd4ca2861fc72a0bffccfb6f22c7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0d45fd4ca2861fc72a0bffccfb6f22c7_JaffaCakes118
Size

1.6MB
MD5

0d45fd4ca2861fc72a0bffccfb6f22c7
SHA1

020240afd1056a0bf663e6f7a78d100915083783
SHA256

7b60163b7337b225feec65d7196383f340e7b94b829edc7e3a0818b5d3fab2a2
SHA512

2c984be5a0efe0e3b7e12aa6da8e251323bf7d0cbfdf42b2c24c67ccfe99218ff32e2f63b07bc8ab91834de732744ac2361d43ff6b8e8387a5336d1a5a520121
SSDEEP

49152:UzW+3XBMYgq0Lz1xhSo2u2bSqYwjIWFStEBPjDS2ZbI:CXrgq0Nmor8OtEBPj7bI

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/Sandboxie 沙盘 V3.45.20 Beta 绿色免费版/keygen.exe	aspack_v212_v242

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/LangDLL.dll
unpack002/$PLUGINSDIR/System.dll
unpack003/$PLUGINSDIR/InstallOptions.dll
unpack003/$PLUGINSDIR/LangDLL.dll
unpack003/$PLUGINSDIR/System.dll
unpack001/Sandboxie 沙盘 V3.45.20 Beta 绿色免费版/keygen.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
static1/unpack001/Sandboxie 沙盘 V3.45.20 Beta 绿色免费版/SandboxieInstall32-345-20.exe	nsis_installer_1
static1/unpack001/Sandboxie 沙盘 V3.45.20 Beta 绿色免费版/SandboxieInstall32-345-20.exe	nsis_installer_2
static1/unpack001/Sandboxie 沙盘 V3.45.20 Beta 绿色免费版/SandboxieInstall64-345-20.exe	nsis_installer_1
static1/unpack001/Sandboxie 沙盘 V3.45.20 Beta 绿色免费版/SandboxieInstall64-345-20.exe	nsis_installer_2

Files

0d45fd4ca2861fc72a0bffccfb6f22c7_JaffaCakes118
.rar
Sandboxie 沙盘 V3.45.20 Beta 绿色免费版/SandboxieInstall32-345-20.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8b:80:bc:2d:98:2d:84:50:91:dd:6c:0f:33:dd:66:14:e2:30:aa:8f
Signer

Actual PE Digest

8b:80:bc:2d:98:2d:84:50:91:dd:6c:0f:33:dd:66:14:e2:30:aa:8f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallType.ini
$PLUGINSDIR/KmdUtil.exe
.exe windows:5 windows x86 arch:x86

611d917a938d9ceec280707166252976

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b4:4f:9b:99:cf:a1:cf:0d:7f:c2:52:7e:bd:11:80:98:83:5f:41:d2
Signer

Actual PE Digest

b4:4f:9b:99:cf:a1:cf:0d:7f:c2:52:7e:bd:11:80:98:83:5f:41:d2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\install\kmdutil\obj\i386\KmdUtil.pdb

Imports

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_controlfp
exit
_XcptFilter
_exit
_c_exit
wcscat
_wtoi
_wcsicmp
_wcsnicmp
_acmdln
swprintf
wcscpy
wcsrchr
_cexit
wcslen

advapi32

OpenProcessToken
AdjustTokenPrivileges
OpenSCManagerW
ControlService
StartServiceW
RegCreateKeyExW
RegSetValueExW
CreateServiceW
RegCloseKey
RegDeleteKeyW
OpenServiceW
DeleteService
RegOpenKeyExW
LookupPrivilegeValueW

kernel32

GetProcessHeap
HeapAlloc
OpenProcess
ProcessIdToSessionId
HeapFree
GetCurrentProcessId
CloseHandle
Sleep
GetCommandLineW
GetLastError
GetModuleFileNameW
ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
SetLastError
LocalAlloc
FormatMessageW
GetCurrentProcess
LoadLibraryW

user32

MessageBoxW

ntdll

NtClose
RtlInitUnicodeString
NtOpenFile
NtDeviceIoControlFile
NtUnloadDriver

shell32

CommandLineToArgvW

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameW

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

9b6b6a7858e17fb0b17e1c1428330343

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GetACP
lstrlenA
lstrcmpA
lstrcpynA
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc

user32

SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SbieMsg.dll
.dll windows:5 windows x86 arch:x86

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

00:ab:06:55:dc:bc:9a:c9:1c:e7:8d:d1:b7:78:a1:d6:8b:22:ed:98
Signer

Actual PE Digest

00:ab:06:55:dc:bc:9a:c9:1c:e7:8d:d1:b7:78:a1:d6:8b:22:ed:98

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\work\sbie\msgs\obj\i386\SbieMsg.pdb

Sections

.text
Size: 512B - Virtual size: 147B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Warning.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
LICENSE.TXT
SandboxieBITS.exe
.exe windows:5 windows x86 arch:x86

d5aca88000591a100988d6b5b1add336

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a6:bf:2c:4b:85:2b:fb:68:7d:5b:cc:c3:91:1e:b4:64:8a:6f:77:2a
Signer

Actual PE Digest

a6:bf:2c:4b:85:2b:fb:68:7d:5b:cc:c3:91:1e:b4:64:8a:6f:77:2a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\com\bits\obj\i386\SandboxieBITS.pdb

Imports

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
_except_handler3
_acmdln
exit
_cexit
_XcptFilter
_controlfp
swprintf
__getmainargs
_exit
_c_exit
wcscpy
wcscat

advapi32

OpenProcessToken
LogonUserW
DuplicateTokenEx
SetThreadToken
StartServiceCtrlDispatcherW

kernel32

GetTickCount
QueryPerformanceCounter
GetCurrentProcess
GetCurrentThreadId
GetProcAddress
CreateThread
GetCurrentProcessId
GetSystemTimeAsFileTime
CloseHandle
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
HeapAlloc
GetProcessHeap
SetEvent
CreateEventW
OpenEventW
GetModuleHandleW
LoadLibraryW
Sleep

user32

wsprintfW
MessageBoxW

ole32

CoImpersonateClient

wtsapi32

WTSQueryUserToken

sbiedll

SbieApi_Log
_SbieDll_Hook@12

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SandboxieCrypto.exe
.exe windows:5 windows x86 arch:x86

05272c5449d5eb0a91ab10bf9ea175d9

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ec:32:7f:98:d1:26:d9:02:ae:94:ca:16:0e:30:20:f6:fc:7a:85:be
Signer

Actual PE Digest

ec:32:7f:98:d1:26:d9:02:ae:94:ca:16:0e:30:20:f6:fc:7a:85:be

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\com\crypto\obj\i386\SandboxieCrypto.pdb

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
__setusermatherr
_exit
_c_exit
wcscpy
wcscat
swprintf

advapi32

StartServiceCtrlDispatcherW
AccessCheckByType
SetThreadToken
DuplicateToken
OpenProcessToken
GetTokenInformation

kernel32

GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
TlsAlloc
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
CloseHandle
SetUnhandledExceptionFilter
GetStartupInfoA
CreateEventW
OpenEventW
Sleep
SetLastError
CreateThread
GetProcAddress
DuplicateHandle
LoadLibraryW
SetEvent
GetLastError
HeapAlloc
GetProcessHeap
GetModuleHandleW

user32

MessageBoxW
wsprintfW

sbiedll

SbieApi_Log
_SbieDll_Hook@12

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SandboxieDcomLaunch.exe
.exe windows:5 windows x86 arch:x86

d6b96f8a15114c1f38edc9f081763301

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:cf:58:12:95:c1:b7:8a:45:9f:5c:5a:81:87:48:a2:da:b6:16:7f
Signer

Actual PE Digest

38:cf:58:12:95:c1:b7:8a:45:9f:5c:5a:81:87:48:a2:da:b6:16:7f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\com\dcomlaunch\obj\i386\SandboxieDcomLaunch.pdb

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
__setusermatherr
_wcsicmp
swprintf
wcscat
_exit
_c_exit
wcscpy
wcscmp

advapi32

DuplicateToken
SetServiceStatus
OpenServiceW
CloseServiceHandle
QueryServiceStatus
StartServiceW
ControlService
AccessCheckByType
SetThreadToken
StartServiceCtrlDispatcherW
QueryServiceStatusEx
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW

kernel32

GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SuspendThread
GetCurrentProcessId
CreateFileMappingW
TlsAlloc
TlsGetValue
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
GetStartupInfoA
OpenEventW
Sleep
SetLastError
CreateThread
GetProcAddress
GetModuleHandleW
GetCurrentThread
LoadLibraryW
GetVersionExW
CloseHandle
LocalFree
CreateEventW
GetLastError
OpenProcess
HeapAlloc
GetProcessHeap
SetEvent
TlsSetValue

user32

MessageBoxW
wsprintfW

ntdll

NtSetInformationProcess
RtlAdjustPrivilege

sbiedll

_SbieApi_EnumProcessEx@16
_SbieDll_IsBoxedService@4
_SbieDll_StartBoxedService@8
SbieApi_Log
_SbieDll_Hook@12
_SbieApi_QueryProcess@20

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SandboxieRpcSs.exe
.exe windows:5 windows x86 arch:x86

b0a7a7dd5407869426a7a8266044c280

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

45:bb:b9:9a:63:8c:e7:59:9b:e3:ba:1d:8a:02:f0:ff:0f:8c:88:4a
Signer

Actual PE Digest

45:bb:b9:9a:63:8c:e7:59:9b:e3:ba:1d:8a:02:f0:ff:0f:8c:88:4a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\com\rpcss\obj\i386\SandboxieRpcSs.pdb

Imports

msvcrt

__setusermatherr
_initterm
__getmainargs
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_wcsicmp
swprintf
wcscmp
_except_handler3
_controlfp
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
wcslen
wcscpy
wcscat

advapi32

OpenThreadToken
SetServiceStatus
OpenServiceW
CloseServiceHandle
QueryServiceStatus
StartServiceW
ControlService
RegOpenKeyExW
RegQueryValueExW
AccessCheckByType
SetThreadToken
DuplicateToken
StartServiceCtrlDispatcherW
QueryServiceStatusEx
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW

kernel32

GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetSystemTimeAsFileTime
ExitProcess
CreateFileMappingW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
Sleep
SetLastError
GetProcessHeap
CreateThread
GetProcAddress
GetModuleHandleW
TlsSetValue
TlsGetValue
TlsAlloc
WaitForSingleObject
CreateMutexW
GetCurrentProcessId
LoadLibraryW
GetVersionExW
CloseHandle
LocalFree
HeapFree
GetLastError
OpenProcess
HeapAlloc
OpenEventW
SetEvent
CreateEventW
OpenMutexW

user32

wsprintfW
MessageBoxW

ntdll

NtSetInformationProcess
RtlAdjustPrivilege

ws2_32

WSASetLastError
WSASocketW
listen
bind
WSAStartup

sbiedll

_SbieApi_QueryProcess@20
_SbieApi_EnumProcessEx@16
_SbieDll_IsBoxedService@4
_SbieDll_StartBoxedService@8
SbieApi_Log
_SbieDll_Hook@12
_SbieDll_IsOpenCOM@0
_SbieDll_KillOne@4
_SbieDll_ExpandAndRunProgram@4
_SbieApi_QueryConf@20

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SandboxieWUAU.exe
.exe windows:5 windows x86 arch:x86

888c7855976cf6ccc62ee4aa39cf254d

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c3:4e:0a:da:fd:ec:98:11:6c:3d:e7:62:9e:41:f4:af:c9:97:50:7b
Signer

Actual PE Digest

c3:4e:0a:da:fd:ec:98:11:6c:3d:e7:62:9e:41:f4:af:c9:97:50:7b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\com\wuau\obj\i386\SandboxieWUAU.pdb

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_initterm
wcschr
_wcsnicmp
wcscpy
wcscat
swprintf
_wcsicmp
wcscmp

advapi32

StartServiceCtrlDispatcherW
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW

kernel32

TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetCurrentProcess
CreateProcessW
GetModuleHandleW
GetProcAddress
CreateThread
SetLastError
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
GetLastError
OpenProcess
HeapAlloc
GetProcessHeap
SetEvent
CreateEventW
GetVersionExW
LoadLibraryW
HeapFree
CloseHandle
LocalFree
OpenEventW

user32

MessageBoxW
wsprintfW

sbiedll

_SbieApi_EnumProcessEx@16
SbieApi_Log
_SbieDll_Hook@12
_SbieApi_QueryProcess@20

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SbieCtrl.exe
.exe windows:5 windows x86 arch:x86

d05856d116744d952610b2093283d823

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c8:6c:9f:e9:cb:67:c5:1c:99:93:17:43:b9:db:93:aa:8f:1f:75:b0
Signer

