ImDiskTk-x64[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

ImDiskTk-x64.zip
Size

691KB
MD5

180e502c0d441861f01b532d2072e512
SHA1

de4fae36103625fd0f80355daa5e83a68d0a16a7
SHA256

fd5a32b7b6396ec6b23d6743e375b9d0f6c40c4f1fab166d8e89a870555a4c57
SHA512

9af6a1265e4a92d5dbb193daece0c51e6cad55c86bd9ccf52f76b09396bac35b1a6b4542ac0fd6259014ac29012d467e4ed630f75a863687255d5053d2a423f5
SSDEEP

12288:EscD2uBGvB6dZmvlruAioyKX4Kmulm69VuE+bSq8YJLnH7gG5rTVublN4p7+/Ni0:ExBlzuruIo8Q69+SuJAGdTYblK9aN/sg

Score

3^/10

Malware Config

Signatures

Unsigned PE 20 IoCs

Checks for missing Authenticode signature.

resource
unpack002/DiscUtils/DevioNet.dll
unpack002/DiscUtils/DiscUtils.Core.dll
unpack002/DiscUtils/DiscUtils.Dmg.dll
unpack002/DiscUtils/DiscUtils.Streams.dll
unpack002/DiscUtils/DiscUtils.Vdi.dll
unpack002/DiscUtils/DiscUtils.Vhd.dll
unpack002/DiscUtils/DiscUtils.Vhdx.dll
unpack002/DiscUtils/DiscUtils.Vmdk.dll
unpack002/DiscUtils/DiscUtils.Xva.dll
unpack002/DiscUtils/DiscUtilsDevio.exe
unpack002/DiscUtils/ImDiskNet.dll
unpack002/DiscUtils/LTRData.Extensions.dll
unpack002/DiscUtils/lzfse-net.dll
unpack002/DiscUtils/lzfse.dll
unpack002/ImDisk-Dlg.exe
unpack002/ImDiskTk-svc.exe
unpack002/MountImg.exe
unpack002/RamDiskUI.exe
unpack002/RamDyn.exe
unpack002/config.exe

Files

ImDiskTk-x64.zip
.zip
ImDiskTk20240210/files.cab
.cab
DiscUtils/DevioNet.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Z:\src\imdisk\ImDiskNet\DevioNet\obj\Release\net48\DevioNet.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DiscUtils/DiscUtils.Core.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/home/olof/src/DiscUtils/Library/DiscUtils.Core/obj/Release/net48/DiscUtils.Core.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DiscUtils/DiscUtils.Dmg.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/home/olof/src/DiscUtils/Library/DiscUtils.Dmg/obj/Release/net48/DiscUtils.Dmg.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DiscUtils/DiscUtils.Streams.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/home/olof/src/DiscUtils/Library/DiscUtils.Streams/obj/Release/net48/DiscUtils.Streams.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DiscUtils/DiscUtils.Vdi.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/home/olof/src/DiscUtils/Library/DiscUtils.Vdi/obj/Release/net48/DiscUtils.Vdi.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DiscUtils/DiscUtils.Vhd.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/home/olof/src/DiscUtils/Library/DiscUtils.Vhd/obj/Release/net48/DiscUtils.Vhd.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DiscUtils/DiscUtils.Vhdx.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/home/olof/src/DiscUtils/Library/DiscUtils.Vhdx/obj/Release/net48/DiscUtils.Vhdx.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DiscUtils/DiscUtils.Vmdk.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/home/olof/src/DiscUtils/Library/DiscUtils.Vmdk/obj/Release/net48/DiscUtils.Vmdk.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DiscUtils/DiscUtils.Xva.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/home/olof/src/DiscUtils/Library/DiscUtils.Xva/obj/Release/net48/DiscUtils.Xva.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DiscUtils/DiscUtilsDevio.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Z:\src\imdisk\ImDiskNet\DiscUtilsDevio\obj\Release\net48\DiscUtilsDevio.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DiscUtils/DiscUtilsDevio.exe.config
.xml
DiscUtils/ImDiskNet.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Z:\src\imdisk\ImDiskNet\ImDiskNet\obj\Release\net48\ImDiskNet.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DiscUtils/LTRData.Extensions.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/home/olof/src/Library/LTRData.Extensions/obj/Release/net48/LTRData.Extensions.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DiscUtils/Microsoft.Bcl.HashCode.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:39

Not After

03/03/2021, 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cc:4b:a2:41:14:22:a9:b2:95:0a:03:cf:6b:10:ac:33:18:a3:e3:b3:29:5f:de:d3:ce:0d:14:ab:31:da:59:c6
Signer

Actual PE Digest

cc:4b:a2:41:14:22:a9:b2:95:0a:03:cf:6b:10:ac:33:18:a3:e3:b3:29:5f:de:d3:ce:0d:14:ab:31:da:59:c6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/_/artifacts/obj/Microsoft.Bcl.HashCode/net461-Release/Microsoft.Bcl.HashCode.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DiscUtils/System.Buffers.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d4:65:dc:35:86:93:2f:fb:0d:d0:c1:ac:2f:31:92:bd:28:75:14:21:57:3f:3b:7d:55:33:05:32:59:3d:d4:62
Signer

Actual PE Digest

d4:65:dc:35:86:93:2f:fb:0d:d0:c1:ac:2f:31:92:bd:28:75:14:21:57:3f:3b:7d:55:33:05:32:59:3d:d4:62

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Buffers\netfx\System.Buffers.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DiscUtils/System.Memory.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:32

Not After

01/09/2022, 18:32

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a4:6c:07:cf:a9:38:ad:dd:05:7b:ae:24:e4:ad:78:9e:fa:07:82:fb:e0:b3:ea:d5:f5:bc:8e:78:ff:71:9b:27
Signer

Actual PE Digest

a4:6c:07:cf:a9:38:ad:dd:05:7b:ae:24:e4:ad:78:9e:fa:07:82:fb:e0:b3:ea:d5:f5:bc:8e:78:ff:71:9b:27

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netfx\System.Memory.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DiscUtils/System.Numerics.Vectors.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:c2:a0:09:c5:37:76:e9:f6:cd:00:00:00:00:00:c2
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/09/2016, 17:58

Not After

07/09/2018, 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=AOC+OU=Thales TSS ESN:C3B0-0F6A-4111,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/08/2017, 20:11

Not After

11/08/2018, 20:11

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:c4:e9:89:f8:7a:81:50:e9:ff:00:00:00:00:00:c4
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/08/2017, 20:20

Not After

11/08/2018, 20:20

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

99:0e:22:c8:fb:bc:e4:62:63:f1:99:41:db:03:50:70:a9:f7:d6:99:5f:43:9a:3b:2d:d5:4b:9c:fc:3d:7c:e6
Signer

Actual PE Digest

99:0e:22:c8:fb:bc:e4:62:63:f1:99:41:db:03:50:70:a9:f7:d6:99:5f:43:9a:3b:2d:d5:4b:9c:fc:3d:7c:e6

Digest Algorithm

sha256

PE Digest Matches

true

12:57:a0:40:75:36:a1:51:f8:dd:f2:97:bc:f9:16:a8:2c:bd:f3:8d
Signer

Actual PE Digest

12:57:a0:40:75:36:a1:51:f8:dd:f2:97:bc:f9:16:a8:2c:bd:f3:8d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\A\_work\39\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Numerics.Vectors/net46\System.Numerics.Vectors.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DiscUtils/System.Runtime.CompilerServices.Unsafe.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:84:6c:5c:c9:e6:39:56:a6:5f:23:06:01:58:8b:e1:ae:37:c4:fe:71:62:f4:b5:f7:ae:87:52:ec:0c:f4:30
Signer