Actual PE Digest

c8:6c:9f:e9:cb:67:c5:1c:99:93:17:43:b9:db:93:aa:8f:1f:75:b0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\control\obj\i386\SbieCtrl.pdb

Imports

mfc42u

ord5426
ord6193
ord5856
ord1165
ord772
ord5602
ord500
ord5977
ord1662
ord2644
ord5949
ord6563
ord5945
ord3356
ord3090
ord5947
ord3658
ord3621
ord2406
ord3566
ord1634
ord1633
ord5781
ord2858
ord2371
ord6051
ord1768
ord5286
ord3393
ord4418
ord3728
ord567
ord810
ord2966
ord5755
ord6188
ord5752
ord6182
ord4324
ord6185
ord6168
ord5869
ord5785
ord5790
ord5674
ord5732
ord5575
ord5567
ord6057
ord5860
ord3591
ord640
ord6190
ord6017
ord323
ord4266
ord4532
ord2115
ord3282
ord3291
ord6266
ord3909
ord1084
ord4688
ord3749
ord5142
ord3016
ord4847
ord6376
ord2078
ord326
ord4270
ord3737
ord818
ord2144
ord773
ord6373
ord5603
ord3614
ord4215
ord2576
ord3649
ord1637
ord1143
ord5677
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord3396
ord4616
ord3733
ord561
ord815
ord2430
ord2613
ord5568
ord2910
ord4237
ord4718
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord3345
ord5006
ord975
ord5468
ord3398
ord2874
ord2873
ord4146
ord4072
ord5278
ord2641
ord1658
ord4430
ord5248
ord4421
ord3618
ord674
ord3865
ord2455
ord1135
ord2447
ord2550
ord366
ord1105
ord4219
ord491
ord2757
ord910
ord2574
ord4396
ord3635
ord693
ord2857
ord4238
ord697
ord395
ord4181
ord6896
ord3281
ord3905
ord6688
ord686
ord3991
ord2445
ord2088
ord384
ord2092
ord5625
ord3431
ord4118
ord2855
ord3397
ord3716
ord795
ord2567
ord4390
ord3569
ord609
ord1764
ord6362
ord2405
ord2016
ord4214
ord2573
ord4395
ord3634
ord692
ord6316
ord3084
ord5639
ord2070
ord2091
ord2108
ord4282
ord4279
ord6867
ord6865
ord6238
ord1644
ord5597
ord913
ord1172
ord700
ord398
ord3434
ord2776
ord912
ord699
ord397
ord3433
ord5589
ord4192
ord909
ord3638
ord696
ord3930
ord394
ord5586
ord3430
ord4180
ord3568
ord5706
ord283
ord5871
ord4128
ord4292
ord2746
ord2836
ord2099
ord4199
ord5446
ord6390
ord5436
ord6379
ord613
ord3490
ord4078
ord1834
ord289
ord3688
ord2705
ord3995
ord6004
ord2579
ord4400
ord3389
ord3724
ord804
ord6777
ord4254
ord1900
ord1683
ord2520
ord5284
ord4433
ord2046
ord4425
ord771
ord497
ord2400
ord6868
ord2606
ord6655
ord4120
ord3470
ord3285
ord3298
ord5845
ord2876
ord6451
ord2877
ord6437
ord1258
ord2111
ord1761
ord4709
ord2629
ord1230
ord5784
ord472
ord755
ord470
ord2036
ord2440
ord1569
ord6278
ord6279
ord2634
ord926
ord860
ord6024
ord768
ord4253
ord2854
ord414
ord3979
ord713
ord3657
ord5817
ord5600
ord5855
ord5617
ord859
ord6654
ord539
ord501
ord1083
ord536
ord4273
ord941
ord715
ord415
ord1085
ord1081
ord1008
ord3312
ord6565
ord4124
ord5616
ord924
ord6211
ord3871
ord2756
ord5605
ord2769
ord2010
ord927
ord3694
ord4829
ord5283
ord4371
ord4352
ord4942
ord4970
ord4899
ord5154
ord5156
ord5155
ord823
ord5618
ord542
ord3798
ord802
ord5679
ord4272
ord2755
ord942
ord4197
ord3087
ord6195
ord535
ord540
ord2810
ord537
ord922
ord940
ord925
ord825
ord2637
ord324
ord538
ord861
ord858
ord800
ord641
ord3592
ord4419
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5276
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4992
ord4370
ord5261
ord4229
ord2859
ord3133
ord291
ord4294
ord5830

msvcrt

towupper
memcmp
_wcsicmp
_wcsnicmp
wcscmp
wcscpy
wcscat
wcstol
towlower
free
malloc
__setusermatherr
_adjust_fdiv
__p__fmode
__p__commode
__set_app_type
_except_handler3
??1type_info@@UAE@XZ
__CxxFrameHandler
memset
memcpy
wcslen
_controlfp
?terminate@@YAXXZ
_onexit
_initterm
swprintf
wcsrchr
_wtoi64
wcsncpy
exit
_wtoi
wcsncmp
wcschr
time
wcsstr
memmove
_wcslwr
atof
strchr
toupper
_purecall
__RTDynamicCast
_c_exit
_exit
_XcptFilter
_cexit
_wcmdln
__wgetmainargs
__dllonexit

advapi32

OpenSCManagerW
LsaOpenPolicy
LsaQueryInformationPolicy
LsaFreeMemory
LsaClose
EnumServicesStatusW
CloseServiceHandle
RegDeleteKeyW
GetUserNameW
CloseEventLog
ReadEventLogW
OpenEventLogW
RegCloseKey
RegEnumValueW
RegOpenKeyW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW

kernel32

GetLastError
RemoveDirectoryW
MoveFileW
CreateDirectoryW
FindClose
FindNextFileW
FindFirstFileW
ExpandEnvironmentStringsW
GetProcAddress
LoadLibraryW
CreateFileW
GetDriveTypeW
GetModuleFileNameW
DeleteFileW
CopyFileW
UnmapViewOfFile
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetTickCount
GetSystemTimeAsFileTime
OpenEventW
WaitForSingleObject
Sleep
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
LockResource
LoadResource
SizeofResource
FindResourceW
LocalAlloc
GetCurrentThreadId
LocalFree
GetFileAttributesW
HeapFree
HeapAlloc
GetProcessHeap
CloseHandle
GetFileTime
GetWindowsDirectoryW
GetCurrentProcessId
CreateThread
GetShortPathNameW
ProcessIdToSessionId
GetVersionExW
CreateMutexW
OpenMutexW
GetSystemWindowsDirectoryW
GetCommandLineW
MapViewOfFile
CreateFileMappingW
WriteFile
GetTempPathW
GetProcessTimes
OpenProcess
FreeLibrary
TerminateProcess
QueryPerformanceCounter

gdi32

GetCurrentObject
SetTextColor
GetClipBox
CreateFontIndirectW
GetObjectW
CreatePen
GetTextMetricsW
GetPixel
Rectangle
CreatePatternBrush
GetStockObject
Ellipse
BitBlt
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
PatBlt
LPtoDP
DPtoLP
GetWindowExtEx
GetViewportExtEx
GetMapMode
CreateSolidBrush
CreatePolygonRgn
CreateCompatibleDC
CreateCompatibleBitmap
SetPixel
DeleteDC
SelectObject
GetTextExtentPoint32W
DeleteObject
GetTextColor

user32

LoadBitmapW
DestroyCursor
GetWindowLongW
SendMessageW
UnhookWindowsHookEx
SetCursor
ReleaseCapture
GetParent
CallNextHookEx
PostMessageW
IsWindowVisible
PtInRect
EnumChildWindows
WindowFromPoint
CallWindowProcW
SetWindowsHookExW
SetCapture
SetWindowLongW
SetWindowPos
MoveWindow
GetDC
CreateWindowExW
SetFocus
ScreenToClient
GetDlgItem
SetWindowTextW
ShowWindow
GetDlgCtrlID
GetWindow
SendDlgItemMessageW
MessageBoxW
EnableWindow
LoadCursorW
GetWindowRect
SetWindowRgn
SetClassLongW
GetMonitorInfoW
MonitorFromWindow
GetCursorPos
GetAsyncKeyState
GetWindowThreadProcessId
GetForegroundWindow
KillTimer
SetTimer
SetLayeredWindowAttributes
RegisterClassExW
LoadIconW
DefWindowProcW
CopyRect
EnableMenuItem
GetSubMenu
BeginPaint
EndPaint
UpdateWindow
InvalidateRect
TabbedTextOutW
DrawTextW
GrayStringW
GetMessagePos
DeleteMenu
SetForegroundWindow
DispatchMessageW
TranslateMessage
GetMessageW
GetMenuItemCount
LoadMenuW
OpenClipboard
MsgWaitForMultipleObjects
PeekMessageW
SetMenuItemInfoW
GetMenuItemInfoW
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterWindowMessageW
SystemParametersInfoW
FindWindowW
CreatePopupMenu
AppendMenuW
SetMenuDefaultItem
GetMenuItemID
GetMenuStringW
InsertMenuW
ModifyMenuW
GetMenu
SetMenu
PostQuitMessage
wsprintfW
GetSystemMetrics
GetKeyState
FindWindowExW
GetClassNameW
EnumWindows
DestroyIcon
DrawStateW
GetSysColor
GetMenuItemRect
IsMenu
IsRectEmpty
GetDesktopWindow
IsWindow
GetSysColorBrush
GetIconInfo
GetClientRect
ClientToScreen
OffsetRect
GetWindowDC
SetRect
InvertRect
ReleaseDC
DestroyWindow
RegisterClipboardFormatW

ntdll

NtQueryDirectoryFile
NtCreateFile
NtClose
NtQueryDirectoryObject
NtOpenDirectoryObject
RtlInitUnicodeString
NtOpenKey

psapi

GetModuleFileNameExW

shell32

SHFileOperationW
ShellExecuteExW
DragQueryFileW
Shell_NotifyIconW
SHBrowseForFolderW
SHGetPathFromIDListW
ord165
SHGetFolderPathW
ExtractIconExW
ShellExecuteW

comctl32

ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_Draw
ImageList_GetIcon
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_Remove

comdlg32

ChooseColorW
GetOpenFileNameW

gdiplus

GdiplusStartup
GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStream

wininet

InternetOpenUrlW
InternetReadFile
InternetCloseHandle
InternetOpenW

ole32

CoCreateInstance
CreateClassMoniker
GetRunningObjectTable
CoTaskMemFree
CreateStreamOnHGlobal
CoInitialize

sbiedll

_SbieApi_GetWork@12
_SbieDll_GetStartError@0
_SbieDll_StartSbieSvc@4
_SbieApi_FreeReply@4
_SbieApi_GetVersion@4
_SbieApi_CallServer@4
_SbieDll_StartSbieDrv@4
_SbieDll_FormatMessage0@4
_SbieDll_FormatMessage1@8
_SbieApi_EnumBoxes@8
_SbieApi_MonitorControl@8
_SbieDll_KillAll@8
_SbieApi_QueryConf@20
_SbieApi_QueryBoxPath@28
_SbieDll_TranslateNtToDosPath@4
_SbieDll_GetAllUsersPath@0
_SbieDll_GetUserPath@0
_SbieDll_GetDrivePath@4
_SbieApi_EnumProcessEx@16
_SbieApi_QueryProcess@20
_SbieApi_DisableForceProcess@8
SbieApi_Log
_SbieApi_MonitorGet@8
_SbieDll_GetLanguage@4
_SbieDll_RunFromHome@16
_SbieApi_CallZero@4
_SbieDll_DeviceChange@8
_SbieDll_GetTokenElevationType@0
_SbieDll_KillOne@4
_SbieDll_FormatMessage2@12
_SbieDll_FormatMessage@8
_SbieApi_ReloadConf@4
_SbieApi_GetLicense@4
_SbieApi_SetLicense@8

Sections

.text
Size: 265KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SbieDll.dll
.dll windows:5 windows x86 arch:x86

2c65fbe5ab2cb7e6d741c086dca55aec

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:b5:46:ba:d2:e9:9f:df:14:2c:e8:d8:18:19:b9:9e:3f:1f:9b:b0
Signer

Actual PE Digest

3e:b5:46:ba:d2:e9:9f:df:14:2c:e8:d8:18:19:b9:9e:3f:1f:9b:b0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\work\sbie\core\dll\obj\i386\SbieDll.pdb

Imports

ntdll

_strnicmp
isspace
NtSetInformationProcess
RtlUnwind
NtQueryVirtualMemory
RtlConvertSidToUnicodeString
NtQueryInformationProcess
NtOpenProcess
NtOpenThread
NtDuplicateObject
NtQuerySecurityObject
NtSetSecurityObject
NtSetInformationToken
NtAdjustPrivilegesToken
NtRequestWaitReplyPort
NtRegisterThreadTerminatePort
sprintf
_vsnprintf
RtlCreateProcessParameters
LdrGetProcedureAddress
RtlFreeAnsiString
LdrLoadDll
LdrUnloadDll
NtLoadDriver
NtMapViewOfSection
NtFlushInstructionCache
LdrQueryProcessModuleInformation
NtRaiseHardError
NtProtectVirtualMemory
NtDeleteKey
NtEnumerateValueKey
NtQueryMultipleValueKey
NtNotifyChangeKey
NtNotifyChangeMultipleKeys
NtSaveKey
NtLoadKey
NtSetInformationKey
NtDeleteValueKey
NtQueryKey
NtCreatePort
NtConnectPort
NtImpersonateClientOfPort
NtCreateEvent
NtOpenEvent
NtCreateMutant
NtOpenMutant
NtCreateSemaphore
NtOpenSemaphore
NtCreateSection
NtOpenSection
NtOpenThreadToken
NtSetInformationThread
NtOpenProcessToken
NtDuplicateToken
NtQueryInformationToken
NtOpenDirectoryObject
RtlUnicodeStringToAnsiString
RtlInitString
RtlAnsiStringToUnicodeString
strncmp
strchr
NtQueryAttributesFile
NtQueryInformationFile
NtSetInformationFile
NtCreateNamedPipeFile
NtCreateMailslotFile
NtFsControlFile
RtlGetCurrentDirectory_U
RtlSetCurrentDirectory_U
NtQueryVolumeInformationFile
RtlGetFullPathName_U
NtQuerySystemInformation
NtReadFile
NtWriteFile
NtDeleteFile
RtlQueryRegistryValues
NtDeviceIoControlFile
NtCreateFile
NtQueryFullAttributesFile
NtQueryObject
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
_wtoi
NtOpenFile
NtQueryDirectoryFile
RtlCompareUnicodeString
wcsncpy
_wcslwr
RtlFreeUnicodeString
RtlCreateAcl
RtlAddAccessAllowedAceEx
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
_wcsicmp
wcsstr
wcsrchr
iswctype
NtEnumerateKey
NtOpenKey
NtClose
NtCreateKey
NtSetValueKey
towlower
wcsncmp
wcscat
wcschr
swprintf
_itow
wcscpy
wcslen
memmove
RtlInitUnicodeString
NtQueryValueKey
wcscmp
_wcsnicmp

kernel32

GetWindowsDirectoryW
HeapDestroy
GlobalSize
GetTempPathW
CreateDirectoryW
WriteFile
GlobalAlloc
SearchPathW
CreateFileA
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
ReadFile
GetVersionExW
FormatMessageW
SetLocaleInfoW
SetLocaleInfoA
OpenProcess
GetLongPathNameW
GetFileAttributesW
MapViewOfFile
OpenFileMappingW
OpenMutexW
CreateMutexW
ReleaseMutex
WinExec
CreateProcessA
GetCurrentDirectoryW
GetEnvironmentStringsW
LoadLibraryA
InterlockedExchange
GetSystemInfo
SetThreadPriority
ResumeThread
OpenEventW
HeapFree
GetProcessHeap
HeapAlloc
VirtualFree
VirtualAlloc
GetConsoleWindow
SetConsoleTitleA
SetConsoleTitleW
GetConsoleTitleA
GetConsoleTitleW
CreateEventW
CreateThread
WaitForMultipleObjects
FindResourceW
FindResourceA
LoadResource
LockResource
GetCurrentThreadId
OpenThread
GetThreadTimes
GlobalAddAtomW
WideCharToMultiByte
WaitNamedPipeW
MoveFileWithProgressW
DefineDosDeviceW
DefineDosDeviceA
TryEnterCriticalSection
CreateFileW
GetCurrentThread
QueueUserAPC
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
InitializeCriticalSection
GetTickCount
GetEnvironmentVariableW
SetEnvironmentVariableW
SetEvent
InterlockedCompareExchange
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TlsGetValue
TlsSetValue
TlsAlloc
GetCurrentProcessId
VirtualProtect
GetCurrentProcess
GetCommandLineW
Sleep
ExitProcess
GlobalLock
GlobalUnlock
GlobalFree
GetModuleFileNameW
SetCurrentDirectoryW
GetFullPathNameW
GetPrivateProfileStringW
CreateProcessW
WaitForSingleObject
CloseHandle
LocalAlloc
LocalFree
InterlockedDecrement
InterlockedIncrement
ExpandEnvironmentStringsW
RaiseException
FreeLibrary
OutputDebugStringW
GetModuleHandleW
GetProcAddress
LoadLibraryW
SetLastError
GetLastError
HeapCreate

Exports

Exports

SbieApi_CheckInternetAccess
SbieApi_DisableForceProcess
SbieApi_EnumBoxes
SbieApi_EnumProcessEx
SbieApi_GetFileName
SbieApi_GetVersion
SbieApi_Log
SbieApi_LogEx
SbieApi_QueryBoxPath
SbieApi_QueryConf
SbieApi_QueryPathList
SbieApi_QueryProcess
SbieApi_QueryProcessPath
SbieApi_ReloadConf
SbieDll_Hook
SbieDll_KillAll
SbieDll_KillOne
SbieDll_RegisterDllCallback
SbieDll_StartBoxedService
_SbieApi_CallServer@4
_SbieApi_CallZero@4
_SbieApi_CheckInternetAccess@12
_SbieApi_DisableForceProcess@8
_SbieApi_EnumBoxes@8
_SbieApi_EnumProcessEx@16
_SbieApi_FreeReply@4
_SbieApi_GetFileName@12
_SbieApi_GetLicense@4
_SbieApi_GetUnmountHive@4
_SbieApi_GetVersion@4
_SbieApi_GetWork@12
_SbieApi_HookTramp@8
_SbieApi_MonitorControl@8
_SbieApi_MonitorGet@8
_SbieApi_MonitorPut@8
_SbieApi_PortName@0
_SbieApi_QueryBoxPath@28
_SbieApi_QueryConf@20
_SbieApi_QueryPathList@12
_SbieApi_QueryProcess@20
_SbieApi_QueryProcessPath@28
_SbieApi_ReloadConf@4
_SbieApi_SetLicense@8
_SbieApi_SetLsaAuthPkg@8
_SbieApi_SetUserName@8
_SbieApi_StartProcess@8
_SbieDll_AssocQueryCommand@4
_SbieDll_AssocQueryProgram@4
_SbieDll_ComCreateProxy@16
_SbieDll_ComCreateStub@16
_SbieDll_DeviceChange@8
_SbieDll_DisableElevationHook@0
_SbieDll_ExpandAndRunProgram@4
_SbieDll_FormatMessage0@4
_SbieDll_FormatMessage1@8
_SbieDll_FormatMessage2@12
_SbieDll_FormatMessage@8
_SbieDll_GetAllUsersPath@0
_SbieDll_GetDrivePath@4
_SbieDll_GetHandlePath@12
_SbieDll_GetLanguage@4
_SbieDll_GetServiceRegistryValue@12
_SbieDll_GetSetDeviceMap@4
_SbieDll_GetStartError@0
_SbieDll_GetTokenElevationType@0
_SbieDll_GetUserPath@0
_SbieDll_Hook@12
_SbieDll_InitPStore@0
_SbieDll_InitProcess@0
_SbieDll_IsBoxedService@4
_SbieDll_IsDirectory@4
_SbieDll_IsOpenCOM@0
_SbieDll_IsOpenClsid@12
_SbieDll_KillAll@8
_SbieDll_KillOne@4
_SbieDll_RegisterDllCallback@4
_SbieDll_RunFromHome@16
_SbieDll_StartBoxedService@8
_SbieDll_StartCOM@4
_SbieDll_StartSbieDrv@4
_SbieDll_StartSbieSvc@4
_SbieDll_TranslateNtToDosPath@4

Sections

.text
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SbieDrv.sys
.sys windows:5 windows x86 arch:x86

1b2cd0bd73ea80cfcb6b3e2dbc9b8224

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:b7:e0:2d:28:be:64:5f:1d:63:8d:12:50:97:d0:6a:cb:cb:80:4f
Signer

Actual PE Digest

37:b7:e0:2d:28:be:64:5f:1d:63:8d:12:50:97:d0:6a:cb:cb:80:4f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\core\drv\obj\i386\SbieDrv.pdb

Imports

ntoskrnl.exe

ProbeForRead
ExGetPreviousMode
_except_handler3
ProbeForWrite
wcslen
ZwClose
ZwSetEvent
ZwOpenEvent
RtlInitUnicodeString
wcsncpy
ExRaiseStatus
IoCreateDevice
IoDeleteDevice
wcsncmp
wcscpy
RtlFreeUnicodeString
memmove
RtlCompareUnicodeString
wcschr
wcscat
_wcsicmp
_wcsnicmp
ExAcquireResourceSharedLite
KeDelayExecutionThread
RtlQueryRegistryValues
swprintf
_itow
ExFreePoolWithTag
ExAllocatePoolWithTag
RtlUnicodeStringToInteger
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
ZwQueryInformationFile
ZwCreateFile
PsGetVersion
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlCreateAcl
ObfDereferenceObject
ObReferenceObjectByHandle
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
wcsrchr
ZwQueryValueKey
ZwOpenKey
MmGetSystemRoutineAddress
ZwWriteFile
ZwSetInformationFile
sprintf
IoFileObjectType
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
KeGetCurrentThread
PsLookupThreadByThreadId
ZwQuerySystemInformation
PsGetCurrentProcessId
ZwOpenThread
ZwAllocateVirtualMemory
KeInsertQueueDpc
KeBugCheckEx
KeSetImportanceDpc
KeInitializeDpc
KeQueryActiveProcessors
PsGetCurrentThreadId
MmUnlockPages
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
MmMapLockedPagesSpecifyCache
KeServiceDescriptorTable
ZwYieldExecution
ZwAlertThread
ZwAccessCheckAndAuditAlarm
RtlCompareMemory
wcstombs
ExInitializeResourceLite
ExDeleteResourceLite
IoCreateFile
ZwReadFile
wcsstr
_wcslwr
wcscmp
ZwCreateDirectoryObject
ZwOpenProcess
ZwCreateSymbolicLinkObject
LpcPortObjectType
KeWaitForSingleObject
ZwLoadKey
RtlTimeToTimeFields
KeQuerySystemTime
ZwSetValueKey
ZwCreateKey
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
DbgPrint
ObQueryNameString
ObOpenObjectByName
PsSetLoadImageNotifyRoutine
PsSetCreateProcessNotifyRoutine
RtlIntegerToUnicodeString
PsLookupProcessByProcessId
ZwQueryInformationProcess
strncmp
IoGetRequestorProcessId
ZwSetSecurityObject
ZwQueryInformationToken
SeQueryInformationToken
RtlAddAccessAllowedAce
ZwSetInformationProcess
IoGetCurrentProcess
ZwOpenProcessToken
IoThreadToProcess
NtDuplicateObject
SeSinglePrivilegeCheck
SeTokenIsAdmin
PsReferencePrimaryToken
_alldiv
ZwOpenThreadToken
RtlConvertSidToUnicodeString
IofCompleteRequest
ExReleaseResourceLite
KeSetTargetProcessorDpc
ExAcquireResourceExclusiveLite

hal

KfLowerIrql
KfRaiseIrql
KeGetCurrentIrql

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SbieMsg.dll
.dll windows:5 windows x86 arch:x86

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

00:ab:06:55:dc:bc:9a:c9:1c:e7:8d:d1:b7:78:a1:d6:8b:22:ed:98
Signer

Actual PE Digest

00:ab:06:55:dc:bc:9a:c9:1c:e7:8d:d1:b7:78:a1:d6:8b:22:ed:98

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\work\sbie\msgs\obj\i386\SbieMsg.pdb

Sections

.text
Size: 512B - Virtual size: 147B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SbieSvc.exe
.exe windows:5 windows x86 arch:x86

72ce370733797cff9ec038b43452fc8e

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:99:18:c4:ec:8e:4d:39:ce:f6:7d:35:82:d1:38:37:b1:ae:c7:7b
Signer

Actual PE Digest

21:99:18:c4:ec:8e:4d:39:ce:f6:7d:35:82:d1:38:37:b1:ae:c7:7b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\core\svc\obj\i386\SbieSvc.pdb