Actual PE Digest

10:84:6c:5c:c9:e6:39:56:a6:5f:23:06:01:58:8b:e1:ae:37:c4:fe:71:62:f4:b5:f7:ae:87:52:ec:0c:f4:30

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DiscUtils/System.Threading.Tasks.Extensions.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

da:fb:83:40:c8:c2:8e:cb:07:b8:6a:f1:de:5f:60:bf:04:02:39:30:51:4d:e3:8a:90:db:7a:5d:d3:4f:71:f0
Signer

Actual PE Digest

da:fb:83:40:c8:c2:8e:cb:07:b8:6a:f1:de:5f:60:bf:04:02:39:30:51:4d:e3:8a:90:db:7a:5d:d3:4f:71:f0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Threading.Tasks.Extensions\netfx\System.Threading.Tasks.Extensions.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DiscUtils/System.ValueTuple.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:c0:de:2c:3d:07:94:e4:49:79:00:00:00:00:00:c0
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/09/2016, 17:58

Not After

07/09/2018, 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=AOC+OU=nCipher DSE ESN:7AB5-2DF2-DA3F,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/08/2017, 20:11

Not After

11/08/2018, 20:11

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:c4:e9:89:f8:7a:81:50:e9:ff:00:00:00:00:00:c4
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/08/2017, 20:20

Not After

11/08/2018, 20:20

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d4:37:69:30:cf:c4:bf:17:93:07:4e:1a:10:f5:a8:79:e8:8f:5f:58:7c:25:a7:a1:5a:95:50:d7:24:03:73:42
Signer

Actual PE Digest

d4:37:69:30:cf:c4:bf:17:93:07:4e:1a:10:f5:a8:79:e8:8f:5f:58:7c:25:a7:a1:5a:95:50:d7:24:03:73:42

Digest Algorithm

sha256

PE Digest Matches

true

78:b3:c4:5e:5b:a3:f6:32:6e:9b:44:3e:33:4f:0e:39:8c:1c:4a:00
Signer

Actual PE Digest

78:b3:c4:5e:5b:a3:f6:32:6e:9b:44:3e:33:4f:0e:39:8c:1c:4a:00

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\A\_work\39\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.ValueTuple/net47\System.ValueTuple.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DiscUtils/lzfse-net.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\1\s\src\lzfse-net\obj\Release\net45\lzfse-net.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DiscUtils/lzfse.dll
.dll windows:6 windows x86 arch:x86

ed8d79bd816de84e10d4a26c3b74545c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\vcpkg\buildtrees\lzfse\x86-windows-rel\lzfse.pdb

Imports

vcruntime140

memcpy
__std_type_info_destroy_list
_except_handler4_common
memset

api-ms-win-crt-heap-l1-1-0

malloc
free

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_cexit
_initialize_onexit_table

kernel32

GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
IsProcessorFeaturePresent
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess

Exports

Exports

lzfse_decode_buffer
lzfse_decode_scratch_size
lzfse_encode_buffer
lzfse_encode_scratch_size

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ImDisk Virtual Disk Driver.lnk
.lnk
ImDisk-Dlg.exe
.exe windows:4 windows x64 arch:x64

2c85e447a873272d0f39e7a1c04dce1c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCreateKeyExA
RegQueryValueExA
RegSetValueExA

comdlg32

GetSaveFileNameW

kernel32

CloseHandle
CreateFileW
CreateThread
DeleteFileW
DeviceIoControl
ExitProcess
FlushFileBuffers
FormatMessageW
GetCommandLineW
GetDriveTypeW
GetFileSizeEx
GetLastError
GetModuleHandleW
GetProcAddress
LoadLibraryA
ReadFile
SetCurrentDirectoryW
SetFilePointerEx
Sleep
VirtualAlloc
WriteFile

msvcrt

_i64tow
_snwprintf
_wtoi64
wcscmp
wcslen
wcsncmp
wcsstr
wcstok

shell32

CommandLineToArgvW

shlwapi

PathRemoveFileSpecW

user32

BeginPaint
CreateDialogParamW
DialogBoxParamW
DrawIcon
EnableWindow
EndDialog
EndPaint
GetDlgItem
GetDlgItemTextW
IsDlgButtonChecked
LoadImageW
MapDialogRect
MessageBeep
MessageBoxW
SendMessageTimeoutW
SendMessageW
SetDlgItemTextA
SetDlgItemTextW
SetFocus
SetTimer
SetWindowTextW
ShowWindow

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 57B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ImDiskTk-svc.exe
.exe windows:4 windows x64 arch:x64

4661139f8538279dc2bf0f7a3e7954a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegSetValueExA
RegSetValueExW
RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW

kernel32

BackupRead
BackupWrite
CloseHandle
CreateDirectoryW
CreateEventW
CreateFileW
CreateThread
DeleteFileW
ExitProcess
FindClose
FindFirstFileW
FindNextFileW
GetCommandLineW
GetCurrentProcess
GetDateFormatW
GetFileAttributesW
GetLastError
GetLogicalDrives
GetProcAddress
GetTimeFormatW
GetVersionExW
GetVolumeInformationW
LoadLibraryA
RemoveDirectoryW
SetEvent
SetFileAttributesW
VirtualAlloc
WaitForSingleObject
lstrcatW
lstrcmpW
lstrcmpiW
lstrcpyW
lstrlenW

ntdll

NtQueryInformationFile
NtSetInformationFile

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 59B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MountImg.exe
.exe windows:4 windows x64 arch:x64

e54f05640e728279476bfb2c23adc9f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

ChangeServiceConfig2W
ChangeServiceConfigW
CloseServiceHandle
CreateProcessAsUserW
CreateServiceW
DeleteService
GetTokenInformation
OpenSCManagerW
OpenServiceW
RegCloseKey
RegCreateKeyExA
RegDeleteValueW
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegSetValueExW
RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW
StartServiceW

comdlg32

GetOpenFileNameW

kernel32

CloseHandle
CreateFileW
CreateMutexW
CreateProcessW
CreateSemaphoreA
CreateThread
DeleteFileW
DeviceIoControl
ExitProcess
FindClose
FindFirstFileW
GetCommandLineW
GetExitCodeProcess
GetFileAttributesExW
GetFileSizeEx
GetFullPathNameW
GetLastError
GetLogicalDrives
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetVersionExW
GetVolumeInformationW
GlobalAlloc
GlobalFree
LoadLibraryA
OpenSemaphoreA
ReadFile
ReleaseMutex
ReleaseSemaphore
SetCurrentDirectoryW
SetEndOfFile
SetFilePointerEx
Sleep
VirtualAlloc
WTSGetActiveConsoleSessionId
WaitForSingleObject

msvcrt

_snwprintf
_wcsicmp
_wcsnicmp
_wtoi
_wtoi64
setlocale
wcscat
wcscmp
wcscpy
wcslen
wcsncpy
wcsstr
wcstok

shell32

CommandLineToArgvW
DragFinish
DragQueryFileW
SHBrowseForFolderW
SHFormatDrive
SHGetPathFromIDListW
ShellExecuteW

shlwapi

PathAddBackslashW
PathFileExistsW
PathFindExtensionW
PathIsDirectoryEmptyW
PathIsDirectoryW
PathQuoteSpacesW
PathRemoveBackslashW
PathRemoveFileSpecW

user32

BeginPaint
CheckDlgButton
CheckRadioButton
CreateWindowExW
DialogBoxParamW
DrawIcon
EnableWindow
EndDialog
EndPaint
FindWindowW
GetComboBoxInfo
GetDlgItem
GetDlgItemInt
GetDlgItemTextW
IsDlgButtonChecked
LoadImageW
MapDialogRect
MessageBeep
MessageBoxA
MessageBoxW
SendMessageW
SetDlgItemInt
SetDlgItemTextW
SetFocus
SetForegroundWindow
SetTimer
SetWindowTextW
ShowWindow

wtsapi32

WTSQueryUserToken

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 256KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 55B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RamDiskUI.exe
.exe windows:4 windows x64 arch:x64

97714330023a50ba891abbf00dab4728

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
ChangeServiceConfig2W
ChangeServiceConfigW
CloseServiceHandle
ControlService
CreateProcessAsUserW
CreateServiceW
CreateWellKnownSid
DeleteService
GetTokenInformation
InitializeSecurityDescriptor
LookupPrivilegeValueW
LsaAddAccountRights
LsaClose
LsaOpenPolicy
OpenProcessToken
OpenSCManagerW
OpenServiceW
RegCloseKey
RegCreateKeyExA
RegDeleteValueW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegisterServiceCtrlHandlerExW
SetEntriesInAclW
SetSecurityDescriptorDacl
SetServiceStatus
StartServiceCtrlDispatcherW
StartServiceW

comctl32

PropertySheetW

comdlg32

GetOpenFileNameW

gdi32

CreateSolidBrush
DeleteObject
Ellipse
SelectObject

kernel32

CloseHandle
CreateDirectoryW
CreateEventA
CreateFileW
CreateProcessW
CreateThread
DefineDosDeviceW
DeviceIoControl
ExitProcess
FindClose
FindFirstFileW
FormatMessageW
GetCommandLineW
GetCurrentProcess
GetExitCodeProcess
GetFileAttributesW
GetFileSizeEx
GetLastError
GetLogicalDrives
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetSystemDirectoryW
GetTempPathW
GetVersionExW
GetVolumeInformationW
LoadLibraryA
LocalFree
OpenEventA
ReadFile
SetCurrentDirectoryW
SetEvent
SetVolumeLabelW
Sleep
VirtualAlloc
WTSGetActiveConsoleSessionId
WaitForSingleObject

msvcrt

_snwprintf
_wtoi
wcscat
wcscmp
wcscpy
wcslen
wcsncmp
wcsstr
wcstok

ntdll

RtlDosPathNameToNtPathName_U

shell32

CommandLineToArgvW
SHBrowseForFolderW
SHGetFolderPathW
SHGetPathFromIDListW
ShellExecuteExW
ShellExecuteW

shlwapi

PathAddBackslashW
PathFileExistsW
PathIsDirectoryEmptyW
PathQuoteSpacesW
PathRemoveBackslashW
PathRemoveFileSpecW

user32

BeginPaint
CheckDlgButton
CheckRadioButton
CreateWindowExW
DialogBoxParamW
DrawIcon
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
GetComboBoxInfo
GetDlgItem
GetDlgItemInt
GetDlgItemTextW
GetParent
GetWindowRect
IsDlgButtonChecked
LoadImageW
MapDialogRect
MessageBeep
MessageBoxA
MessageBoxW
RedrawWindow
ScreenToClient
SendDlgItemMessageW
SendMessageW
SetDlgItemInt
SetDlgItemTextW
SetFocus
SetWindowLongPtrW

wtsapi32

WTSQueryUserToken
WTSSendMessageA

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RamDyn.exe
.exe windows:4 windows x64 arch:x64

5193f0c7f995800d056273cb31bd3296

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
CreateWellKnownSid
InitializeSecurityDescriptor
LookupPrivilegeValueA
OpenProcessToken
SetEntriesInAclW
SetSecurityDescriptorDacl
SystemFunction036

kernel32

AllocateUserPhysicalPages
CreateEventA
CreateEventW
CreateFileMappingA
CreateFileW
CreateProcessW
CreateThread
ExitProcess
FlushFileBuffers
FreeUserPhysicalPages
GetCurrentProcess
GetCurrentProcessId
GetFileSizeEx
GetLastError
GetProcAddress
GetProcessWorkingSetSize
GetSystemInfo
GetTickCount
GlobalMemoryStatusEx
LoadLibraryA
MapUserPhysicalPages
MapViewOfFile
OpenEventW
ProcessIdToSessionId
ReadFile
SetFilePointerEx
SetProcessShutdownParameters
SetProcessWorkingSetSize
Sleep
VirtualLock
WTSGetActiveConsoleSessionId
WriteFile

msvcrt

__wgetmainargs
_snwprintf
_wtoi
_wtoi64
sprintf
wcslen

ntdll

NtAllocateVirtualMemory
NtClose
NtFreeVirtualMemory
NtFsControlFile
NtQueryVolumeInformationFile
NtSetEvent
NtSignalAndWaitForSingleObject
NtWaitForSingleObject

user32

CreateWindowExA
DefWindowProcW
DispatchMessageW
GetMessageW
MessageBoxA
RegisterClassA

wtsapi32

WTSSendMessageW

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
config.exe
.exe windows:4 windows x64 arch:x64

bc099eb4adf260b54d8a1934b02e6f7a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
ChangeServiceConfig2W
ChangeServiceConfigW
CloseServiceHandle
CreateServiceW
CreateWellKnownSid
DeleteService
LookupPrivilegeValueW
LsaAddAccountRights
LsaOpenPolicy
OpenProcessToken
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegSetValueExA
RegSetValueExW
StartServiceW

comdlg32

GetSaveFileNameW

gdi32

CreateFontIndirectA
CreateSolidBrush
SetBkColor

kernel32

CloseHandle
CopyFileW
CreateDirectoryW
CreateFileW
CreateProcessW
CreateThread
DeleteFileW
ExitProcess
FindClose
FindFirstFileW
FindNextFileW
GetCommandLineW
GetCurrentProcess
GetFileSizeEx
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetUserDefaultUILanguage
GetVersionExW
LoadLibraryA
MoveFileExW
ReadFile
RemoveDirectoryW
SetCurrentDirectoryA
SetCurrentDirectoryW
Sleep
VirtualAlloc
VirtualFree
WaitForSingleObject
WriteFile

msvcrt

_snwprintf
_wcsicmp
_wcsnicmp
puts
strcat
strcpy
wcscat
wcscmp
wcscpy
wcslen
wcsrchr
wcsstr
wcstok

ole32

CoCreateInstance
CoInitialize

setupapi

SetupPromptReboot

shell32

CommandLineToArgvW
SHBrowseForFolderW
SHGetFolderPathW
SHGetPathFromIDListW
ShellExecuteExW

shlwapi

PathAddBackslashW
PathFileExistsW
PathQuoteSpacesW
PathRemoveFileSpecW

user32

BeginPaint
CheckDlgButton
CreateWindowExW
DialogBoxParamW
DrawIcon
EnableWindow
EndDialog
EndPaint
GetDlgItem
GetDlgItemTextW
GetWindowRect
IsDlgButtonChecked
LoadImageW
MapDialogRect
MessageBeep
MessageBoxA
MessageBoxW
ScreenToClient
SendDlgItemMessageW
SendMessageW
SetCursor
SetDlgItemTextW
SetFocus
SetWindowTextW
ShowWindow

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 69KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/awealloc/amd64/awealloc.sys
.sys windows:6 windows x64 arch:x64

e2c0e112b9171594fa2bc30bbc636b40

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5e:97:ff:03:63:d4:5e:6f:5b:b8:2c:2b
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

11/04/2021, 19:54

Not After

12/03/2022, 15:13

Subject

SERIALNUMBER=969697-0400,CN=Lagerkvist Teknisk Rådgivning i Borås HB,O=Lagerkvist Teknisk Rådgivning i Borås HB,STREET=Alvestagatan 29 lgh 1502,L=Borås,ST=Västra Götalands Län,C=SE,1.3.6.1.4.1.311.60.2.1.3=#13025345,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