Imports

msvcrt

_except_handler3
wcscmp
_wcsicmp
wcschr
_wcslwr
towlower
_wcsnicmp
wcscpy
strtol
wcstol
isspace
_strnicmp
strchr
_stricmp
memmove
sprintf
_itow
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
wcscat
wcsstr
wcslen
??3@YAXPAX@Z
wcsrchr
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
??2@YAPAXI@Z

advapi32

ReportEventW
SetThreadToken
DuplicateToken
DuplicateTokenEx
GetLengthSid
AddAccessAllowedAce
SetTokenInformation
EnumServicesStatusW
QueryServiceConfigW
QueryServiceConfig2W
QueryServiceStatusEx
CloseServiceHandle
StartServiceW
OpenThreadToken
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CheckTokenMembership
FreeSid
CreateProcessAsUserW
ConvertStringSidToSidW
LookupAccountSidW
LookupPrivilegeValueW
AdjustTokenPrivileges
RevertToSelf
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetEntriesInAclW
SetSecurityDescriptorDacl
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus
OpenSCManagerW
OpenServiceW
OpenEventLogW
ControlService

kernel32

GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleFileNameW
ReadProcessMemory
WriteProcessMemory
DeleteCriticalSection
DuplicateHandle
TryEnterCriticalSection
CreateMutexW
OpenEventW
OpenMutexW
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
CreateProcessW
MulDiv
LoadLibraryW
CancelIo
GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime
UnmapViewOfFile
HeapReAlloc
SetEndOfFile
VirtualAlloc
ExitProcess
RaiseException
VirtualFree
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
OutputDebugStringW
EnterCriticalSection
GetLastError
QueueUserWorkItem
Sleep
ProcessIdToSessionId
GetCommandLineW
CloseHandle
HeapAlloc
GetProcessHeap
GetCurrentProcess
HeapFree
SetLastError
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
HeapDestroy
HeapCreate
WaitForMultipleObjects
TerminateThread
WaitForSingleObject
SetEvent
InterlockedExchange
GetProcessTimes
OpenProcess
OpenThread
GetProcAddress
GetModuleHandleW
CreateEventW
SetThreadPriority
GetCurrentThread
InterlockedIncrement
CreateThread
GetVersionExW
LocalFree
WriteFile
SetFilePointer
CreateFileW
GetLocalTime
LocalAlloc
TerminateProcess
InitializeCriticalSection
GetTickCount
GetWindowsDirectoryW
DeleteFileW
GetFileAttributesW
CopyFileW
SetFileAttributesW

gdi32

SetBkColor
CreateFontW
TextOutW
CreateSolidBrush
GetDeviceCaps
SetTextColor
SelectObject

user32

ShowWindow
DispatchMessageW
RegisterClassW
DefWindowProcW
BeginPaint
CreateWindowExW
GetMessageW
EndPaint
wsprintfW

ntdll

RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
NtQueryFullAttributesFile
NtSetInformationFile
NtQueryDirectoryFile
NtQueryInformationFile
NtClose
NtSetInformationThread
NtDuplicateToken
NtFilterToken
NtQueryInformationToken
NtOpenProcessToken
NtOpenThreadToken
NtCompleteConnectPort
NtAcceptConnectPort
NtImpersonateClientOfPort
NtReplyWaitReceivePort
NtCreatePort
NtReadFile
NtWriteFile
NtCreateFile
NtLoadKey
NtUnloadKey
NtOpenKey
NtLoadDriver
RtlInitString
RtlInitUnicodeString

secur32

LsaDeregisterLogonProcess
LsaConnectUntrusted
LsaLookupAuthenticationPackage

setupapi

SetupDiClassNameFromGuidExW
SetupDiBuildClassInfoList
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_SizeW
CM_Get_Device_Interface_ListA
CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_List_SizeA
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_Alias_ExW
SetupDiDestroyDeviceInfoList
SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoList
SetupDiOpenDeviceInterfaceW
CM_Get_DevNode_Status
CM_Locate_DevNodeW

crypt32

CryptUnprotectData
CryptProtectData

ole32

CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoMarshalInterface
CoCopyProxy
CoSetProxyBlanket
CoQueryProxyBlanket
CreateStreamOnHGlobal
CoUnmarshalInterface
CoGetClassObject
CoTaskMemFree

sbiedll

SbieApi_Log
_SbieApi_PortName@0
_SbieApi_SetLsaAuthPkg@8
_SbieApi_CallZero@4
_SbieApi_GetVersion@4
SbieApi_LogEx
_SbieApi_GetUnmountHive@4
_SbieApi_EnumProcessEx@16
_SbieApi_SetUserName@8
_SbieDll_FormatMessage2@12
_SbieDll_GetServiceRegistryValue@12
_SbieApi_QueryProcess@20
_SbieDll_RunFromHome@16
_SbieApi_GetWork@12
_SbieApi_QueryConf@20
_SbieApi_ReloadConf@4
_SbieApi_QueryProcessPath@28
_SbieDll_FormatMessage0@4
_SbieDll_ComCreateStub@16
_SbieDll_IsOpenClsid@12
_SbieApi_CheckInternetAccess@12

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Start.exe
.exe windows:5 windows x86 arch:x86

20498ec596a006e7d5137971f090d67e

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:75:52:fa:e5:c0:0c:d9:c4:ec:3c:e7:45:76:33:ae:c1:66:f4:92
Signer

Actual PE Digest

34:75:52:fa:e5:c0:0c:d9:c4:ec:3c:e7:45:76:33:ae:c1:66:f4:92

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\start\obj\i386\Start.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW

kernel32

OpenMutexW
GetModuleHandleW
CreateProcessW
ExpandEnvironmentStringsW
GetModuleFileNameW
ExitProcess
SetEnvironmentVariableW
GetCommandLineW
GetCurrentProcessId
FindClose
FindNextFileW
FindFirstFileW
HeapFree
HeapReAlloc
HeapDestroy
HeapCreate
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
GetEnvironmentVariableW
GetFullPathNameW
GetExitCodeProcess
WaitForSingleObject
GetSystemTimeAsFileTime
RemoveDirectoryW
CreateEventW
ProcessIdToSessionId
CloseHandle
Sleep
GetStdHandle
WriteFile
SetLastError
GetProcessHeap
HeapAlloc
GetSystemWindowsDirectoryW
GetLastError
LocalFree
FormatMessageW

gdi32

SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
PatBlt
SetBkColor
SetTextColor
GetObjectW
CreateFontIndirectW

user32

DestroyWindow
TrackPopupMenu
RegisterClassW
CreatePopupMenu
ExitWindowsEx
MessageBoxW
wsprintfW
GetAsyncKeyState
SetTimer
SendMessageW
SetWindowPos
EndDialog
SetFocus
ShowWindow
SendDlgItemMessageW
KillTimer
EnableWindow
GetSysColorBrush
GetSysColor
GetDlgItem
DialogBoxParamW
LoadImageW
CreateWindowExW
GetWindowInfo
GetWindowRect
SetWindowTextW
ScreenToClient
MoveWindow
SetDlgItemTextW
GetWindowTextW
ClientToScreen
GetSystemMetrics
GetDesktopWindow
GetClientRect
DestroyIcon
DrawIconEx
GetDC
DestroyMenu
DefWindowProcW
GetMenuInfo
SetMenuInfo
GetMenuItemCount
CreateMenu
InsertMenuItemW

ntdll

wcscpy
_chkstk
NtTerminateProcess
NtTerminateThread
RtlUnwind
NtQueryInformationFile
NtSetInformationFile
NtCreateFile
RtlNtStatusToDosError
RtlInitUnicodeString
NtOpenKey
NtClose
memmove
wcscmp
wcsncmp
iswctype
_wtoi
wcschr
wcslen
memcpy
wcsncpy
strcmp
towlower
sprintf
strlen
_wcsnicmp
wcsrchr
_wcsicmp
memset
wcscat
NtQueryVirtualMemory

shlwapi

AssocQueryStringW
SHAutoComplete

shell32

SHGetFolderPathW
ShellExecuteExW
ShellExecuteW
ExtractIconExW

ole32

CoTaskMemFree
CoInitialize
CoCreateInstance

comdlg32

GetOpenFileNameW

comctl32

InitCommonControlsEx

sbiedll

_SbieApi_DisableForceProcess@8
_SbieDll_StartCOM@4
_SbieDll_FormatMessage1@8
_SbieApi_StartProcess@8
_SbieDll_GetSetDeviceMap@4
_SbieDll_InitProcess@0
_SbieApi_QueryProcess@20
_SbieDll_RunFromHome@16
_SbieApi_QueryConf@20
_SbieApi_FreeReply@4
_SbieApi_CallServer@4
_SbieDll_StartSbieSvc@4
_SbieDll_StartSbieDrv@4
_SbieApi_EnumProcessEx@16
_SbieApi_SetLicense@8
_SbieDll_FormatMessage@8
_SbieDll_FormatMessage0@4
_SbieDll_GetLanguage@4
_SbieDll_KillAll@8
_SbieApi_ReloadConf@4
_SbieDll_DisableElevationHook@0
_SbieDll_InitPStore@0
_SbieDll_GetTokenElevationType@0
_SbieApi_EnumBoxes@8
_SbieApi_QueryBoxPath@28
_SbieDll_IsDirectory@4
_SbieDll_TranslateNtToDosPath@4

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Templates.ini
Sandboxie 沙盘 V3.45.20 Beta 绿色免费版/SandboxieInstall64-345-20.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:d1:16:56:9c:45:04:aa:29:dd:70:28:a0:4c:6d:3d:0e:66:43:19
Signer

Actual PE Digest

34:d1:16:56:9c:45:04:aa:29:dd:70:28:a0:4c:6d:3d:0e:66:43:19

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallType.ini
$PLUGINSDIR/KmdUtil.exe
.exe windows:5 windows x64 arch:x64

66edf10bf0a570525aee83e6d5fe1551

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

91:6f:4f:b3:7b:58:ac:4e:9a:0f:9a:64:97:8c:cb:7f:ca:b4:58:4f
Signer

Actual PE Digest

91:6f:4f:b3:7b:58:ac:4e:9a:0f:9a:64:97:8c:cb:7f:ca:b4:58:4f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\work\sbie\install\kmdutil\obj\amd64\KmdUtil.pdb

Imports

msvcrt

_fmode
_commode
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
__set_app_type
_c_exit
_XcptFilter
__C_specific_handler
memcpy
_wtoi
_wcsicmp
wcsrchr
memset
_wcsnicmp
_exit
swprintf

advapi32

DeleteService
LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges
OpenSCManagerW
ControlService
StartServiceW
RegCreateKeyExW
RegSetValueExW
CreateServiceW
RegCloseKey
RegDeleteKeyW
OpenServiceW
RegOpenKeyExW

kernel32

QueryPerformanceCounter
ExitProcess
GetCurrentProcessId
GetProcessHeap
GetTickCount
OpenProcess
ProcessIdToSessionId
HeapFree
GetCurrentThreadId
FormatMessageW
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoA
GetCommandLineW
Sleep
CloseHandle
HeapAlloc
SetLastError
LocalAlloc
GetLastError
LoadLibraryW
GetModuleFileNameW
GetCurrentProcess

ntdll

NtClose
RtlInitUnicodeString
NtOpenFile
NtDeviceIoControlFile
NtUnloadDriver

user32

MessageBoxW

shell32

CommandLineToArgvW

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameW

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

9b6b6a7858e17fb0b17e1c1428330343

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GetACP
lstrlenA
lstrcmpA
lstrcpynA
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc

user32

SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SbieMsg.dll
.dll windows:5 windows x64 arch:x64

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

df:e5:00:f2:54:21:95:26:e8:29:9f:12:7a:de:9d:06:4d:3b:44:36
Signer

Actual PE Digest

df:e5:00:f2:54:21:95:26:e8:29:9f:12:7a:de:9d:06:4d:3b:44:36

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\work\sbie\msgs\obj\amd64\SbieMsg.pdb

Sections

.data
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Warning.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
LICENSE.TXT
SandboxieBITS.exe
.exe windows:5 windows x64 arch:x64

0e098a4c0b8eae2b53d5773fee69a910

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:12:93:99:86:83:50:47:a7:fb:33:e4:85:32:0c:1a:69:0b:88:d7
Signer

Actual PE Digest

10:12:93:99:86:83:50:47:a7:fb:33:e4:85:32:0c:1a:69:0b:88:d7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\work\sbie\apps\com\bits\obj\amd64\SandboxieBITS.pdb

Imports

msvcrt

_commode
__setusermatherr
_initterm
__getmainargs
_fmode
exit
_cexit
__set_app_type
_acmdln
_exit
_c_exit
_XcptFilter
__C_specific_handler

advapi32

LogonUserW
DuplicateTokenEx
SetThreadToken
StartServiceCtrlDispatcherW
OpenProcessToken

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
TerminateProcess
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoA
GetProcAddress
GetCurrentProcess
GetCurrentThreadId
LoadLibraryW
CloseHandle
HeapAlloc
GetProcessHeap
QueryPerformanceCounter

user32

MessageBoxW
wsprintfW

ole32

CoImpersonateClient

wtsapi32

WTSQueryUserToken

sbiedll

SbieDll_Hook

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SandboxieCrypto.exe
.exe windows:5 windows x64 arch:x64

b9bb39685dde765b2aa0300b0a877e32

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4b:1a:a4:62:4e:4c:b4:23:6e:90:0d:05:15:72:05:c4:28:43:0a:dd
Signer

Actual PE Digest

4b:1a:a4:62:4e:4c:b4:23:6e:90:0d:05:15:72:05:c4:28:43:0a:dd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\work\sbie\apps\com\crypto\obj\amd64\SandboxieCrypto.pdb

Imports

msvcrt

__set_app_type
_fmode
_commode
__setusermatherr
__getmainargs
_acmdln
exit
_cexit
_initterm
_exit
_c_exit
_XcptFilter
__C_specific_handler

advapi32

AccessCheckByType
SetThreadToken
DuplicateToken
StartServiceCtrlDispatcherW
OpenProcessToken
GetTokenInformation

kernel32

TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcess
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoA
TlsSetValue
TlsGetValue
GetLastError
TlsAlloc
DuplicateHandle
QueryPerformanceCounter
GetCurrentProcessId
LoadLibraryW
CloseHandle
GetProcAddress
HeapAlloc
GetProcessHeap
CreateEventW
SetLastError
GetTickCount

user32

MessageBoxW
wsprintfW

sbiedll

SbieDll_Hook

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SandboxieDcomLaunch.exe
.exe windows:5 windows x64 arch:x64

a6d3fae11db98543fe5f0017fe377e23

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d6:8d:30:9d:c1:70:07:23:35:c2:72:81:10:9f:58:04:c2:87:aa:0e
Signer

Actual PE Digest

d6:8d:30:9d:c1:70:07:23:35:c2:72:81:10:9f:58:04:c2:87:aa:0e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\work\sbie\apps\com\dcomlaunch\obj\amd64\SandboxieDcomLaunch.pdb

Imports

msvcrt

__set_app_type
_fmode
_commode
__setusermatherr
_initterm
_acmdln
exit
_cexit
memset
_wcsicmp
swprintf
__getmainargs
_exit
_c_exit
_XcptFilter
__C_specific_handler

advapi32

QueryServiceStatus
SetServiceStatus
OpenServiceW
CloseServiceHandle
StartServiceW
ControlService
AccessCheckByType
SetThreadToken
DuplicateToken
StartServiceCtrlDispatcherW
QueryServiceStatusEx
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW

kernel32

TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcess
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoA
TlsGetValue
TlsAlloc
CreateFileMappingW
HeapAlloc
SuspendThread
GetCurrentThread
QueryPerformanceCounter
GetCurrentProcessId
LoadLibraryW
GetVersionExW
CloseHandle
LocalFree
HeapFree
GetLastError
OpenProcess
TlsSetValue
GetProcessHeap
SetEvent
CreateEventW
OpenEventW
Sleep
SetLastError
CreateThread
GetProcAddress
GetTickCount

ntdll

RtlAdjustPrivilege
NtSetInformationProcess

user32

MessageBoxW
wsprintfW

sbiedll

SbieApi_EnumProcessEx
SbieDll_IsBoxedService
SbieDll_StartBoxedService
SbieDll_Hook
SbieApi_QueryProcess

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SandboxieRpcSs.exe
.exe windows:5 windows x64 arch:x64

46d76d3e454bd511cfb27fe6b8dba8ad

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8f:aa:16:eb:c8:f0:45:85:97:33:c6:cf:e6:2c:9a:c2:0b:8a:34:d1
Signer

Actual PE Digest

8f:aa:16:eb:c8:f0:45:85:97:33:c6:cf:e6:2c:9a:c2:0b:8a:34:d1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\work\sbie\apps\com\rpcss\obj\amd64\SandboxieRpcSs.pdb

Imports

msvcrt

swprintf
_wcsicmp
_initterm
__setusermatherr
_commode
_fmode
__set_app_type
__C_specific_handler
__getmainargs
_acmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
memset

advapi32

CloseServiceHandle
SetServiceStatus
OpenServiceW
QueryServiceStatus
StartServiceW
ControlService
RegOpenKeyExW
RegQueryValueExW
OpenThreadToken
AccessCheckByType
SetThreadToken
DuplicateToken
StartServiceCtrlDispatcherW
QueryServiceStatusEx
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoA
WaitForSingleObject
CreateMutexW
OpenMutexW
CreateFileMappingW
ExitProcess
GetCurrentProcessId
QueryPerformanceCounter
GetTickCount
Sleep
GetCurrentThreadId
GetSystemTimeAsFileTime
GetCurrentProcess
LoadLibraryW
GetVersionExW
CloseHandle
LocalFree
HeapFree
GetLastError
OpenProcess
HeapAlloc
GetProcessHeap
SetEvent
CreateEventW
OpenEventW
TlsAlloc
SetLastError
CreateThread
GetProcAddress
TlsSetValue
TlsGetValue
TerminateProcess

ntdll

NtSetInformationProcess
RtlAdjustPrivilege

user32

wsprintfW
MessageBoxW

ws2_32

WSASetLastError
listen
bind
WSAStartup
WSASocketW

sbiedll

SbieApi_QueryProcess
SbieApi_EnumProcessEx
SbieDll_IsBoxedService
SbieDll_StartBoxedService
SbieDll_Hook
SbieDll_IsOpenCOM
SbieDll_KillOne
SbieDll_ExpandAndRunProgram
SbieApi_QueryConf

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SandboxieWUAU.exe
.exe windows:5 windows x64 arch:x64

040651c9b212215a3bf9a1637492de75

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

66:f6:29:d8:9f:4b:19:02:29:74:af:f9:a4:ad:ad:cc:dd:89:a4:3d
Signer

Actual PE Digest

66:f6:29:d8:9f:4b:19:02:29:74:af:f9:a4:ad:ad:cc:dd:89:a4:3d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\work\sbie\apps\com\wuau\obj\amd64\SandboxieWUAU.pdb

Imports

msvcrt

__set_app_type
_fmode
_commode
__setusermatherr
_initterm
_acmdln
exit
_cexit
_exit
_c_exit
__getmainargs
_XcptFilter
__C_specific_handler
wcschr
_wcsnicmp
_wcsicmp
memset

advapi32

StartServiceCtrlDispatcherW

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlVirtualUnwind
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoA
HeapFree
SetLastError
GetProcAddress
CreateProcessW
GetSystemTimeAsFileTime
LoadLibraryW
GetVersionExW
HeapAlloc
GetProcessHeap

user32

MessageBoxW
wsprintfW

sbiedll

SbieApi_EnumProcessEx
SbieDll_Hook
SbieApi_QueryProcess

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SbieCtrl.exe
.exe windows:5 windows x64 arch:x64

f6feaf8695102cecfb4c7a2b33abb464

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:f5:88:3d:13:5c:75:b3:ca:77:13:28:a0:f8:73:5a:8e:7f:0f:6d
Signer

Actual PE Digest

0d:f5:88:3d:13:5c:75:b3:ca:77:13:28:a0:f8:73:5a:8e:7f:0f:6d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\work\sbie\apps\control\obj\amd64\SbieCtrl.pdb

Imports

mfc42u

ord6612
ord6223
ord1463
ord1005
ord5934
ord567
ord6351
ord1677
ord2676
ord6328
ord1358
ord6324
ord3491
ord3180
ord6326
ord3830
ord3790
ord2427
ord3740
ord1647
ord1646
ord6127
ord2903
ord2393
ord6440
ord1778
ord5712
ord3531
ord4770
ord3911
ord665
ord1056
ord3038
ord6099
ord6607
ord6096
ord6599
ord4668
ord6603
ord6577
ord6238
ord6133
ord6138
ord6015
ord6076
ord5896
ord5886
ord6448
ord6228
ord3760
ord851
ord6609
ord6407
ord336
ord4595
ord4894
ord2139
ord3397
ord3410
ord6691
ord4181
ord1382
ord5061
ord3939
ord5570
ord3099
ord5245
ord6818
ord2094
ord339
ord4599
ord3920
ord1067
ord2178
ord1006
ord6815
ord5935
ord3783
ord4544
ord2595
ord3820
ord2449
ord1650
ord1441
ord6018
ord6813
ord4836
ord2559
ord2515
ord6071
ord4191
ord1388
ord5615
ord2412
ord3468
ord5722
ord5724
ord4368
ord5065
ord5730
ord5711
ord6053
ord3534
ord4983
ord3916
ord659
ord1063
ord5887
ord2975
ord4565
ord5093
ord2750
ord2405
ord3141
ord5521
ord5524
ord4817
ord4633
ord3481
ord5420
ord1316
ord5839
ord3536
ord2920
ord2919
ord4461
ord4364
ord5704
ord2671
ord1674
ord4784
ord5674
ord4774
ord3787
ord890
ord4124
ord2474
ord1434
ord2466
ord2565
ord387
ord1404
ord4548
ord312
ord5792
ord1220
ord2593
ord4747
ord3806
ord912
ord2902
ord4567
ord916
ord421
ord4501
ord6393
ord3396
ord4177
ord3319
ord904
ord4257
ord2464
ord2105
ord408
ord2111
ord5958
ord3580
ord4424
ord2900
ord3535
ord3894
ord1035
ord2586
ord4741
ord3743
ord822
ord1774
ord6801
ord2425
ord2024
ord4543
ord2592
ord4746
ord3805
ord911
ord6754
ord3174
ord5973
ord2087
ord2110
ord2132
ord4612
ord4609
ord5979
ord5912
ord6661
ord1657
ord5927
ord1223
ord1471
ord919
ord424
ord3583
ord2801
ord1222
ord918
ord423
ord3582
ord5917
ord4512
ord1219
ord3809
ord915
ord4199
ord420
ord5914
ord3579
ord4500
ord6050
ord303
ord6243
ord4442
ord4621
ord2776
ord5804
ord6821
ord2876
ord2459
ord2049
ord2121
ord4523
ord5815
ord6184
ord6832
ord826
ord3647
ord4375
ord1838
ord310
ord3862
ord3742
ord2739
ord4267
ord6386
ord2598
ord4751
ord3527
ord3902
ord1044
ord4265
ord4583
ord1908
ord1698
ord2532
ord5710
ord4787
ord2059
ord4779
ord1003
ord560
ord2421
ord5980
ord2629
ord2784
ord4429
ord3630
ord3402
ord3419
ord6199
ord2922
ord4860
ord2923
ord2177
ord2135
ord1771
ord1562
ord5082
ord2655
ord1537
ord6131
ord528
ord984
ord525
ord551
ord6705
ord6708
ord2661
ord1263
ord1124
ord6418
ord999
ord4582
ord2898
ord443
ord4243
ord938
ord3829
ord6171
ord5932
ord6222
ord5950
ord1123
ord2782
ord625
ord568
ord1381
ord621
ord4602
ord1286
ord940
ord445
ord1384
ord1379
ord1365
ord3437
ord1383
ord4436
ord5949
ord1261
ord6632
ord4131
ord2783
ord5937
ord2795
ord2017
ord1264
ord3868
ord5227
ord5709
ord4722
ord4699
ord5352
ord5382
ord5304
ord5583
ord5585
ord5584
ord6886
ord5951
ord628
ord4027
ord1042
ord6021
ord4601
ord2781
ord1287
ord4521
ord3177
ord6614
ord620
ord626
ord2846
ord622
ord1259
ord1284
ord1262
ord2665
ord6887
ord337
ord624
ord1126
ord1122
ord1040
ord852
ord3761
ord4771
ord4988
ord4371
ord3164
ord4077
ord4083
ord4082
ord3046
ord3166
ord3052
ord3366
ord3231
ord4815
ord3362
ord3243
ord3049
ord5699
ord2140
ord2457
ord5683
ord1736
ord5484
ord3933
ord6814
ord2060
ord2670
ord4789
ord5229
ord4017
ord5702
ord4694
ord6812
ord5586
ord2399
ord5663
ord4752
ord1777
ord4365
ord6437
ord2517
ord5406
ord4721
ord5687
ord4557
ord2906
ord3234
ord2785
ord4623
ord1584

msvcrt

_wcsicmp
__CxxFrameHandler
wcscmp
_wtoi
wcscat
wcslen
memcpy
memset
exit
wcsncpy
_wtoi64
wcsrchr
swprintf
wcstol
free
towlower
malloc
_wcsnicmp
towupper
wcscpy
memcmp
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UEAA@XZ
__set_app_type
_fmode
wcsncmp
wcschr
time
wcsstr
memmove
_wcslwr
atof
strchr
toupper
_purecall
__RTDynamicCast
__C_specific_handler
_XcptFilter
_c_exit
_exit
_cexit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_commode