33:00:00:00:43:3a:68:18:9e:33:90:29:87:00:00:00:00:00:43
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 22:25

Not After

02/12/2021, 22:25

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

98:e0:4d:f8:53:8d:82:35:3a:33:f7:68:47:77:e7:10:2d:06:65:5f:8e:e1:29:2c:37:20:f5:39:31:eb:f2:22
Signer

Actual PE Digest

98:e0:4d:f8:53:8d:82:35:3a:33:f7:68:47:77:e7:10:2d:06:65:5f:8e:e1:29:2c:37:20:f5:39:31:eb:f2:22

Digest Algorithm

sha256

PE Digest Matches

true

7c:34:77:0a:34:aa:da:d8:68:ab:4a:21:5e:af:10:d1:35:64:06:2c
Signer

Actual PE Digest

7c:34:77:0a:34:aa:da:d8:68:ab:4a:21:5e:af:10:d1:35:64:06:2c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

z:\kod\imdisk\awealloc\amd64\awealloc.pdb

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoWriteErrorLogEntry
IoDeleteSymbolicLink
ExFreePoolWithTag
KeAcquireInStackQueuedSpinLockAtDpcLevel
KeReleaseInStackQueuedSpinLock
MmResetDriverPaging
IoBuildPartialMdl
ZwReadFile
RtlInitUnicodeString
IoDeleteDevice
KeAcquireInStackQueuedSpinLock
MmAllocatePagesForMdl
IoFreeMdl
MmPageEntireDriver
IoAllocateErrorLogEntry
MmMapLockedPagesSpecifyCache
IoCreateUnprotectedSymbolicLink
ZwClose
IofCompleteRequest
RtlCompareMemory
MmFreePagesFromMdl
IoCreateDevice
ZwOpenFile
ZwQueryInformationFile
DbgPrint
IoAllocateMdl
KeReleaseInStackQueuedSpinLockFromDpcLevel
KeBugCheckEx

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/cli/amd64/imdisk.exe
.exe windows:6 windows x64 arch:x64

c10e7590f23b589706cea845e71b518f

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5e:97:ff:03:63:d4:5e:6f:5b:b8:2c:2b
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

11/04/2021, 19:54

Not After

12/03/2022, 15:13

Subject

SERIALNUMBER=969697-0400,CN=Lagerkvist Teknisk Rådgivning i Borås HB,O=Lagerkvist Teknisk Rådgivning i Borås HB,STREET=Alvestagatan 29 lgh 1502,L=Borås,ST=Västra Götalands Län,C=SE,1.3.6.1.4.1.311.60.2.1.3=#13025345,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

33:00:00:00:43:3a:68:18:9e:33:90:29:87:00:00:00:00:00:43
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 22:25

Not After

02/12/2021, 22:25

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ed:78:cf:b3:5a:75:ea:8b:27:ed:dd:01:6a:8b:73:99:4f:ac:93:f5:e7:4e:6b:47:bd:44:e0:a3:ae:d6:38:89
Signer

Actual PE Digest

ed:78:cf:b3:5a:75:ea:8b:27:ed:dd:01:6a:8b:73:99:4f:ac:93:f5:e7:4e:6b:47:bd:44:e0:a3:ae:d6:38:89

Digest Algorithm

sha256

PE Digest Matches

true

c5:82:31:a4:5f:ce:89:56:42:0a:ca:93:88:de:88:83:25:66:b8:99
Signer

Actual PE Digest

c5:82:31:a4:5f:ce:89:56:42:0a:ca:93:88:de:88:83:25:66:b8:99

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

z:\kod\imdisk\cli\amd64\imdisk.pdb

Imports

kernel32

ExitProcess
GetCommandLineW
CreateMutexW
GlobalMemoryStatus
CreateProcessW
HeapAlloc
HeapFree
WaitForSingleObject
GetProcessHeap
FormatMessageA
WaitNamedPipeW
Sleep
CreateFileW
FlushFileBuffers
RaiseException
GetLastError
DefineDosDeviceW
QueryDosDeviceW
DeviceIoControl
ReleaseMutex
CloseHandle
LocalFree
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter

msvcrt

memset
malloc
memcpy
swscanf
wcstoul
_snwprintf
free
exit
wcstok
puts
_wcsupr
_iob
iswctype
fprintf
printf
fputs

user32

CharToOemA
MessageBoxA

shell32

CommandLineToArgvW

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlDosPathNameToNtPathName_U
NtClose
RtlFreeUnicodeString
RtlInitUnicodeString
RtlCreateUnicodeString

imdisk.cpl

ImDiskOpenDeviceByNumber
ImDiskNotifyRemovePending
ImDiskRemoveMountPoint
ImDiskNotifyShellDriveLetter
ImDiskCreateMountPoint
ImDiskFindFreeDriveLetter
ImDiskStartService
ImDiskOpenDeviceByMountPoint
ImDiskOpenDeviceByName
ImDiskForceRemoveDevice
ImDiskSaveRegistrySettings
ImDiskGetOffsetByFileExt
ImDiskGetSinglePartitionInformation
ImDiskGetDeviceListEx
ImDiskRemoveRegistrySettings

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 178B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/cli/i386/imdisk.exe
.exe windows:6 windows x86 arch:x86

3d7950192592b0d701e1d7cf00cff7be

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5e:97:ff:03:63:d4:5e:6f:5b:b8:2c:2b
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

11/04/2021, 19:54

Not After

12/03/2022, 15:13

Subject

SERIALNUMBER=969697-0400,CN=Lagerkvist Teknisk Rådgivning i Borås HB,O=Lagerkvist Teknisk Rådgivning i Borås HB,STREET=Alvestagatan 29 lgh 1502,L=Borås,ST=Västra Götalands Län,C=SE,1.3.6.1.4.1.311.60.2.1.3=#13025345,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

33:00:00:00:43:3a:68:18:9e:33:90:29:87:00:00:00:00:00:43
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 22:25

Not After

02/12/2021, 22:25

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:ae:38:7b:d0:b4:69:e7:fc:fa:e1:1a:29:04:f2:cf:5c:7c:64:4d:ee:27:6f:35:ac:a1:36:05:33:fa:b6:f5
Signer

Actual PE Digest

79:ae:38:7b:d0:b4:69:e7:fc:fa:e1:1a:29:04:f2:cf:5c:7c:64:4d:ee:27:6f:35:ac:a1:36:05:33:fa:b6:f5

Digest Algorithm

sha256

PE Digest Matches

true

88:15:86:0a:58:b7:92:27:9a:3c:34:a2:51:d3:f5:e4:2c:1f:42:ee
Signer

Actual PE Digest

88:15:86:0a:58:b7:92:27:9a:3c:34:a2:51:d3:f5:e4:2c:1f:42:ee

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

z:\kod\imdisk\cli\i386\imdisk.pdb

Imports

kernel32

LocalFree
FormatMessageA
GetLastError
RaiseException
DeviceIoControl
QueryDosDeviceW
CreateProcessW
DefineDosDeviceW
ReleaseMutex
CloseHandle
WaitForSingleObject
CreateMutexW
GetVersion
CreateFileW
WaitNamedPipeW
Sleep
FlushFileBuffers
HeapFree
HeapAlloc
GetProcessHeap
GlobalMemoryStatus
ExitProcess
GetCommandLineW
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter

msvcrt

printf
exit
fputs
_iob
fprintf
wcstok
swscanf
iswctype
wcstoul
_wcsupr
malloc
free
memcpy
puts
_snwprintf
memset

user32

CharToOemA
MessageBoxA

shell32

CommandLineToArgvW

ntdll

RtlInitUnicodeString
NtClose
RtlCreateUnicodeString
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
RtlUnwind

imdisk.cpl

_ImDiskRemoveRegistrySettings@4
_ImDiskRemoveMountPoint@4
_ImDiskOpenDeviceByName@8
_ImDiskStartService@4
_ImDiskOpenDeviceByMountPoint@8
_ImDiskSaveRegistrySettings@4
_ImDiskFindFreeDriveLetter@0
_ImDiskGetSinglePartitionInformation@20
_ImDiskGetOffsetByFileExt@8
_ImDiskNotifyRemovePending@8
_ImDiskOpenDeviceByNumber@8
_ImDiskForceRemoveDevice@8
_ImDiskCreateMountPoint@8
_ImDiskNotifyShellDriveLetter@8
_ImDiskGetDeviceListEx@8