advapi32

OpenSCManagerW
LsaOpenPolicy
LsaQueryInformationPolicy
LsaFreeMemory
LsaClose
EnumServicesStatusW
CloseServiceHandle
RegDeleteKeyW
GetUserNameW
CloseEventLog
ReadEventLogW
OpenEventLogW
RegCloseKey
RegEnumValueW
RegOpenKeyW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW

kernel32

MoveFileW
CreateDirectoryW
FindClose
FindNextFileW
FindFirstFileW
ExpandEnvironmentStringsW
GetProcAddress
LoadLibraryW
GetSystemWindowsDirectoryW
GetDriveTypeW
RemoveDirectoryW
DeleteFileW
CopyFileW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoW
GetLastError
CreateFileW
GetTickCount
GetSystemTimeAsFileTime
Sleep
GetModuleHandleW
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
LockResource
LoadResource
SizeofResource
FindResourceW
LocalAlloc
GetCurrentThreadId
LocalFree
GetFileAttributesW
HeapFree
HeapAlloc
GetProcessHeap
CloseHandle
GetFileTime
GetWindowsDirectoryW
GetCurrentProcessId
CreateThread
GetShortPathNameW
ProcessIdToSessionId
GetVersionExW
CreateMutexW
OpenMutexW
GetCommandLineW
WaitForSingleObject
GetModuleFileNameW
OpenEventW
WriteFile
GetTempPathW
GetProcessTimes
OpenProcess
FreeLibrary
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
GetCurrentProcess

ntdll

NtCreateFile
NtOpenKey
RtlInitUnicodeString
NtOpenDirectoryObject
NtQueryDirectoryObject
NtClose
NtQueryDirectoryFile

gdi32

GetCurrentObject
SetTextColor
GetClipBox
CreateFontIndirectW
GetObjectW
CreatePen
GetTextMetricsW
GetPixel
Rectangle
CreatePatternBrush
GetStockObject
Ellipse
Escape
ExtTextOutW
TextOutW
BitBlt
RectVisible
PtVisible
PatBlt
LPtoDP
DPtoLP
GetWindowExtEx
GetViewportExtEx
GetMapMode
CreateSolidBrush
CreatePolygonRgn
CreateCompatibleDC
CreateCompatibleBitmap
SetPixel
DeleteDC
SelectObject
GetTextExtentPoint32W
DeleteObject
GetTextColor

user32

ReleaseDC
InvertRect
SetRect
GetWindowDC
OffsetRect
ClientToScreen
GetClientRect
GetWindowRect
LoadCursorW
LoadBitmapW
DestroyCursor
GetWindowLongPtrW
SendMessageW
UnhookWindowsHookEx
SetCursor
ReleaseCapture
GetParent
CallNextHookEx
PostMessageW
IsWindowVisible
PtInRect
EnumChildWindows
GetWindowLongW
WindowFromPoint
CallWindowProcW
SetWindowsHookExW
SetCapture
SetWindowLongPtrW
SetWindowLongW
SetWindowPos
MoveWindow
GetDC
CreateWindowExW
SetFocus
ScreenToClient
GetDlgItem
SetWindowTextW
GetWindow
ShowWindow
GetDlgCtrlID
SendDlgItemMessageW
MessageBoxW
EnableWindow
RegisterClipboardFormatW
DestroyWindow
SetWindowRgn
SetClassLongPtrW
GetMonitorInfoW
MonitorFromWindow
GetCursorPos
GetAsyncKeyState
GetWindowThreadProcessId
GetForegroundWindow
KillTimer
SetTimer
SetLayeredWindowAttributes
RegisterClassExW
LoadIconW
DefWindowProcW
CopyRect
EnableMenuItem
GetSubMenu
BeginPaint
EndPaint
UpdateWindow
InvalidateRect
TabbedTextOutW
DrawTextW
GrayStringW
GetMessagePos
DeleteMenu
SetForegroundWindow
DispatchMessageW
TranslateMessage
GetMessageW
GetMenuItemCount
LoadMenuW
OpenClipboard
PeekMessageW
MsgWaitForMultipleObjects
SetMenuItemInfoW
GetMenuItemInfoW
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterWindowMessageW
SystemParametersInfoW
FindWindowW
CreatePopupMenu
AppendMenuW
SetMenuDefaultItem
GetMenuItemID
GetMenuStringW
InsertMenuW
ModifyMenuW
GetMenu
SetMenu
PostQuitMessage
wsprintfW
GetSystemMetrics
GetKeyState
FindWindowExW
GetClassNameW
EnumWindows
DestroyIcon
DrawStateW
GetSysColor
GetMenuItemRect
IsMenu
IsRectEmpty
GetDesktopWindow
IsWindow
GetSysColorBrush
GetIconInfo

psapi

GetModuleFileNameExW

shell32

SHGetPathFromIDListW
Shell_NotifyIconW
DragQueryFileW
ShellExecuteExW
ShellExecuteW
SHFileOperationW
ord165
SHGetFolderPathW
ExtractIconExW
SHBrowseForFolderW

comctl32

ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_Draw
ImageList_GetIcon
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_Remove

comdlg32

ChooseColorW
GetOpenFileNameW

gdiplus

GdiplusStartup
GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStream

wininet

InternetOpenUrlW
InternetReadFile
InternetCloseHandle
InternetOpenW

ole32

CoInitialize
CreateClassMoniker
GetRunningObjectTable
CoTaskMemFree
CreateStreamOnHGlobal
CoCreateInstance

sbiedll

SbieApi_GetWork
SbieDll_GetStartError
SbieDll_StartSbieSvc
SbieApi_FreeReply
SbieApi_GetVersion
SbieApi_CallServer
SbieDll_StartSbieDrv
SbieDll_FormatMessage0
SbieDll_FormatMessage1
SbieApi_EnumBoxes
SbieApi_MonitorControl
SbieDll_KillAll
SbieApi_QueryConf
SbieApi_QueryBoxPath
SbieDll_TranslateNtToDosPath
SbieDll_GetAllUsersPath
SbieDll_GetUserPath
SbieDll_GetDrivePath
SbieApi_EnumProcessEx
SbieApi_QueryProcess
SbieApi_DisableForceProcess
SbieApi_Log
SbieApi_MonitorGet
SbieDll_GetLanguage
SbieDll_RunFromHome
SbieApi_CallZero
SbieDll_DeviceChange
SbieDll_GetTokenElevationType
SbieDll_KillOne
SbieDll_FormatMessage2
SbieDll_FormatMessage
SbieApi_SetLicense
SbieApi_GetLicense
SbieApi_ReloadConf

Sections

.text
Size: 409KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SbieDll.dll
.dll windows:5 windows x64 arch:x64

57e2d260dc13b065641527e431c6366a

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a8:d7:b3:63:3c:bf:a6:6d:1d:52:94:d8:6b:b4:92:50:69:6d:12:38
Signer

Actual PE Digest

a8:d7:b3:63:3c:bf:a6:6d:1d:52:94:d8:6b:b4:92:50:69:6d:12:38

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\work\sbie\core\dll\obj\amd64\SbieDll.pdb

Imports

ntdll

NtQuerySecurityObject
NtDuplicateObject
NtOpenThread
NtOpenProcess
NtSetSecurityObject
RtlConvertSidToUnicodeString
NtSetInformationProcess
_strnicmp
isspace
NtSetInformationToken
NtAdjustPrivilegesToken
NtRequestWaitReplyPort
NtRegisterThreadTerminatePort
sprintf
_vsnprintf
RtlCreateProcessParameters
RtlFreeAnsiString
NtMapViewOfSection
LdrUnloadDll
NtLoadDriver
NtFlushInstructionCache
LdrQueryProcessModuleInformation
NtRaiseHardError
NtProtectVirtualMemory
NtDeleteKey
NtEnumerateValueKey
NtQueryMultipleValueKey
NtNotifyChangeKey
NtNotifyChangeMultipleKeys
NtSaveKey
NtLoadKey
NtSetInformationKey
NtDeleteValueKey
NtQueryKey
NtCreatePort
NtConnectPort
NtImpersonateClientOfPort
NtCreateEvent
NtOpenEvent
NtCreateMutant
NtOpenMutant
NtCreateSemaphore
NtOpenSemaphore
NtCreateSection
NtOpenSection
NtOpenThreadToken
NtSetInformationThread
NtOpenProcessToken
NtDuplicateToken
NtQueryInformationToken
NtOpenDirectoryObject
__chkstk
RtlUnicodeStringToAnsiString
RtlAnsiStringToUnicodeString
strncmp
strchr
NtQueryAttributesFile
NtQueryInformationFile
NtSetInformationFile
NtCreateNamedPipeFile
NtCreateMailslotFile
NtFsControlFile
RtlGetCurrentDirectory_U
RtlSetCurrentDirectory_U
NtQueryVolumeInformationFile
RtlGetFullPathName_U
NtQuerySystemInformation
NtReadFile
NtWriteFile
NtDeleteFile
RtlQueryRegistryValues
NtDeviceIoControlFile
__C_specific_handler
NtCreateFile
NtQueryFullAttributesFile
NtQueryObject
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
_wtoi
NtOpenFile
NtQueryDirectoryFile
RtlCompareUnicodeString
wcsncpy
memcmp
_wcslwr
RtlFreeUnicodeString
RtlCreateAcl
RtlAddAccessAllowedAceEx
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
_wcsicmp
LdrLoadDll
RtlInitString
LdrGetProcedureAddress
wcsstr
wcsrchr
iswctype
NtEnumerateKey
NtOpenKey
NtClose
NtCreateKey
NtSetValueKey
towlower
wcsncmp
memcpy
memset
wcschr
swprintf
_itow
memmove
RtlInitUnicodeString
NtQueryValueKey
NtQueryInformationProcess
_wcsnicmp

kernel32

GetWindowsDirectoryW
HeapDestroy
GlobalSize
GetTempPathW
CreateDirectoryW
WriteFile
GlobalAlloc
SearchPathW
CreateFileA
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
ReadFile
GetVersionExW
FormatMessageW
SetLocaleInfoW
SetLocaleInfoA
OpenProcess
GetLongPathNameW
GetFileAttributesW
OpenFileMappingW
MapViewOfFile
OpenMutexW
CreateMutexW
ReleaseMutex
WinExec
CreateProcessA
GetCurrentDirectoryW
GetEnvironmentStringsW
LoadLibraryA
GetSystemInfo
SetThreadPriority
ResumeThread
OpenEventW
HeapFree
GetProcessHeap
HeapAlloc
VirtualFree
VirtualAlloc
GetConsoleWindow
SetConsoleTitleA
SetConsoleTitleW
GetConsoleTitleA
GetConsoleTitleW
CreateEventW
CreateThread
WaitForMultipleObjects
FindResourceW
FindResourceA
LoadResource
LockResource
GetCurrentThreadId
OpenThread
GetThreadTimes
GlobalAddAtomW
WideCharToMultiByte
WaitNamedPipeW
MoveFileWithProgressW
DefineDosDeviceW
DefineDosDeviceA
TryEnterCriticalSection
CreateFileW
GetCurrentThread
QueueUserAPC
GetSystemTimeAsFileTime
InitializeCriticalSection
GetTickCount
GetEnvironmentVariableW
SetEnvironmentVariableW
SetEvent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TlsGetValue
TlsSetValue
TlsAlloc
GetCurrentProcessId
VirtualProtect
GetSystemWindowsDirectoryW
GetCommandLineW
ExitProcess
Sleep
GlobalLock
GlobalUnlock
GlobalFree
GetModuleFileNameW
SetCurrentDirectoryW
GetFullPathNameW
GetPrivateProfileStringW
CreateProcessW
WaitForSingleObject
CloseHandle
LocalAlloc
LocalFree
ExpandEnvironmentStringsW
RaiseException
FreeLibrary
OutputDebugStringW
GetModuleHandleW
GetProcAddress
LoadLibraryW
SetLastError
GetLastError
HeapCreate