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/cpl/amd64/imdisk.cpl
.dll windows:6 windows x64 arch:x64

6d36ce58446379867364d6d6dad41787

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5e:97:ff:03:63:d4:5e:6f:5b:b8:2c:2b
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

11/04/2021, 19:54

Not After

12/03/2022, 15:13

Subject

SERIALNUMBER=969697-0400,CN=Lagerkvist Teknisk Rådgivning i Borås HB,O=Lagerkvist Teknisk Rådgivning i Borås HB,STREET=Alvestagatan 29 lgh 1502,L=Borås,ST=Västra Götalands Län,C=SE,1.3.6.1.4.1.311.60.2.1.3=#13025345,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

33:00:00:00:43:3a:68:18:9e:33:90:29:87:00:00:00:00:00:43
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 22:25

Not After

02/12/2021, 22:25

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fa:1d:1d:77:cb:20:a0:95:c0:07:6a:bf:11:d2:34:36:2b:b3:03:da:35:ba:07:0d:a1:a6:07:ea:ce:fd:08:c8
Signer

Actual PE Digest

fa:1d:1d:77:cb:20:a0:95:c0:07:6a:bf:11:d2:34:36:2b:b3:03:da:35:ba:07:0d:a1:a6:07:ea:ce:fd:08:c8

Digest Algorithm

sha256

PE Digest Matches

true

6e:99:70:b6:dd:c1:50:c4:f9:e2:cf:52:d3:02:c9:8d:26:91:68:6a
Signer

Actual PE Digest

6e:99:70:b6:dd:c1:50:c4:f9:e2:cf:52:d3:02:c9:8d:26:91:68:6a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

z:\kod\imdisk\cpl\amd64\imdisk.pdb

Imports

msvcrt

toupper
_iob
fprintf
fflush
_fgetchar
strchr
_fgetwchar
??2@YAPEAX_K@Z
wcstok
towupper
wcstod
??3@YAXPEAX@Z
_beginthreadex
wcsncat
wcstoul
strncat
malloc
free
wcsncmp
wcsrchr
_XcptFilter
_initterm
_amsg_exit
__C_specific_handler
memcpy
memset
wcschr
wcsncpy
_snwprintf
_wcsicmp
fwprintf

kernel32

LocalFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GetVolumeInformationW
DeleteFileW
WaitForMultipleObjects
QueryDosDeviceW
HeapSize
GetSystemDirectoryA
GetSystemDirectoryW
GetTickCount
SetEvent
WaitForSingleObject
HeapReAlloc
GetWindowsDirectoryW
SetCurrentDirectoryW
MultiByteToWideChar
GetDriveTypeA
CloseHandle
DeviceIoControl
CreateEventW
LocalAlloc
DefineDosDeviceW
VirtualAlloc
SetLastError
GetLastError
FlushFileBuffers
CreateFileW
ReadFile
FormatMessageW
Sleep
WriteFile
WaitNamedPipeW
FormatMessageA
GetProcessHeap
VirtualFree
GetLogicalDrives
HeapFree
GetCurrentProcess
HeapAlloc
SetEndOfFile
SetFilePointer
GetFileSize

advapi32

SetSecurityDescriptorDacl
OpenProcessToken
OpenSCManagerW
OpenServiceW
RegSetValueExW
RegCloseKey
RegDeleteValueW
QueryServiceStatus
StartServiceW
CloseServiceHandle
RegDeleteKeyW
InitializeSecurityDescriptor
RegOpenKeyW
RegQueryValueExW
GetTokenInformation
RegCreateKeyW

user32

SetWindowTextW
GetPropW
CheckDlgButton
GetWindowTextLengthW
GetDlgItemInt
TrackPopupMenu
PostMessageW
GetSubMenu
GetParent
SetFocus
SetDlgItemInt
GetMenu
LoadIconW
GetAsyncKeyState
SetClassLongPtrW
EnableMenuItem
EndDialog
SendDlgItemMessageW
DispatchMessageW
IsDlgButtonChecked
DrawMenuBar
GetSystemMetrics
GetDlgItemTextW
SetDlgItemTextW
SendMessageW
MapWindowPoints
EnableWindow
DestroyWindow
DialogBoxParamW
CreateDialogParamW
RemovePropW
SetPropW
TranslateMessage
IsDialogMessageW
PeekMessageW
GetDlgItem
ShowWindow
SendMessageTimeoutW
MessageBoxW

shell32

ShellExecuteA
SHFormatDrive
ShellExecuteW
SHChangeNotify

comctl32

ImageList_Create
ImageList_ReplaceIcon

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ntdll

RtlInitUnicodeString
RtlFreeUnicodeString
RtlNtStatusToDosError
NtClose
NtOpenFile
RtlDosPathNameToNtPathName_U
RtlCreateUnicodeString

Exports

Exports

CPlApplet
ImDiskAdjustImageFileSize
ImDiskAllocPrintF
ImDiskAllocPrintFA
ImDiskBuildMBR
ImDiskChangeFlags
ImDiskCheckDriverVersion
ImDiskConsoleMessageA
ImDiskConsoleMessageW
ImDiskConvertCHSToLBA
ImDiskConvertLBAToCHS
ImDiskCreateDevice
ImDiskCreateDeviceEx
ImDiskCreateMountPoint
ImDiskExtendDevice
ImDiskFindFreeDriveLetter
ImDiskFlushWindowMessages
ImDiskForceRemoveDevice
ImDiskGetAPIFlags
ImDiskGetDeviceList
ImDiskGetDeviceListEx
ImDiskGetFormattedGeometry
ImDiskGetFormattedGeometryIndirect
ImDiskGetOffsetByFileExt
ImDiskGetPartitionInfoIndirect
ImDiskGetPartitionInfoIndirectEx
ImDiskGetPartitionInformation
ImDiskGetPartitionInformationEx
ImDiskGetPartitionTypeName
ImDiskGetRegistryAutoLoadDevices
ImDiskGetSinglePartitionInfoIndirect
ImDiskGetSinglePartitionInformation
ImDiskGetVersion
ImDiskGetVolumeSize
ImDiskImageContainsISOFS
ImDiskImageContainsISOFSIndirect
ImDiskIsProcessElevated
ImDiskMsgBoxPrintF
ImDiskNativePathToWin32
ImDiskNotifyRemovePending
ImDiskNotifyShellDriveLetter
ImDiskOpenDeviceByMountPoint
ImDiskOpenDeviceByName
ImDiskOpenDeviceByNumber
ImDiskOpenRefreshEvent
ImDiskQueryDevice
ImDiskReadFileHandle
ImDiskRemoveDevice
ImDiskRemoveMountPoint
ImDiskRemoveRegistrySettings
ImDiskSaveImageFile
ImDiskSaveImageFileInteractive
ImDiskSaveRegistrySettings
ImDiskSetAPIFlags
ImDiskStartService
RunDLL_MountFile
RunDLL_MountFileW
RunDLL_RemoveDevice
RunDLL_SaveImageFile

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/cpl/i386/imdisk.cpl
.dll windows:6 windows x86 arch:x86

de388e455fb3d197d74a93e83581e5d4

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5e:97:ff:03:63:d4:5e:6f:5b:b8:2c:2b
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

11/04/2021, 19:54

Not After

12/03/2022, 15:13

Subject

SERIALNUMBER=969697-0400,CN=Lagerkvist Teknisk Rådgivning i Borås HB,O=Lagerkvist Teknisk Rådgivning i Borås HB,STREET=Alvestagatan 29 lgh 1502,L=Borås,ST=Västra Götalands Län,C=SE,1.3.6.1.4.1.311.60.2.1.3=#13025345,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

33:00:00:00:43:3a:68:18:9e:33:90:29:87:00:00:00:00:00:43
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 22:25

Not After

02/12/2021, 22:25

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:92:ba:b3:21:6e:36:bb:39:26:d1:8e:4d:6d:17:84:bc:91:3c:0f:c9:3a:e9:88:88:b6:e2:77:cb:ce:6d:51
Signer

Actual PE Digest

27:92:ba:b3:21:6e:36:bb:39:26:d1:8e:4d:6d:17:84:bc:91:3c:0f:c9:3a:e9:88:88:b6:e2:77:cb:ce:6d:51

Digest Algorithm

sha256

PE Digest Matches

true

29:93:44:f7:23:24:bb:eb:d9:5f:81:ef:ad:83:3a:0b:90:5c:b3:5d
Signer

Actual PE Digest

29:93:44:f7:23:24:bb:eb:d9:5f:81:ef:ad:83:3a:0b:90:5c:b3:5d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

z:\kod\imdisk\cpl\i386\imdisk.pdb

Imports

msvcrt

_iob
fprintf
fflush
_fgetchar
toupper
strchr
??2@YAPAXI@Z
_beginthreadex
strncat
wcsncat
??3@YAXPAX@Z
_fgetwchar
towupper
wcstok
wcstod
malloc
free
memcpy
wcsncmp
wcschr
memset
fwprintf
wcsncpy
wcsrchr
_wcsicmp
_snwprintf
wcstoul

kernel32

GetDriveTypeA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
SetEvent
WaitForSingleObject
GetTickCount
GetSystemDirectoryW
GetSystemDirectoryA
DeleteFileW
GetVolumeInformationW
HeapSize
HeapReAlloc
WaitForMultipleObjects
QueryDosDeviceW
GetWindowsDirectoryW
SetCurrentDirectoryW
MultiByteToWideChar
VirtualAlloc
WriteFile
VirtualFree
WaitNamedPipeW
Sleep
GetCurrentProcess
LocalAlloc
CreateEventW
GetFileSize
SetEndOfFile
FlushFileBuffers
GetLogicalDrives
CreateFileW
GetProcessHeap
HeapAlloc
DeviceIoControl
CloseHandle
HeapFree
GetVersion
DefineDosDeviceW
SetLastError
SetFilePointer
ReadFile
GetLastError
FormatMessageW
FormatMessageA
LocalFree

advapi32

RegSetValueExW
StartServiceW
CloseServiceHandle
OpenServiceW
OpenProcessToken
GetTokenInformation
RegOpenKeyW
RegCreateKeyW
RegQueryValueExW
QueryServiceStatus
RegCloseKey
RegDeleteValueW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegDeleteKeyW
OpenSCManagerW

user32

DispatchMessageW
IsDialogMessageW
GetDlgItemInt
GetMenu
EnableMenuItem
DrawMenuBar
MapWindowPoints
GetSubMenu
TrackPopupMenu
GetAsyncKeyState
LoadIconW
SetClassLongW
GetSystemMetrics
SendMessageW
PostMessageW
GetParent
GetWindowTextLengthW
EnableWindow
TranslateMessage
SetDlgItemInt
SendDlgItemMessageW
CheckDlgButton
SetFocus
IsDlgButtonChecked
EndDialog
SetDlgItemTextW
GetDlgItemTextW
CreateDialogParamW
DestroyWindow
DialogBoxParamW
SetWindowTextW
SendMessageTimeoutW
MessageBoxW
GetPropW
ShowWindow
SetPropW
GetDlgItem
RemovePropW
PeekMessageW

shell32

ShellExecuteA
ShellExecuteW
SHFormatDrive
SHChangeNotify

comctl32

ImageList_Create
ImageList_ReplaceIcon

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

ntdll

NtOpenFile
RtlInitUnicodeString
NtClose
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U
RtlCreateUnicodeString
RtlNtStatusToDosError

Exports

Exports

CPlApplet
ImDiskAdjustImageFileSize
ImDiskAllocPrintF
ImDiskAllocPrintFA
ImDiskBuildMBR
ImDiskChangeFlags
ImDiskCheckDriverVersion
ImDiskConsoleMessageA
ImDiskConsoleMessageW
ImDiskConvertCHSToLBA
ImDiskConvertLBAToCHS
ImDiskCreateDevice
ImDiskCreateDeviceEx
ImDiskCreateMountPoint
ImDiskExtendDevice
ImDiskFindFreeDriveLetter
ImDiskFlushWindowMessages
ImDiskForceRemoveDevice
ImDiskGetAPIFlags
ImDiskGetDeviceList
ImDiskGetDeviceListEx
ImDiskGetFormattedGeometry
ImDiskGetFormattedGeometryIndirect
ImDiskGetOffsetByFileExt
ImDiskGetPartitionInfoIndirect
ImDiskGetPartitionInfoIndirectEx
ImDiskGetPartitionInformation
ImDiskGetPartitionInformationEx
ImDiskGetPartitionTypeName
ImDiskGetRegistryAutoLoadDevices
ImDiskGetSinglePartitionInfoIndirect
ImDiskGetSinglePartitionInformation
ImDiskGetVersion
ImDiskGetVolumeSize
ImDiskImageContainsISOFS
ImDiskImageContainsISOFSIndirect
ImDiskMsgBoxPrintF
ImDiskNativePathToWin32
ImDiskNotifyRemovePending
ImDiskNotifyShellDriveLetter
ImDiskOpenDeviceByMountPoint
ImDiskOpenDeviceByName
ImDiskOpenDeviceByNumber
ImDiskOpenRefreshEvent
ImDiskQueryDevice
ImDiskReadFileHandle
ImDiskRemoveDevice
ImDiskRemoveMountPoint
ImDiskRemoveRegistrySettings
ImDiskSaveImageFile
ImDiskSaveImageFileInteractive
ImDiskSaveRegistrySettings
ImDiskSetAPIFlags
ImDiskStartService
RunDLL_MountFile
RunDLL_MountFileW
RunDLL_RemoveDevice
RunDLL_SaveImageFile
_CPlApplet@16
_ImDiskAdjustImageFileSize@8
_ImDiskBuildMBR@20
_ImDiskChangeFlags@20
_ImDiskCheckDriverVersion@4
_ImDiskConsoleMessageA@16
_ImDiskConsoleMessageW@16
_ImDiskConvertCHSToLBA@8
_ImDiskConvertLBAToCHS@8
_ImDiskCreateDevice@28
_ImDiskCreateDeviceEx@32
_ImDiskCreateMountPoint@8
_ImDiskExtendDevice@12
_ImDiskFindFreeDriveLetter@0
_ImDiskFlushWindowMessages@4
_ImDiskForceRemoveDevice@8
_ImDiskGetAPIFlags@0
_ImDiskGetDeviceList@0
_ImDiskGetDeviceListEx@8
_ImDiskGetFormattedGeometry@12
_ImDiskGetFormattedGeometryIndirect@16
_ImDiskGetOffsetByFileExt@8
_ImDiskGetPartitionInfoIndirect@20
_ImDiskGetPartitionInfoIndirectEx@24
_ImDiskGetPartitionInformation@16
_ImDiskGetPartitionInformationEx@20
_ImDiskGetPartitionTypeName@12
_ImDiskGetRegistryAutoLoadDevices@4
_ImDiskGetSinglePartitionInfoIndirect@24
_ImDiskGetSinglePartitionInformation@20
_ImDiskGetVersion@8
_ImDiskGetVolumeSize@8
_ImDiskImageContainsISOFS@8
_ImDiskImageContainsISOFSIndirect@12
_ImDiskIsProcessElevated@0
_ImDiskNativePathToWin32@4
_ImDiskNotifyRemovePending@8
_ImDiskNotifyShellDriveLetter@8
_ImDiskOpenDeviceByMountPoint@8
_ImDiskOpenDeviceByName@8
_ImDiskOpenDeviceByNumber@8
_ImDiskOpenRefreshEvent@4
_ImDiskQueryDevice@12
_ImDiskReadFileHandle@24
_ImDiskRemoveDevice@12
_ImDiskRemoveMountPoint@4
_ImDiskRemoveRegistrySettings@4
_ImDiskSaveImageFile@16
_ImDiskSaveImageFileInteractive@16
_ImDiskSaveRegistrySettings@4
_ImDiskSetAPIFlags@8
_ImDiskStartService@4
_RunDLL_MountFile@16
_RunDLL_MountFileW@16
_RunDLL_RemoveDevice@16
_RunDLL_SaveImageFile@16