Exports

Exports

SbieApi_CallServer
SbieApi_CallZero
SbieApi_CheckInternetAccess
SbieApi_DisableForceProcess
SbieApi_EnumBoxes
SbieApi_EnumProcessEx
SbieApi_FreeReply
SbieApi_GetFileName
SbieApi_GetLicense
SbieApi_GetUnmountHive
SbieApi_GetVersion
SbieApi_GetWork
SbieApi_HookTramp
SbieApi_Log
SbieApi_LogEx
SbieApi_MonitorControl
SbieApi_MonitorGet
SbieApi_MonitorPut
SbieApi_PortName
SbieApi_QueryBoxPath
SbieApi_QueryConf
SbieApi_QueryPathList
SbieApi_QueryProcess
SbieApi_QueryProcessPath
SbieApi_ReloadConf
SbieApi_SetLicense
SbieApi_SetUserName
SbieApi_StartProcess
SbieDll_AssocQueryCommand
SbieDll_AssocQueryProgram
SbieDll_ComCreateProxy
SbieDll_ComCreateStub
SbieDll_DeviceChange
SbieDll_DisableElevationHook
SbieDll_ExpandAndRunProgram
SbieDll_FormatMessage
SbieDll_FormatMessage0
SbieDll_FormatMessage1
SbieDll_FormatMessage2
SbieDll_GetAllUsersPath
SbieDll_GetDrivePath
SbieDll_GetHandlePath
SbieDll_GetLanguage
SbieDll_GetServiceRegistryValue
SbieDll_GetSetDeviceMap
SbieDll_GetStartError
SbieDll_GetTokenElevationType
SbieDll_GetUserPath
SbieDll_Hook
SbieDll_InitPStore
SbieDll_InitProcess
SbieDll_IsBoxedService
SbieDll_IsDirectory
SbieDll_IsOpenCOM
SbieDll_IsOpenClsid
SbieDll_KillAll
SbieDll_KillOne
SbieDll_RegisterDllCallback
SbieDll_RunFromHome
SbieDll_StartBoxedService
SbieDll_StartCOM
SbieDll_StartSbieDrv
SbieDll_StartSbieSvc
SbieDll_TranslateNtToDosPath
_CorExeMain
_CorImageUnloading
_CorValidateImage

Sections

.text
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SbieDllX.dll
.dll windows:5 windows x86 arch:x86

2c65fbe5ab2cb7e6d741c086dca55aec

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:b5:46:ba:d2:e9:9f:df:14:2c:e8:d8:18:19:b9:9e:3f:1f:9b:b0
Signer

Actual PE Digest

3e:b5:46:ba:d2:e9:9f:df:14:2c:e8:d8:18:19:b9:9e:3f:1f:9b:b0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\work\sbie\core\dll\obj\i386\SbieDll.pdb

Imports

ntdll

_strnicmp
isspace
NtSetInformationProcess
RtlUnwind
NtQueryVirtualMemory
RtlConvertSidToUnicodeString
NtQueryInformationProcess
NtOpenProcess
NtOpenThread
NtDuplicateObject
NtQuerySecurityObject
NtSetSecurityObject
NtSetInformationToken
NtAdjustPrivilegesToken
NtRequestWaitReplyPort
NtRegisterThreadTerminatePort
sprintf
_vsnprintf
RtlCreateProcessParameters
LdrGetProcedureAddress
RtlFreeAnsiString
LdrLoadDll
LdrUnloadDll
NtLoadDriver
NtMapViewOfSection
NtFlushInstructionCache
LdrQueryProcessModuleInformation
NtRaiseHardError
NtProtectVirtualMemory
NtDeleteKey
NtEnumerateValueKey
NtQueryMultipleValueKey
NtNotifyChangeKey
NtNotifyChangeMultipleKeys
NtSaveKey
NtLoadKey
NtSetInformationKey
NtDeleteValueKey
NtQueryKey
NtCreatePort
NtConnectPort
NtImpersonateClientOfPort
NtCreateEvent
NtOpenEvent
NtCreateMutant
NtOpenMutant
NtCreateSemaphore
NtOpenSemaphore
NtCreateSection
NtOpenSection
NtOpenThreadToken
NtSetInformationThread
NtOpenProcessToken
NtDuplicateToken
NtQueryInformationToken
NtOpenDirectoryObject
RtlUnicodeStringToAnsiString
RtlInitString
RtlAnsiStringToUnicodeString
strncmp
strchr
NtQueryAttributesFile
NtQueryInformationFile
NtSetInformationFile
NtCreateNamedPipeFile
NtCreateMailslotFile
NtFsControlFile
RtlGetCurrentDirectory_U
RtlSetCurrentDirectory_U
NtQueryVolumeInformationFile
RtlGetFullPathName_U
NtQuerySystemInformation
NtReadFile
NtWriteFile
NtDeleteFile
RtlQueryRegistryValues
NtDeviceIoControlFile
NtCreateFile
NtQueryFullAttributesFile
NtQueryObject
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
_wtoi
NtOpenFile
NtQueryDirectoryFile
RtlCompareUnicodeString
wcsncpy
_wcslwr
RtlFreeUnicodeString
RtlCreateAcl
RtlAddAccessAllowedAceEx
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
_wcsicmp
wcsstr
wcsrchr
iswctype
NtEnumerateKey
NtOpenKey
NtClose
NtCreateKey
NtSetValueKey
towlower
wcsncmp
wcscat
wcschr
swprintf
_itow
wcscpy
wcslen
memmove
RtlInitUnicodeString
NtQueryValueKey
wcscmp
_wcsnicmp

kernel32

GetWindowsDirectoryW
HeapDestroy
GlobalSize
GetTempPathW
CreateDirectoryW
WriteFile
GlobalAlloc
SearchPathW
CreateFileA
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
ReadFile
GetVersionExW
FormatMessageW
SetLocaleInfoW
SetLocaleInfoA
OpenProcess
GetLongPathNameW
GetFileAttributesW
MapViewOfFile
OpenFileMappingW
OpenMutexW
CreateMutexW
ReleaseMutex
WinExec
CreateProcessA
GetCurrentDirectoryW
GetEnvironmentStringsW
LoadLibraryA
InterlockedExchange
GetSystemInfo
SetThreadPriority
ResumeThread
OpenEventW
HeapFree
GetProcessHeap
HeapAlloc
VirtualFree
VirtualAlloc
GetConsoleWindow
SetConsoleTitleA
SetConsoleTitleW
GetConsoleTitleA
GetConsoleTitleW
CreateEventW
CreateThread
WaitForMultipleObjects
FindResourceW
FindResourceA
LoadResource
LockResource
GetCurrentThreadId
OpenThread
GetThreadTimes
GlobalAddAtomW
WideCharToMultiByte
WaitNamedPipeW
MoveFileWithProgressW
DefineDosDeviceW
DefineDosDeviceA
TryEnterCriticalSection
CreateFileW
GetCurrentThread
QueueUserAPC
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
InitializeCriticalSection
GetTickCount
GetEnvironmentVariableW
SetEnvironmentVariableW
SetEvent
InterlockedCompareExchange
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TlsGetValue
TlsSetValue
TlsAlloc
GetCurrentProcessId
VirtualProtect
GetCurrentProcess
GetCommandLineW
Sleep
ExitProcess
GlobalLock
GlobalUnlock
GlobalFree
GetModuleFileNameW
SetCurrentDirectoryW
GetFullPathNameW
GetPrivateProfileStringW
CreateProcessW
WaitForSingleObject
CloseHandle
LocalAlloc
LocalFree
InterlockedDecrement
InterlockedIncrement
ExpandEnvironmentStringsW
RaiseException
FreeLibrary
OutputDebugStringW
GetModuleHandleW
GetProcAddress
LoadLibraryW
SetLastError
GetLastError
HeapCreate

Exports

Exports

SbieApi_CheckInternetAccess
SbieApi_DisableForceProcess
SbieApi_EnumBoxes
SbieApi_EnumProcessEx
SbieApi_GetFileName
SbieApi_GetVersion
SbieApi_Log
SbieApi_LogEx
SbieApi_QueryBoxPath
SbieApi_QueryConf
SbieApi_QueryPathList
SbieApi_QueryProcess
SbieApi_QueryProcessPath
SbieApi_ReloadConf
SbieDll_Hook
SbieDll_KillAll
SbieDll_KillOne
SbieDll_RegisterDllCallback
SbieDll_StartBoxedService
_SbieApi_CallServer@4
_SbieApi_CallZero@4
_SbieApi_CheckInternetAccess@12
_SbieApi_DisableForceProcess@8
_SbieApi_EnumBoxes@8
_SbieApi_EnumProcessEx@16
_SbieApi_FreeReply@4
_SbieApi_GetFileName@12
_SbieApi_GetLicense@4
_SbieApi_GetUnmountHive@4
_SbieApi_GetVersion@4
_SbieApi_GetWork@12
_SbieApi_HookTramp@8
_SbieApi_MonitorControl@8
_SbieApi_MonitorGet@8
_SbieApi_MonitorPut@8
_SbieApi_PortName@0
_SbieApi_QueryBoxPath@28
_SbieApi_QueryConf@20
_SbieApi_QueryPathList@12
_SbieApi_QueryProcess@20
_SbieApi_QueryProcessPath@28
_SbieApi_ReloadConf@4
_SbieApi_SetLicense@8
_SbieApi_SetLsaAuthPkg@8
_SbieApi_SetUserName@8
_SbieApi_StartProcess@8
_SbieDll_AssocQueryCommand@4
_SbieDll_AssocQueryProgram@4
_SbieDll_ComCreateProxy@16
_SbieDll_ComCreateStub@16
_SbieDll_DeviceChange@8
_SbieDll_DisableElevationHook@0
_SbieDll_ExpandAndRunProgram@4
_SbieDll_FormatMessage0@4
_SbieDll_FormatMessage1@8
_SbieDll_FormatMessage2@12
_SbieDll_FormatMessage@8
_SbieDll_GetAllUsersPath@0
_SbieDll_GetDrivePath@4
_SbieDll_GetHandlePath@12
_SbieDll_GetLanguage@4
_SbieDll_GetServiceRegistryValue@12
_SbieDll_GetSetDeviceMap@4
_SbieDll_GetStartError@0
_SbieDll_GetTokenElevationType@0
_SbieDll_GetUserPath@0
_SbieDll_Hook@12
_SbieDll_InitPStore@0
_SbieDll_InitProcess@0
_SbieDll_IsBoxedService@4
_SbieDll_IsDirectory@4
_SbieDll_IsOpenCOM@0
_SbieDll_IsOpenClsid@12
_SbieDll_KillAll@8
_SbieDll_KillOne@4
_SbieDll_RegisterDllCallback@4
_SbieDll_RunFromHome@16
_SbieDll_StartBoxedService@8
_SbieDll_StartCOM@4
_SbieDll_StartSbieDrv@4
_SbieDll_StartSbieSvc@4
_SbieDll_TranslateNtToDosPath@4

Sections

.text
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SbieDrv.sys
.sys windows:5 windows x64 arch:x64

e898401f20c5d4031915eff002225bc8

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e3:21:66:44:43:8e:38:c1:cc:66:19:e6:aa:50:8e:5b:53:63:a9:d2
Signer

Actual PE Digest

e3:21:66:44:43:8e:38:c1:cc:66:19:e6:aa:50:8e:5b:53:63:a9:d2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\work\sbie\core\drv\obj\amd64\SbieDrv.pdb

Imports

ntoskrnl.exe

ProbeForRead
ExGetPreviousMode
ProbeForWrite
ZwClose
ZwSetEvent
ZwOpenEvent
RtlInitUnicodeString
wcsncpy
ExRaiseStatus
IoCreateDevice
IoDeleteDevice
wcsncmp
RtlFreeUnicodeString
RtlCompareUnicodeString
wcschr
_wcsicmp
_wcsnicmp
ExAcquireResourceSharedLite
KeDelayExecutionThread
RtlQueryRegistryValues
swprintf
_itow
ExFreePoolWithTag
ExAllocatePoolWithTag
RtlUnicodeStringToInteger
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
ZwQueryInformationFile
ZwCreateFile
PsGetVersion
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlCreateAcl
ObfDereferenceObject
ObReferenceObjectByHandle
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
wcsrchr
ZwQueryValueKey
ZwOpenKey
MmGetSystemRoutineAddress
ZwWriteFile
ZwSetInformationFile
sprintf
IoFileObjectType
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
PsLookupThreadByThreadId
ZwQuerySystemInformation
PsGetCurrentProcessId
ZwOpenThread
ZwAllocateVirtualMemory
KeInsertQueueDpc
KeSetTargetProcessorDpc
KeSetImportanceDpc
KeBugCheckEx
KeQueryActiveProcessors
PsGetCurrentThreadId
MmUnlockPages
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
PsRemoveCreateThreadNotifyRoutine
PsSetCreateThreadNotifyRoutine
IoIs32bitProcess
MmProtectMdlSystemAddress
MmMapLockedPagesSpecifyCache
ZwWaitForSingleObject
ZwUnloadKey
ExInitializeResourceLite
ExDeleteResourceLite
IoCreateFile
ZwReadFile
wcsstr
_wcslwr
ZwCreateDirectoryObject
ZwOpenProcess
ZwCreateSymbolicLinkObject
ZwLoadKey
ZwYieldExecution
CmUnRegisterCallback
RtlTimeToTimeFields
ZwSetValueKey
ZwCreateKey
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
DbgPrint
ObQueryNameString
PsSetLoadImageNotifyRoutine
RtlInt64ToUnicodeString
PsLookupProcessByProcessId
ZwQueryInformationProcess
PsSetCreateProcessNotifyRoutine
strncmp
ZwSetSecurityObject
ZwQueryInformationToken
PsGetProcessId
RtlAddAccessAllowedAce
ZwSetInformationProcess
IoGetCurrentProcess
ZwOpenProcessToken
IoThreadToProcess
NtDuplicateObject
SeSinglePrivilegeCheck
PsThreadType
PsProcessType
SeQueryInformationToken
SeTokenIsAdmin
PsReferencePrimaryToken
ZwOpenThreadToken
RtlConvertSidToUnicodeString
__C_specific_handler
IofCompleteRequest
ExReleaseResourceLite
KeInitializeDpc
ExAcquireResourceExclusiveLite

fltmgr.sys

FltRegisterFilter
FltStartFiltering
FltUnregisterFilter
FltSetCallbackDataDirty

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INITDATA
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SbieMsg.dll
.dll windows:5 windows x64 arch:x64