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/deviodrv/amd64/deviodrv.sys
.sys windows:6 windows x64 arch:x64

dc3d5d367abd15362dc7d21f39e72fd1

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5e:97:ff:03:63:d4:5e:6f:5b:b8:2c:2b
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

11/04/2021, 19:54

Not After

12/03/2022, 15:13

Subject

SERIALNUMBER=969697-0400,CN=Lagerkvist Teknisk Rådgivning i Borås HB,O=Lagerkvist Teknisk Rådgivning i Borås HB,STREET=Alvestagatan 29 lgh 1502,L=Borås,ST=Västra Götalands Län,C=SE,1.3.6.1.4.1.311.60.2.1.3=#13025345,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

33:00:00:00:43:3a:68:18:9e:33:90:29:87:00:00:00:00:00:43
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 22:25

Not After

02/12/2021, 22:25

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

17:01:9b:93:22:37:1b:95:2e:fd:d6:af:59:53:31:ee:4d:a6:ce:36:5a:cf:2f:4a:73:cb:5f:d3:0e:62:49:3f
Signer

Actual PE Digest

17:01:9b:93:22:37:1b:95:2e:fd:d6:af:59:53:31:ee:4d:a6:ce:36:5a:cf:2f:4a:73:cb:5f:d3:0e:62:49:3f

Digest Algorithm

sha256

PE Digest Matches

true

7e:a6:ce:46:4d:31:f2:82:78:65:50:67:7e:47:33:ab:fd:1b:49:52
Signer

Actual PE Digest

7e:a6:ce:46:4d:31:f2:82:78:65:50:67:7e:47:33:ab:fd:1b:49:52

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

z:\kod\imdisk\deviodrv\amd64\deviodrv.pdb

Imports

ntoskrnl.exe

IoDeleteSymbolicLink
RtlInitUnicodeString
IoDeleteDevice
IoCreateUnprotectedSymbolicLink
IoCreateDevice
DbgPrint
KeDelayExecutionThread
IofCompleteRequest
ExAllocatePoolWithTag
ExFreePoolWithTag
RtlEqualUnicodeString
RtlCopyUnicodeString
KeAcquireInStackQueuedSpinLockAtDpcLevel
KeReleaseInStackQueuedSpinLock
KeAcquireInStackQueuedSpinLock
MmMapLockedPagesSpecifyCache
RtlAssert
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
KeReleaseInStackQueuedSpinLockFromDpcLevel
KeBugCheckEx

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 802B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/gpl.txt
driver/imdisk.inf
driver/install.cmd
driver/msgboxw.exe
.exe windows:4 windows x86 arch:x86

3260cfcd404ff7412b4c901aa07f8d10

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/11/2009, 10:00

Not After

18/03/2019, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:31:89:c6:4d:e1
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:21:5d:dd:41:0e:aa:0b:6d:23:f3:d1:8d:03:cb:d4:6b:f4
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

18/02/2016, 13:18

Not After

10/02/2019, 15:13

Subject

SERIALNUMBER=969697-0400,CN=Lagerkvist Teknisk Rådgivning i Borås HB,O=Lagerkvist Teknisk Rådgivning i Borås HB,STREET=Alvestagatan 29 lgh 1502,L=Borås,ST=Västra Götalands Län,C=SE,1.3.6.1.4.1.311.60.2.1.3=#13025345,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ec:c9:33:f7:57:c2:83:a2:2d:10:1d:3d:76:c6:32:ff:27:80:d0:6c
Signer

Actual PE Digest

ec:c9:33:f7:57:c2:83:a2:2d:10:1d:3d:76:c6:32:ff:27:80:d0:6c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Z:\Kod\exe\msgboxw.pdb

Imports

kernel32

GetCommandLineW
ExitProcess

user32

MessageBoxW
MessageBoxA

ntdll

wcstoul

shell32

CommandLineToArgvW

Sections

.text
Size: 512B - Virtual size: 165B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 451B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
driver/readme.txt
driver/runwaitw.exe
.exe windows:4 windows x86 arch:x86

66298932d6ca63b458d3ef47171408b5

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:1f:a6:ce:53:4e:cd:f6:5f:87:36:62
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

07/02/2022, 14:07

Not After

11/04/2025, 15:13

Subject

SERIALNUMBER=969697-0400,CN=Lagerkvist Teknisk Rådgivning i Borås HB,O=Lagerkvist Teknisk Rådgivning i Borås HB,STREET=Alvestagatan 29 lgh 1502,L=Borås,ST=Västra Götaland,C=SE,1.3.6.1.4.1.311.60.2.1.3=#13025345,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d0:d7:f4:be:58:06:93:89:bd:96:19:d6:02:d2:4d:2c:46:a1:03:00
Signer

Actual PE Digest

d0:d7:f4:be:58:06:93:89:bd:96:19:d6:02:d2:4d:2c:46:a1:03:00

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Z:\Kod\exe\runwaitw.pdb

Imports

kernel32

FormatMessageW
GetExitCodeProcess
TerminateProcess
WaitForSingleObject
CloseHandle
GetLastError
CreateProcessW
GetProcAddress
GetModuleHandleA
GetStartupInfoW
ExitProcess
GetCommandLineW

user32

MessageBoxW

ntdll

wcslen
wcstoul
wcschr
wcscpy
wcscat
_wcsnicmp

msvcrt

malloc
free

Sections

.text
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 748B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 998B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
driver/svc/amd64/imdsksvc.exe
.exe windows:6 windows x64 arch:x64

5f396dd5480bb935c0da9a8c99c9bf26

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5e:97:ff:03:63:d4:5e:6f:5b:b8:2c:2b
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

11/04/2021, 19:54

Not After

12/03/2022, 15:13

Subject

SERIALNUMBER=969697-0400,CN=Lagerkvist Teknisk Rådgivning i Borås HB,O=Lagerkvist Teknisk Rådgivning i Borås HB,STREET=Alvestagatan 29 lgh 1502,L=Borås,ST=Västra Götalands Län,C=SE,1.3.6.1.4.1.311.60.2.1.3=#13025345,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

33:00:00:00:43:3a:68:18:9e:33:90:29:87:00:00:00:00:00:43
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 22:25

Not After

02/12/2021, 22:25

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b3:03:c4:5e:51:d1:a5:29:0f:4e:bc:3f:b4:51:84:ac:ce:53:8c:71:f5:93:2a:36:6d:ba:3b:46:d0:00:6b:66
Signer

Actual PE Digest

b3:03:c4:5e:51:d1:a5:29:0f:4e:bc:3f:b4:51:84:ac:ce:53:8c:71:f5:93:2a:36:6d:ba:3b:46:d0:00:6b:66

Digest Algorithm

sha256

PE Digest Matches

true

9d:ab:4d:d7:8c:38:2f:d7:93:d7:54:51:31:eb:48:ac:b0:cd:25:54
Signer

Actual PE Digest

9d:ab:4d:d7:8c:38:2f:d7:93:d7:54:51:31:eb:48:ac:b0:cd:25:54

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

z:\kod\imdisk\svc\amd64\imdsksvc.pdb

Imports

advapi32

SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW

kernel32

ExitProcess
GetCommState
WaitForSingleObject
SetEvent
ConnectNamedPipe
CreateNamedPipeW
WriteFile
SetCommState
SetCommTimeouts
WideCharToMultiByte
ReadFile
CreateFileW
GetOverlappedResult
GetLastError
SetLastError
ResetEvent
BuildCommDCBAndTimeoutsW
CreateEventW
DeviceIoControl
WaitForMultipleObjects
GetCommTimeouts
CloseHandle
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter

user32

MessageBoxA

msvcrt

memset
wcstok
memcpy
??3@YAXPEAX@Z
wcsstr
_beginthreadex
malloc
free
wcstoul
??2@YAPEAX_K@Z

wsock32

WSAStartup
ioctlsocket
WSAGetLastError
htons
setsockopt
socket
getservbyname
WSASetLastError
closesocket
gethostbyname
connect

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/sys/amd64/imdisk.sys
.sys windows:6 windows x64 arch:x64

ca1b7a99c1db8c685051151b20cecfd0

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5e:97:ff:03:63:d4:5e:6f:5b:b8:2c:2b
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

11/04/2021, 19:54

Not After

12/03/2022, 15:13

Subject

SERIALNUMBER=969697-0400,CN=Lagerkvist Teknisk Rådgivning i Borås HB,O=Lagerkvist Teknisk Rådgivning i Borås HB,STREET=Alvestagatan 29 lgh 1502,L=Borås,ST=Västra Götalands Län,C=SE,1.3.6.1.4.1.311.60.2.1.3=#13025345,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

33:00:00:00:43:3a:68:18:9e:33:90:29:87:00:00:00:00:00:43
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 22:25

Not After

02/12/2021, 22:25

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:4f:b3:0d:97:a4:0b:e9:97:9d:99:1a:45:26:95:4d:08:d1:76:41:e0:08:54:f8:c1:65:d1:76:05:15:99:17
Signer

Actual PE Digest

18:4f:b3:0d:97:a4:0b:e9:97:9d:99:1a:45:26:95:4d:08:d1:76:41:e0:08:54:f8:c1:65:d1:76:05:15:99:17

Digest Algorithm

sha256

PE Digest Matches

true

1d:c5:fd:88:d1:e8:95:14:1e:23:d3:e8:34:97:18:b8:22:35:99:ae
Signer

Actual PE Digest

1d:c5:fd:88:d1:e8:95:14:1e:23:d3:e8:34:97:18:b8:22:35:99:ae

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

z:\kod\imdisk\sys\amd64\imdisk.pdb

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
ZwCreateEvent
IoDeleteSymbolicLink
ExFreePoolWithTag
_snwprintf
RtlSetDaclSecurityDescriptor
RtlInitUnicodeString
IoDeleteDevice
KeSetEvent
RtlAppendUnicodeToString
KeInitializeEvent
KeDelayExecutionThread
PsCreateSystemThread
ZwQueryValueKey
IoCreateUnprotectedSymbolicLink
ExEventObjectType
ZwClose
ObReferenceObjectByHandle
KeWaitForSingleObject
RtlCopyUnicodeString
ObfDereferenceObject
IoCreateDevice
ObReferenceObjectByPointer
DbgPrint
RtlCreateSecurityDescriptor
KePulseEvent
ZwOpenKey
KeClearEvent
KeReadStateEvent
IoBuildSynchronousFsdRequest
ZwReadFile
IoGetRelatedDeviceObject
IoCancelIrp
KeWaitForMultipleObjects
IofCallDriver
ZwFsControlFile
KeReleaseInStackQueuedSpinLock
_wcsnicmp
ZwMapViewOfSection
KeAcquireInStackQueuedSpinLock
ZwSetInformationFile
SeCreateClientSecurity
IoFileObjectType
ZwWaitForSingleObject
ZwCreateFile
SeImpersonateClient
ZwFreeVirtualMemory
RtlAppendUnicodeStringToString
ZwDeviceIoControlFile
ZwQueryInformationFile
ZwOpenSection
SeTokenType
ZwAllocateVirtualMemory
IoBuildDeviceIoControlRequest
NtWriteFile
KeSetPriorityThread
NtFsControlFile
MmMapLockedPagesSpecifyCache
PsTerminateSystemThread
IofCompleteRequest
NtReadFile
SeSinglePrivilegeCheck
IoFreeMdl
IoFreeIrp
IoAllocateIrp
MmUnlockPages
ZwOpenEvent
ZwUnmapViewOfSection
KeBugCheckEx

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/uninstall_imdisk.cmd
lang/brazilian-portuguese.txt
lang/english.txt
lang/finnish.txt
lang/french.txt
lang/german.txt
lang/hungarian.txt
lang/italian.txt
lang/korean.txt
lang/russian.txt
lang/schinese.txt
lang/spanish.txt
lang/swedish.txt
lang/tchinese.txt
ImDiskTk20240210/install.bat
.bat .vbs

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 31KB - Virtual size: 30KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 234KB - Virtual size: 234KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 25KB - Virtual size: 25KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 130KB - Virtual size: 129KB

.rsrc Size: 1024B - Virtual size: 1004B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 26KB - Virtual size: 25KB

.rsrc Size: 1024B - Virtual size: 964B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 56KB - Virtual size: 55KB

.rsrc Size: 1024B - Virtual size: 964B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 70KB - Virtual size: 69KB

.text
Size: 31KB - Virtual size: 30KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 234KB - Virtual size: 234KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 25KB - Virtual size: 25KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 130KB - Virtual size: 129KB

.rsrc
Size: 1024B - Virtual size: 1004B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 26KB - Virtual size: 25KB

.rsrc
Size: 1024B - Virtual size: 964B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 56KB - Virtual size: 55KB

.rsrc
Size: 1024B - Virtual size: 964B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 70KB - Virtual size: 69KB

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 70KB - Virtual size: 70KB

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 65KB - Virtual size: 65KB

.rsrc
Size: 1024B - Virtual size: 964B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 47KB - Virtual size: 46KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 57KB - Virtual size: 57KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

cc:4b:a2:41:14:22:a9:b2:95:0a:03:cf:6b:10:ac:33:18:a3:e3:b3:29:5f:de:d3:ce:0d:14:ab:31:da:59:c6
Signer