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

df:e5:00:f2:54:21:95:26:e8:29:9f:12:7a:de:9d:06:4d:3b:44:36
Signer

Actual PE Digest

df:e5:00:f2:54:21:95:26:e8:29:9f:12:7a:de:9d:06:4d:3b:44:36

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\work\sbie\msgs\obj\amd64\SbieMsg.pdb

Sections

.data
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SbieSvc.exe
.exe windows:5 windows x64 arch:x64

a8f81422862eac91e03ebd4b3fe8799a

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

97:10:18:8c:98:5d:74:20:7c:cf:7a:db:cd:87:78:f0:cd:80:ac:ff
Signer

Actual PE Digest

97:10:18:8c:98:5d:74:20:7c:cf:7a:db:cd:87:78:f0:cd:80:ac:ff

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\work\sbie\core\svc\obj\amd64\SbieSvc.pdb

Imports

msvcrt

strtol
wcstol
isspace
_strnicmp
wcsrchr
_stricmp
memmove
sprintf
_wcsnicmp
memcmp
towlower
_itow
_wcslwr
wcschr
_wcsicmp
__C_specific_handler
wcsstr
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memset
strchr
_initterm
_XcptFilter
_c_exit
_exit
__set_app_type
_fmode
_commode
__setusermatherr
memcpy
__getmainargs
_acmdln
exit
_cexit

advapi32

SetServiceStatus
SetThreadToken
DuplicateToken
DuplicateTokenEx
GetLengthSid
AddAccessAllowedAce
SetTokenInformation
EnumServicesStatusW
QueryServiceConfigW
QueryServiceConfig2W
QueryServiceStatusEx
StartServiceW
CloseServiceHandle
RegOpenCurrentUser
RegOpenUserClassesRoot
RegOpenKeyExW
RegCloseKey
OpenThreadToken
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CheckTokenMembership
FreeSid
CreateProcessAsUserW
ConvertStringSidToSidW
LookupAccountSidW
LookupPrivilegeValueW
AdjustTokenPrivileges
RevertToSelf
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetEntriesInAclW
SetSecurityDescriptorDacl
OpenProcessToken
OpenEventLogW
ReportEventW
ControlService
OpenServiceW
OpenSCManagerW
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
AllocateAndInitializeSid
GetTokenInformation

kernel32

UnmapViewOfFile
TryEnterCriticalSection
DeleteCriticalSection
GlobalAlloc
GlobalLock
CreateMutexW
OpenEventW
GlobalUnlock
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoA
GlobalFree
GetModuleFileNameW
ReadProcessMemory
WriteProcessMemory
DuplicateHandle
CreateProcessW
OpenMutexW
MulDiv
VirtualAlloc
ExitProcess
RaiseException
VirtualFree
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
OutputDebugStringW
EnterCriticalSection
GetLastError
QueueUserWorkItem
Sleep
ProcessIdToSessionId
GetCommandLineW
CloseHandle
HeapAlloc
GetProcessHeap
GetCurrentProcess
HeapFree
SetLastError
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
HeapDestroy
HeapCreate
WaitForMultipleObjects
TerminateThread
WaitForSingleObject
SetEvent
GetProcessTimes
OpenProcess
OpenThread
GetProcAddress
GetModuleHandleW
CreateEventW
SetThreadPriority
GetCurrentThread
CreateThread
LocalFree
WriteFile
SetFilePointer
CreateFileW
GetLocalTime
LocalAlloc
TerminateProcess
InitializeCriticalSection
GetVersionExW
GetTickCount
GetWindowsDirectoryW
DeleteFileW
SetEndOfFile
LoadLibraryW
SetFileAttributesW
GetFileAttributesW
HeapReAlloc
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
CancelIo
CopyFileW

ntdll

NtClose
NtSetInformationThread
NtDuplicateToken
NtFilterToken
RtlInitUnicodeString
NtLoadDriver
NtOpenKey
NtUnloadKey
NtLoadKey
NtCreateFile
NtWriteFile
NtReadFile
NtQueryInformationFile
NtQueryDirectoryFile
NtQueryKey
NtSetInformationFile
NtQueryInformationToken
NtOpenProcessToken
NtOpenThreadToken
NtCompleteConnectPort
NtAcceptConnectPort
NtImpersonateClientOfPort
NtReplyWaitReceivePort
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
NtQueryFullAttributesFile
NtCreatePort

gdi32

GetDeviceCaps
SelectObject
SetTextColor
SetBkColor
CreateSolidBrush
CreateFontW
TextOutW

user32

CreateWindowExW
ShowWindow
GetMessageW
DispatchMessageW
DefWindowProcW
BeginPaint
EndPaint
wsprintfW
RegisterClassW

setupapi

CM_Get_Device_ID_List_SizeW
CM_Get_Device_Interface_ListA
CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_List_SizeA
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_Alias_ExW
SetupDiDestroyDeviceInfoList
SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoList
SetupDiOpenDeviceInterfaceW
CM_Get_DevNode_Status
CM_Locate_DevNodeW
SetupDiBuildClassInfoList
SetupDiClassNameFromGuidExW
CM_Get_Device_ID_ListW

crypt32

CryptUnprotectData
CryptProtectData

ole32

CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoMarshalInterface
CoCopyProxy
CoSetProxyBlanket
CoQueryProxyBlanket
CreateStreamOnHGlobal
CoUnmarshalInterface
CoGetClassObject
CoTaskMemFree

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

sbiedll

SbieApi_GetVersion
SbieApi_LogEx
SbieApi_GetUnmountHive
SbieApi_EnumProcessEx
SbieApi_SetUserName
SbieDll_FormatMessage2
SbieDll_GetServiceRegistryValue
SbieApi_QueryProcess
SbieDll_RunFromHome
SbieApi_GetWork
SbieApi_CallZero
SbieApi_Log
SbieApi_PortName
SbieApi_QueryConf
SbieApi_ReloadConf
SbieApi_QueryProcessPath
SbieDll_FormatMessage0
SbieDll_ComCreateStub
SbieDll_IsOpenClsid
SbieApi_CheckInternetAccess

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Start.exe
.exe windows:5 windows x64 arch:x64

053ba7298d9d50b4f1be9a01a4beb56d

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

30:4a:79:60:b4:19:e8:93:dd:0e:44:82:16:93:38:4c:ef:4c:0b:3f
Signer

Actual PE Digest

30:4a:79:60:b4:19:e8:93:dd:0e:44:82:16:93:38:4c:ef:4c:0b:3f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\work\sbie\apps\start\obj\amd64\Start.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW

kernel32

CloseHandle
OpenMutexW
GetModuleHandleW
CreateProcessW
ExpandEnvironmentStringsW
GetModuleFileNameW
ExitProcess
SetEnvironmentVariableW
GetCommandLineW
GetCurrentProcessId
FindClose
FindNextFileW
FindFirstFileW
HeapFree
HeapReAlloc
Sleep
LocalFree
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
GetEnvironmentVariableW
GetFullPathNameW
GetExitCodeProcess
WaitForSingleObject
GetSystemTimeAsFileTime
RemoveDirectoryW
CreateEventW
ProcessIdToSessionId
__C_specific_handler
GetStdHandle
WriteFile
SetLastError
GetProcessHeap
HeapAlloc
GetSystemWindowsDirectoryW
GetLastError
HeapDestroy
FormatMessageW
HeapCreate

ntdll

wcscpy
NtTerminateProcess
NtTerminateThread
NtQueryInformationFile
NtSetInformationFile
NtCreateFile
RtlNtStatusToDosError
RtlInitUnicodeString
NtOpenKey
NtClose
memmove
wcscmp
iswctype
_wtoi
wcschr
wcsncmp
wcslen
memcpy
wcsncpy
strcmp
towlower
sprintf
strlen
_wcsnicmp
wcsrchr
_wcsicmp
memset
wcscat
__chkstk

gdi32

CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
PatBlt
SetBkColor
SetTextColor
GetObjectW
CreateFontIndirectW

user32

SendDlgItemMessageW
KillTimer
EnableWindow
GetSysColorBrush
GetSysColor
GetDlgItem
DialogBoxParamW
LoadImageW
CreateWindowExW
GetWindowInfo
GetWindowRect
SetWindowTextW
ScreenToClient
MoveWindow
SetDlgItemTextW
GetWindowTextW
ClientToScreen
GetSystemMetrics
GetDesktopWindow
GetClientRect
DestroyIcon
DrawIconEx
GetDC
CreateMenu
InsertMenuItemW
GetMenuItemCount
SetMenuInfo
DefWindowProcW
GetMenuInfo
DestroyMenu
DestroyWindow
TrackPopupMenu
RegisterClassW
CreatePopupMenu
ExitWindowsEx
ShowWindow
SetFocus
EndDialog
SetWindowPos
SendMessageW
SetTimer
wsprintfW
MessageBoxW
GetAsyncKeyState

shlwapi

SHAutoComplete
AssocQueryStringW

shell32

ExtractIconExW
ShellExecuteW
ShellExecuteExW
SHGetFolderPathW

ole32

CoCreateInstance
CoTaskMemFree
CoInitialize

comdlg32

GetOpenFileNameW

comctl32

InitCommonControlsEx

sbiedll

SbieApi_FreeReply
SbieApi_CallServer
SbieDll_StartSbieSvc
SbieDll_StartSbieDrv
SbieApi_EnumProcessEx
SbieApi_SetLicense
SbieDll_FormatMessage
SbieDll_FormatMessage0
SbieDll_GetLanguage
SbieApi_QueryConf
SbieDll_RunFromHome
SbieApi_QueryProcess
SbieDll_InitProcess
SbieDll_GetSetDeviceMap
SbieApi_StartProcess
SbieDll_FormatMessage1
SbieDll_StartCOM
SbieApi_DisableForceProcess
SbieDll_KillAll
SbieApi_ReloadConf
SbieDll_DisableElevationHook
SbieDll_InitPStore
SbieDll_GetTokenElevationType
SbieApi_EnumBoxes
SbieApi_QueryBoxPath
SbieDll_TranslateNtToDosPath
SbieDll_IsDirectory

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Templates.ini
Sandboxie 沙盘 V3.45.20 Beta 绿色免费版/keygen.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 25KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ZWT
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4eCertificate

Key Usages

04:00:00:00:00:01:20:19:c1:90:66Certificate

Key Usages

01:00:00:00:00:01:25:b0:b4:cc:01Certificate

Extended Key Usages

Key Usages

01:00:00:00:00:01:25:fa:0e:5f:a5Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:1e:44:a5:ec:beCertificate

Key Usages

8b:80:bc:2d:98:2d:84:50:91:dd:6c:0f:33:dd:66:14:e2:30:aa:8fSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 44KB

.rsrc Size: 24KB - Virtual size: 23KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

611d917a938d9ceec280707166252976

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4eCertificate

Key Usages

04:00:00:00:00:01:20:19:c1:90:66Certificate

Key Usages

01:00:00:00:00:01:25:b0:b4:cc:01Certificate

Extended Key Usages

Key Usages

01:00:00:00:00:01:25:fa:0e:5f:a5Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:1e:44:a5:ec:beCertificate

Key Usages

b4:4f:9b:99:cf:a1:cf:0d:7f:c2:52:7e:bd:11:80:98:83:5f:41:d2Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

user32

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

8b:80:bc:2d:98:2d:84:50:91:dd:6c:0f:33:dd:66:14:e2:30:aa:8f
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 44KB

.rsrc
Size: 24KB - Virtual size: 23KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

b4:4f:9b:99:cf:a1:cf:0d:7f:c2:52:7e:bd:11:80:98:83:5f:41:d2
Signer

.text
Size: 10KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 860B

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 697B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 320B

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

00:ab:06:55:dc:bc:9a:c9:1c:e7:8d:d1:b7:78:a1:d6:8b:22:ed:98
Signer

.text
Size: 512B - Virtual size: 147B

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 512B - Virtual size: 8B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate