parsec-windows (1)[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

parsec-windows (1).exe
Size

3.9MB
MD5

5be3333a5e6933a5e8977e85dc56f571
SHA1

5fc2e86bea1b723948f1a2d83395109573f08b16
SHA256

32ab1d25825f510b8be2bfd73a48d6539db914a9382726dd486be114f6ccae6e
SHA512

6332fb8296b5d66bbedba535dd48dae351939643f705476a19de79f71aac05083913d75e11b8a9de953031c8224c2a638035fbfc434f249c8d7ae824ba2b78ed
SSDEEP

98304:js+MQnPLeMNCvYaPhJTcYaxYEDzuWqbZJM3+:jsvyeMjguYax7z+bi+

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/ApplicationID.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/nsExec.dll
unpack003/$PLUGINSDIR/System.dll
unpack003/$PLUGINSDIR/UserInfo.dll
unpack003/$PLUGINSDIR/nsDialogs.dll
unpack003/$PLUGINSDIR/nsExec.dll

Files

parsec-windows (1).exe
.exe windows:4 windows x86 arch:x86

56a78d55f3f7af51443e58e0ce2fb5f6

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:68:12:e8:33:50:f1:ad:f4:e9:d5:67:f3:cf:82:5b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

26-04-2023 00:00

Not After

03-01-2025 23:59

Subject

SERIALNUMBER=6033210,CN=Parsec Cloud\, Inc.,O=Parsec Cloud\, Inc.,L=New York,ST=New York,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e6:b7:1f:72:45:79:98:f6:26:36:94:74:3f:7d:63:5b:6c:0a:0e:94:dc:44:f6:5b:6c:20:cc:6a:26:ed:68:8f
Signer

Actual PE Digest

e6:b7:1f:72:45:79:98:f6:26:36:94:74:3f:7d:63:5b:6c:0a:0e:94:dc:44:f6:5b:6c:20:cc:6a:26:ed:68:8f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
CreateFileW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 188KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ApplicationID.dll
.dll windows:6 windows x86 arch:x86

9b38d46d6882ee63437c721734be794c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\src\NSIS-ApplicationID\Release\ApplicationID.pdb

Imports

kernel32

MultiByteToWideChar
GlobalAlloc
GlobalFree
lstrcpynA
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
RaiseException
GetLastError
FreeLibrary
LoadLibraryExW
InterlockedFlushSList
HeapAlloc
HeapReAlloc
HeapFree
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetACP
GetStdHandle
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
HeapSize
CreateFileW

shell32

SHCreateItemFromParsingName
SHGetPropertyStoreFromParsingName

ole32

CoCreateInstance
CoInitialize
CoUninitialize

shlwapi

SHStrDupW

Exports

Exports

Set
UninstallJumpLists
UninstallPinnedItem

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

6b5c4f7d679059f68f1269aad3a5cecd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
lstrcpyW
MulDiv
lstrlenW
HeapFree
GetCurrentDirectoryW
lstrcmpiW
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
SetCurrentDirectoryW
HeapAlloc

user32

DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
GetPropW
CharPrevW
DrawFocusRect
GetWindowLongW
DrawTextW
GetClientRect
SetWindowLongW
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamW
MapDialogRect
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
CharNextW
SendMessageW
MapWindowPoints
RemovePropW
GetWindowTextW

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

c1c7505e1e6e929ebb6b9100e55b050a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
IsTextUnicode

user32

wsprintfW
CharNextExA
SendMessageW
FindWindowExW
CharNextW
CharPrevW

kernel32

CreatePipe
DeleteFileW
lstrcmpiW
GetCommandLineW
ExitProcess
Sleep
TerminateProcess
GlobalReAlloc
MultiByteToWideChar
IsDBCSLeadByteEx
ReadFile
PeekNamedPipe
GetExitCodeProcess
WaitForSingleObject
GetTickCount
lstrcpyW
CreateProcessW
GetStartupInfoW
CreateFileMappingW
GetVersion
GetCurrentProcess
lstrcpynW
lstrlenW
lstrcatW
CloseHandle
UnmapViewOfFile
MapViewOfFile
GlobalFree
CreateFileW
CopyFileW
GetTempFileNameW
GlobalAlloc
GetModuleFileNameW
GetProcAddress
GetModuleHandleA

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
parsecd.exe
.exe windows:6 windows x64 arch:x64

43e208612bb1b7bf9a2d6ef93d7ffeec

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:68:12:e8:33:50:f1:ad:f4:e9:d5:67:f3:cf:82:5b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

26-04-2023 00:00

Not After

03-01-2025 23:59

Subject

SERIALNUMBER=6033210,CN=Parsec Cloud\, Inc.,O=Parsec Cloud\, Inc.,L=New York,ST=New York,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b8:f6:23:f1:9a:9f:e8:f4:0b:27:a0:a4:bb:06:37:be:a8:33:17:3a:d2:cf:7d:54:b0:04:f9:e0:b8:d1:5b:bb
Signer

Actual PE Digest

b8:f6:23:f1:9a:9f:e8:f4:0b:27:a0:a4:bb:06:37:be:a8:33:17:3a:d2:cf:7d:54:b0:04:f9:e0:b8:d1:5b:bb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetConsoleMode
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentThreadId
WriteFile
SetLastError
GetCommandLineA
GetFullPathNameW
GetDriveTypeW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
TerminateProcess
GetModuleHandleExW
HeapAlloc
LoadLibraryW
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
IsProcessorFeaturePresent
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
LoadLibraryExW
CompareStringW
LCMapStringW
GetStartupInfoW
HeapReAlloc
ReadFile
ReadConsoleW
GetConsoleOutputCP
GetFileSizeEx
SetFilePointerEx
SetStdHandle
HeapSize
GetProcessHeap
FlushFileBuffers
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
GetTimeZoneInformation
SetEndOfFile
WriteConsoleW
RaiseException
InitializeSListHead
RtlPcToFileHeader
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
RtlUnwindEx
FreeLibrary
SetUnhandledExceptionFilter
GetStdHandle
CopyFileW
FindNextFileW
FindFirstFileW
FindClose
GetEnvironmentStringsW
GetModuleHandleW
GetCurrentProcessId
GetProcAddress
GetWindowsDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
FindFirstFileExW
GetLastError
FreeEnvironmentStringsW
GetSystemDirectoryW
SetEnvironmentVariableW
GetCurrentProcess
GetCommandLineW
CloseHandle
GetFileInformationByHandle
CreateFileW
DeviceIoControl
RtlCaptureContext
GetModuleFileNameW

shlwapi

PathIsNetworkPathW

shell32

SHGetKnownFolderPath
ord165

user32

MessageBoxW

bcrypt

BCryptCreateHash
BCryptOpenAlgorithmProvider
BCryptHashData
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptGetProperty
BCryptFinishHash

crypt32

CertFreeCertificateContext
CryptBinaryToStringW

msi

ord224

ole32

CoTaskMemFree

Sections

.text
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pservice.exe
.exe windows:6 windows x64 arch:x64

60e699a86ace77c1e6146e859c5513ec

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:68:12:e8:33:50:f1:ad:f4:e9:d5:67:f3:cf:82:5b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

26-04-2023 00:00

Not After

03-01-2025 23:59

Subject

SERIALNUMBER=6033210,CN=Parsec Cloud\, Inc.,O=Parsec Cloud\, Inc.,L=New York,ST=New York,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cd:84:b4:80:7a:9a:17:ce:31:d0:e4:38:41:6e:24:46:fa:3d:a3:43:2c:8d:63:21:9e:71:cd:44:13:a5:7c:e8
Signer

Actual PE Digest

cd:84:b4:80:7a:9a:17:ce:31:d0:e4:38:41:6e:24:46:fa:3d:a3:43:2c:8d:63:21:9e:71:cd:44:13:a5:7c:e8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DeleteFileW
FindClose
FindNextFileW
CopyFileW
MoveFileExW
MultiByteToWideChar
WideCharToMultiByte
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
WaitForSingleObject
CreateThread
GetCurrentThreadId
QueryPerformanceCounter
SetWaitableTimerEx
CreateWaitableTimerW
SetLastError
GetFileType
ExitProcess
TerminateProcess
GetModuleHandleExW
HeapAlloc
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
IsProcessorFeaturePresent
HeapFree
GetStartupInfoW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
LoadLibraryExW
CompareStringW
LCMapStringW
GetFileAttributesExW
HeapReAlloc
GetConsoleOutputCP
SetFilePointerEx
SetStdHandle
HeapSize
GetProcessHeap
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
FlushFileBuffers
WriteConsoleW
RaiseException
InitializeSListHead
GetCommandLineA
RtlPcToFileHeader
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
RtlUnwindEx
GetConsoleMode
FreeLibrary
CreateProcessW
SetUnhandledExceptionFilter
GetStdHandle
GetEnvironmentStringsW
GetModuleHandleW
GetCurrentProcessId
GetProcAddress
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetCurrentProcess
FindFirstFileExW
GetCommandLineW
GetExitCodeProcess
ConnectNamedPipe
QueryFullProcessImageNameW
WTSGetActiveConsoleSessionId
Process32FirstW
Process32NextW
GetLastError
ProcessIdToSessionId
CreateToolhelp32Snapshot
OpenProcess
DisconnectNamedPipe
GetNamedPipeClientProcessId
CreateNamedPipeW
WriteFile
CallNamedPipeW
ReadFile
CloseHandle
CreateFileW
RtlLookupFunctionEntry
GetModuleFileNameW

shlwapi

PathFileExistsW

shell32

SHGetKnownFolderPath

advapi32

RegQueryValueExW
ReportEventW
RegisterEventSourceW
DuplicateTokenEx
StartServiceCtrlDispatcherW
CreateProcessAsUserW
RegOpenKeyExW
InitializeSecurityDescriptor
OpenProcessToken
RegSetValueExW
SetServiceStatus
SetTokenInformation
RegCloseKey
SetSecurityDescriptorDacl
RegisterServiceCtrlHandlerExW
DeregisterEventSource
RegDeleteValueW

wtsapi32

WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSFreeMemory

crypt32

CryptBinaryToStringW
CertFreeCertificateContext

msi

ord224

ole32

CoTaskMemFree

sas

SendSAS

Sections

.text
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup.json
skel/appdata.json
skel/parsecd-150-95a.dll
.dll windows:6 windows x64 arch:x64

f32835765895d16f8c65c09d2a2854ee

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:68:12:e8:33:50:f1:ad:f4:e9:d5:67:f3:cf:82:5b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

26-04-2023 00:00

Not After

03-01-2025 23:59

Subject

SERIALNUMBER=6033210,CN=Parsec Cloud\, Inc.,O=Parsec Cloud\, Inc.,L=New York,ST=New York,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

de:a1:5e:3c:17:a4:36:50:65:3f:18:48:1a:96:be:51:76:30:7b:c3:d7:fd:7c:7a:8e:59:07:ba:0a:2d:65:d0
Signer

Actual PE Digest

de:a1:5e:3c:17:a4:36:50:65:3f:18:48:1a:96:be:51:76:30:7b:c3:d7:fd:7c:7a:8e:59:07:ba:0a:2d:65:d0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
GetThreadId
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
TryAcquireSRWLockShared
GlobalSize
ResetEvent
WaitForSingleObjectEx
LoadLibraryExW
SetThreadErrorMode
SwitchToThread
GetFileAttributesW
GetSystemTimeAsFileTime
GetOverlappedResultEx
ResumeThread
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery
GlobalFree
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
RaiseException
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedFlushSList
GetFileType
WriteConsoleW
GetFullPathNameW
ExitProcess
GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetConsoleCtrlHandler
ExitThread
FreeLibraryAndExitThread
GetTimeZoneInformation
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
IsProcessorFeaturePresent
HeapFree
HeapAlloc
GetStartupInfoW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetConsoleWindow
MoveFileExW
CompareStringW
LCMapStringW
OutputDebugStringW
GetConsoleOutputCP
GetFileSizeEx
SetFilePointerEx
HeapReAlloc
ReadConsoleW
SetStdHandle
HeapSize
GetFileAttributesExW
FlushFileBuffers
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
SetEndOfFile
SleepConditionVariableSRW
InitializeSListHead
FindFirstFileExW
GetThreadTimes
InitializeCriticalSectionEx
SetConsoleTitleW
SetConsoleOutputCP
InitializeCriticalSection
CopyFileW
DeleteFileW
CreateWaitableTimerW
SetWaitableTimerEx
QueryPerformanceFrequency
GetTimeFormatW
SetConsoleMode
GetConsoleMode
AttachConsole
AllocConsole
GetStdHandle
WideCharToMultiByte
MultiByteToWideChar
GetEnvironmentStringsW
CreateProcessW
GetWindowsDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
UpdateProcThreadAttribute
FreeEnvironmentStringsW
GetSystemDirectoryW
CreateJobObjectW
SetProcessShutdownParameters
SetEnvironmentVariableW
InitializeProcThreadAttributeList
AssignProcessToJobObject
GetCommandLineW
SetPriorityClass
CallNamedPipeW
SetInformationJobObject
lstrlenW
FindClose
FindNextFileW
FindFirstFileW
OpenThread
TerminateThread
GetComputerNameW
SetEvent
RtlCaptureStackBackTrace
GetModuleHandleExW
CreateThread
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
lstrlenA
Sleep
ConnectNamedPipe
QueryFullProcessImageNameW
GetNamedPipeServerProcessId
GetOverlappedResult
FormatMessageW
DisconnectNamedPipe
GetNamedPipeClientProcessId
CreateNamedPipeW
WriteFile
SetLastError
SetNamedPipeHandleState
ReadFile
GetExitCodeProcess
GetModuleFileNameW
TerminateProcess
AcquireSRWLockExclusive
GetCurrentThread
ReleaseSRWLockExclusive
VerifyVersionInfoW
VerSetConditionMask
GetCommandLineA
SetUnhandledExceptionFilter
GetCurrentThreadId
GetTempPathW
GetCurrentProcess
GlobalUnlock
GetModuleHandleW
GlobalLock
GlobalAlloc
FreeLibrary
GetProcAddress
LoadLibraryW
SetThreadExecutionState
GetCurrentProcessId
WTSGetActiveConsoleSessionId
ProcessIdToSessionId
CreateEventW
GetProcessHeap
GetLastError
OpenProcess
WaitForSingleObject
LocalFree
CloseHandle
GetFileInformationByHandle
QueryPerformanceCounter
CreateFileW
LocalAlloc
GetDateFormatW
DeviceIoControl

shlwapi

PathFileExistsW
PathIsNetworkPathW
StrStrW
StrStrIW
ord12
StrStrIA
PathFindFileNameW

shell32

Shell_NotifyIconW
SHGetKnownFolderPath
ExtractIconExW
SetCurrentProcessExplicitAppUserModelID
Shell_NotifyIconGetRect
SHCreateDirectoryExW
DragAcceptFiles
DragFinish
DragQueryFileW

user32

SetCursor
SetCursorPos
AdjustWindowRect
GetWindowRect
ReleaseDC
GetDC
SetForegroundWindow
GetMenuItemInfoW
GetCursor
EndMenu
TrackPopupMenu
InsertMenuW
DestroyMenu
CreatePopupMenu
GetPointerPenInfo
GetPointerType
GetKeyNameTextW
IsZoomed
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
SetWindowPos
GetDoubleClickTime
RegisterWindowMessageW
GetIconInfo
DestroyIcon
ClipCursor
GetClassLongPtrW
LoadCursorW
CreateIconIndirect
MonitorFromPoint
MonitorFromWindow
GetMonitorInfoW
EnumDisplayMonitors
GetRawInputData
RegisterRawInputDevices
SetWindowLongPtrW
MapVirtualKeyW
UnregisterHotKey
MessageBoxW
GetRawInputDeviceInfoW
ShowWindow
SendMessageW
ClientToScreen
GetAncestor
GetWindowLongW
AllowSetForegroundWindow
RegisterClassExW
UnregisterClassW
GetWindowLongPtrW
RegisterHotKey
EnumDisplayDevicesW
TranslateMessage
PeekMessageW
DispatchMessageW
LockWorkStation
GetCursorInfo
PostQuitMessage
WindowFromDC
GetClientRect
ChangeDisplaySettingsExW
PostMessageW
CreateWindowExW
DestroyWindow
EnumDisplaySettingsW
DefWindowProcW
InsertMenuItemW
ScreenToClient
GetSystemMetrics
OpenInputDesktop
CloseDesktop
GetShellWindow
wsprintfW
GetWindowTextW
QueryDisplayConfig
EnumWindows
DisplayConfigGetDeviceInfo
SetDisplayConfig
GetWindowThreadProcessId
SetThreadDesktop
KillTimer
PostThreadMessageW
IsClipboardFormatAvailable
AddClipboardFormatListener
WindowFromPoint
GetForegroundWindow
SetClipboardData
GetClipboardSequenceNumber
RemoveClipboardFormatListener
GetClipboardData
EmptyClipboard
CloseClipboard
SetTimer
OpenClipboard
GetCursorPos
GetLayeredWindowAttributes
SetLayeredWindowAttributes
GetKeyState
GetMessageExtraInfo
GetAsyncKeyState
GetKeyboardLayout
SendInput
GetMessageW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

ws2_32

recv
connect
getnameinfo
send
getsockname
inet_addr
ntohs
ntohl
WSACleanup
WSAIoctl
shutdown
recvfrom
WSASendMsg
inet_pton
WSAStartup
ioctlsocket
htonl
htons
WSAPoll
setsockopt
WSAGetLastError
sendto
getaddrinfo
inet_ntop
freeaddrinfo
socket
WSASetLastError
closesocket
select
bind

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

imm32

ImmReleaseContext
ImmDisableIME
ImmSetCompositionWindow
ImmGetContext

advapi32

CreateProcessAsUserW
RegGetValueW
InitializeSecurityDescriptor
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
SetSecurityDescriptorDacl
RegQueryValueExW
GetUserNameW
RegOpenKeyExW
RegCloseKey
RegEnumKeyW
GetTokenInformation
QueryServiceStatusEx
OpenServiceW
ChangeServiceConfigW
StartServiceW
OpenProcessToken
ControlService
ChangeServiceConfig2W
OpenSCManagerW
CloseServiceHandle
AddAccessAllowedAce
SetSecurityDescriptorControl
GetLengthSid
InitializeAcl
GetFileSecurityW
AddAce
GetSecurityDescriptorControl
SetNamedSecurityInfoW
EqualSid
GetAce
GetAclInformation
SetFileSecurityW
GetSecurityDescriptorDacl
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenThreadToken
DuplicateTokenEx
SetThreadToken
LogonUserW
IsWellKnownSid
SetTokenInformation
RegDeleteValueW
RegQueryInfoKeyW
RegSetValueExW
GetNamedSecurityInfoW
RegOpenCurrentUser
GetEffectiveRightsFromAclW
RegEnumKeyExW

wtsapi32

WTSQueryUserToken
WTSQuerySessionInformationW
WTSLogoffSession
WTSConnectSessionW
WTSEnumerateSessionsW
WTSFreeMemory

dxgi

CreateDXGIFactory2
CreateDXGIFactory1

winmm

timeBeginPeriod
timeEndPeriod

dwmapi

DwmGetWindowAttribute

gdi32

GetObjectW
CreateBitmap
DeleteObject
CreateDIBSection
GetBitmapBits

bcrypt

BCryptGenerateSymmetricKey
BCryptEncrypt
BCryptDecrypt
BCryptDestroyKey
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptDestroyHash
BCryptGenRandom
BCryptSetProperty

schannel

FreeCredentialsHandle
InitializeSecurityContextW
DeleteSecurityContext
AcquireCredentialsHandleW
QueryContextAttributesW
FreeContextBuffer

secur32

EncryptMessage
DecryptMessage
SetContextAttributesW

api-ms-win-shcore-scaling-l1-1-1

GetScaleFactorForMonitor
GetDpiForMonitor

crypt32

CertCreateSelfSignCertificate
CryptUnprotectData
CertStrToNameW
CryptBinaryToStringA
CertFreeCertificateContext
CryptProtectData
CryptBinaryToStringW

xinput1_4

ord2
ord3

windowscodecs

WICConvertBitmapSource

d3d11

D3D11CreateDevice

d3d12

D3D12SerializeRootSignature
ord101

hid

HidP_GetUsageValue
HidP_GetButtonCaps
HidP_GetCaps
HidP_GetValueCaps
HidP_GetUsages

cfgmgr32

SwDeviceCreate
SwDeviceClose
CM_Get_Device_Interface_PropertyW
CM_Locate_DevNodeW
CM_Get_DevNode_PropertyW
CM_Get_DevNode_Status

msi

ord224

iphlpapi

FreeMibTable
GetIfTable2Ex
GetBestInterfaceEx
GetIpAddrTable
GetBestRoute
GetAdaptersAddresses

ole32

CoTaskMemFree
CoInitializeEx
CreateStreamOnHGlobal
GetHGlobalFromStream
CoTaskMemAlloc
CoUninitialize
PropVariantClear
CoCreateInstance

setupapi

SetupDiSetDeviceRegistryPropertyW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsW
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiGetDevicePropertyW
SetupDiDestroyDeviceInfoList

winhttp

WinHttpCloseHandle
WinHttpOpen
WinHttpCrackUrl
WinHttpSetStatusCallback
WinHttpConnect
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpSetOption
WinHttpWebSocketQueryCloseStatus
WinHttpWebSocketClose
WinHttpWebSocketReceive
WinHttpWebSocketSend
WinHttpWebSocketCompleteUpgrade
WinHttpQueryHeaders
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpOpenRequest
WinHttpSetTimeouts

Exports

Exports

console_main
wx_main

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
teams.exe
.exe windows:6 windows x64 arch:x64

ca031310eb12b349b9b999ebbe0436d0

Code Sign

0f:f5:0e:15:d1:d2:93:3d:fe:2a:27:b8:df:b2:5e:5e
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13-05-2020 00:00

Not After

26-04-2023 12:00

Subject

SERIALNUMBER=6033210,CN=Parsec Cloud\, Inc.,O=Parsec Cloud\, Inc.,L=New York,ST=New York,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29-03-2022 00:00

Not After

14-03-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

67:b5:9b:6e:bc:29:7b:91:a1:a0:a2:cf:43:ff:50:7a:7f:37:f2:e0:ec:6c:a3:e4:2c:ea:f4:cd:42:fe:f2:ca
Signer

Actual PE Digest

67:b5:9b:6e:bc:29:7b:91:a1:a0:a2:cf:43:ff:50:7a:7f:37:f2:e0:ec:6c:a3:e4:2c:ea:f4:cd:42:fe:f2:ca

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

IsProcessorFeaturePresent
GetCurrentThreadId
ExitProcess
FreeLibrary
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
LoadLibraryExW
CompareStringW
LCMapStringW
MultiByteToWideChar
GetProcessHeap
WideCharToMultiByte
HeapSize
HeapReAlloc
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
GetCurrentProcess
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentDirectoryW
CreateFileW
FindClose
FindNextFileW
CloseHandle
GetStdHandle
GetModuleFileNameW
UnhandledExceptionFilter
GetConsoleMode
WaitForSingleObject
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SetWaitableTimer
CreateWaitableTimerW
RtlUnwindEx
EncodePointer
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlPcToFileHeader
WriteFile
GetFileType
WriteConsoleW
OutputDebugStringW
FindFirstFileExW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
ReadFile
ReadConsoleW
GetConsoleOutputCP
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
SetEndOfFile
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCommandLineW
GetCommandLineA
SetLastError
GetLastError
GetComputerNameW
LocalFree

crypt32

CryptProtectData

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

winhttp

WinHttpCloseHandle
WinHttpSendRequest
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpOpen
WinHttpConnect

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vdd/parsec-vdd.exe
.exe windows:4 windows x86 arch:x86

56a78d55f3f7af51443e58e0ce2fb5f6

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:68:12:e8:33:50:f1:ad:f4:e9:d5:67:f3:cf:82:5b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

26-04-2023 00:00

Not After

03-01-2025 23:59

Subject

SERIALNUMBER=6033210,CN=Parsec Cloud\, Inc.,O=Parsec Cloud\, Inc.,L=New York,ST=New York,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

75:e7:b0:48:ad:3b:a3:25:58:c4:65:75:1b:8d:ef:f2:6d:47:4c:79:a7:af:f0:5e:c0:67:e3:88:a2:2d:61:1d
Signer

Actual PE Digest

75:e7:b0:48:ad:3b:a3:25:58:c4:65:75:1b:8d:ef:f2:6d:47:4c:79:a7:af:f0:5e:c0:67:e3:88:a2:2d:61:1d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
CreateFileW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

c1c7505e1e6e929ebb6b9100e55b050a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
IsTextUnicode

user32

wsprintfW
CharNextExA
SendMessageW
FindWindowExW
CharNextW
CharPrevW

kernel32

CreatePipe
DeleteFileW
lstrcmpiW
GetCommandLineW
ExitProcess
Sleep
TerminateProcess
GlobalReAlloc
MultiByteToWideChar
IsDBCSLeadByteEx
ReadFile
PeekNamedPipe
GetExitCodeProcess
WaitForSingleObject
GetTickCount
lstrcpyW
CreateProcessW
GetStartupInfoW
CreateFileMappingW
GetVersion
GetCurrentProcess
lstrcpynW
lstrlenW
lstrcatW
CloseHandle
UnmapViewOfFile
MapViewOfFile
GlobalFree
CreateFileW
CopyFileW
GetTempFileNameW
GlobalAlloc
GetModuleFileNameW
GetProcAddress
GetModuleHandleA

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/mm.cat
driver/mm.dll
.dll windows:10 windows x64 arch:x64

8ea2a4c54fa25433f775630a59c9d7ac

Code Sign

33:00:00:00:62:f4:5c:f9:9e:58:a9:6a:89:00:00:00:00:00:62
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-04-2023 19:16

Not After

03-04-2024 19:16

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:12:eb:5b:97:e4:cb:cb:ab:af:40:1e:9c:c7:20:30:53:04:6d:ce:72:33:dc:a2:7e:fb:fd:13:7b:f5:96:54
Signer

Actual PE Digest

2e:12:eb:5b:97:e4:cb:cb:ab:af:40:1e:9c:c7:20:30:53:04:6d:ce:72:33:dc:a2:7e:fb:fd:13:7b:f5:96:54

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\gitsrc\parsec-cloud\magic-mirror\driver\x64\Release\mm.pdb

Imports

ntdll

RtlInitUnicodeString
RtlUnwindEx
DbgPrintEx
RtlCompareMemory

advapi32

EventUnregister
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel
TraceMessage
EventWriteTransfer
RegisterTraceGuidsW
EventRegister
GetTraceEnableFlags

wpprecorderum

WppAutoLogStart
WppAutoLogStop
WppAutoLogTrace

kernel32

CreateThread
Sleep
CreateEventW
WaitForSingleObject
QueryPerformanceFrequency
QueryPerformanceCounter
GetLastError
CloseHandle
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
DeleteCriticalSection
WaitForMultipleObjects
GetCurrentThreadId
InitializeCriticalSectionEx
ResetEvent
WaitForSingleObjectEx
WaitForMultipleObjectsEx
DebugBreak
OutputDebugStringA
RtlLookupFunctionEntry
GetSystemTimeAsFileTime
RtlCaptureContext
IsProcessorFeaturePresent
FlsFree
FlsSetValue
GetCurrentProcessId
InitializeSListHead
SetEvent
FlsGetValue
FlsAlloc
SetLastError
InterlockedFlushSList
IsDebuggerPresent
TerminateProcess

ole32

CoCreateGuid

dxgi

CreateDXGIFactory2

d3d11

D3D11CreateDevice

avrt

AvRevertMmThreadCharacteristics
AvSetMmThreadCharacteristicsW

api-ms-win-crt-heap-l1-1-0

calloc
malloc
free

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsnwprintf_s

api-ms-win-crt-string-l1-1-0

strcmp
strncpy_s

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_seh_filter_dll
_initterm_e
_initterm
_initialize_onexit_table
_execute_onexit_table
_cexit
terminate
abort

Exports

Exports

FxDriverEntryUm

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/mm.inf
mm.man
.xml
nefconw.exe
.exe windows:6 windows x64 arch:x64

d08a75f41a2a78d420d594fc0d2927fb

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:68:12:e8:33:50:f1:ad:f4:e9:d5:67:f3:cf:82:5b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

26-04-2023 00:00

Not After

03-01-2025 23:59

Subject

SERIALNUMBER=6033210,CN=Parsec Cloud\, Inc.,O=Parsec Cloud\, Inc.,L=New York,ST=New York,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c2:4b:b9:d2:ca:f0:c5:9a:5b:68:20:95:7d:34:27:d0:58:73:c7:47:3f:14:db:76:52:53:ca:cc:3a:f4:90:1e
Signer

Actual PE Digest

c2:4b:b9:d2:ca:f0:c5:9a:5b:68:20:95:7d:34:27:d0:58:73:c7:47:3f:14:db:76:52:53:ca:cc:3a:f4:90:1e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

rpcrt4

UuidFromStringA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

setupapi

SetupDiCreateDeviceInfoW
SetupDiDestroyDeviceInfoList
SetupDiOpenClassRegKey
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiCreateDeviceInfoList
SetupFindFirstLineW
SetupOpenInfFileW
InstallHinfSectionW
SetupDiGetActualSectionToInstallW
SetupDiCallClassInstaller
SetupDiBuildDriverInfoList
SetupDiGetDriverInfoDetailW
SetupDiEnumDriverInfoW
SetupDiDestroyDriverInfoList
SetupDiSetDeviceRegistryPropertyW
SetupCloseInfFile

kernel32

EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
SetLastError
lstrlenW
LocalAlloc
GetLastError
GetCurrentThread
GetNativeSystemInfo
LoadLibraryW
GetProcAddress
LocalFree
FreeLibrary
GetEnvironmentVariableA
ReadFile
GetSystemTimeAsFileTime
GetModuleFileNameA
GetCurrentProcess
CloseHandle
HeapAlloc
GetProcessHeap
FormatMessageA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetCommandLineW
GetStdHandle
MultiByteToWideChar
MoveFileExA
WideCharToMultiByte
CompareStringW
CreateDirectoryW
ReadConsoleW
GetFileAttributesExW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
CreateFileW
HeapSize
WriteConsoleW
SetEndOfFile
GetFileAttributesA
VirtualQuery
FlsFree
FlsSetValue
FlsGetValue
GetCurrentThreadId
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
RtlUnwind
GetModuleHandleW
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
WriteFile
HeapFree
GetFileType
GetFileSizeEx
SetFilePointerEx
GetTimeZoneInformation
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
FlsAlloc

user32

MessageBoxW

advapi32

LookupPrivilegeValueW
CreateServiceA
AdjustTokenPrivileges
SetFileSecurityW
SetSecurityDescriptorOwner
CloseServiceHandle
AllocateAndInitializeSid
OpenSCManagerA
CopySid
DeleteService
OpenProcessToken
FreeSid
GetFileSecurityW
CheckTokenMembership
InitializeSecurityDescriptor
GetLengthSid
OpenServiceA
GetTokenInformation
RegCloseKey
RegSetValueExW
RegQueryValueExW

shell32

ord730
CommandLineToArgvW

Sections

.text
Size: 400KB - Virtual size: 399KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vddinstall.bat
vdduninstall.bat
vusb/parsec-vud.exe
.exe windows:4 windows x86 arch:x86

56a78d55f3f7af51443e58e0ce2fb5f6

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:68:12:e8:33:50:f1:ad:f4:e9:d5:67:f3:cf:82:5b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

26-04-2023 00:00

Not After

03-01-2025 23:59

Subject

SERIALNUMBER=6033210,CN=Parsec Cloud\, Inc.,O=Parsec Cloud\, Inc.,L=New York,ST=New York,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1c:02:7f:24:e8:0f:4a:7f:ab:eb:c8:8f:47:9e:80:86:ec:cb:e7:41:ae:70:7e:4c:59:d4:db:31:83:d1:18:f6
Signer

Actual PE Digest

1c:02:7f:24:e8:0f:4a:7f:ab:eb:c8:8f:47:9e:80:86:ec:cb:e7:41:ae:70:7e:4c:59:d4:db:31:83:d1:18:f6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
CreateFileW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 164KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

5e62e8e248e7364886b604bd1fcf4c13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
GetUserNameW

kernel32

GlobalFree
GetVersion
GlobalAlloc
CloseHandle
GetModuleHandleA
GetLastError
GetCurrentProcess
GetCurrentThread
GetProcAddress
lstrcpynW

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 714B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 705B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

6b5c4f7d679059f68f1269aad3a5cecd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
lstrcpyW
MulDiv
lstrlenW
HeapFree
GetCurrentDirectoryW
lstrcmpiW
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
SetCurrentDirectoryW
HeapAlloc

user32

DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
GetPropW
CharPrevW
DrawFocusRect
GetWindowLongW
DrawTextW
GetClientRect
SetWindowLongW
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamW
MapDialogRect
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
CharNextW
SendMessageW
MapWindowPoints
RemovePropW
GetWindowTextW

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

c1c7505e1e6e929ebb6b9100e55b050a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
IsTextUnicode

user32

wsprintfW
CharNextExA
SendMessageW
FindWindowExW
CharNextW
CharPrevW

kernel32

CreatePipe
DeleteFileW
lstrcmpiW
GetCommandLineW
ExitProcess
Sleep
TerminateProcess
GlobalReAlloc
MultiByteToWideChar
IsDBCSLeadByteEx
ReadFile
PeekNamedPipe
GetExitCodeProcess
WaitForSingleObject
GetTickCount
lstrcpyW
CreateProcessW
GetStartupInfoW
CreateFileMappingW
GetVersion
GetCurrentProcess
lstrcpynW
lstrlenW
lstrcatW
CloseHandle
UnmapViewOfFile
MapViewOfFile
GlobalFree
CreateFileW
CopyFileW
GetTempFileNameW
GlobalAlloc
GetModuleFileNameW
GetProcAddress
GetModuleHandleA

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nefconc.exe
.exe windows:6 windows x64 arch:x64

dc815f97913fd406254f26cfd8b6c644

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:68:12:e8:33:50:f1:ad:f4:e9:d5:67:f3:cf:82:5b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

26-04-2023 00:00

Not After

03-01-2025 23:59

Subject

SERIALNUMBER=6033210,CN=Parsec Cloud\, Inc.,O=Parsec Cloud\, Inc.,L=New York,ST=New York,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ea:63:23:7b:ae:89:d8:d4:3f:bc:c6:9e:3b:e6:26:8d:02:5f:5f:16:60:62:1d:ea:94:88:b4:91:42:d0:31:4b
Signer

Actual PE Digest

ea:63:23:7b:ae:89:d8:d4:3f:bc:c6:9e:3b:e6:26:8d:02:5f:5f:16:60:62:1d:ea:94:88:b4:91:42:d0:31:4b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

rpcrt4

UuidFromStringA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

setupapi

SetupDiCreateDeviceInfoW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiCreateDeviceInfoList
SetupFindFirstLineW
SetupOpenInfFileW
InstallHinfSectionW
SetupDiGetActualSectionToInstallW
SetupDiCallClassInstaller
SetupDiBuildDriverInfoList
SetupDiGetDriverInfoDetailW
SetupDiEnumDriverInfoW
SetupDiDestroyDriverInfoList
SetupDiSetDeviceRegistryPropertyW
SetupCloseInfFile
SetupDiOpenClassRegKey

kernel32

GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
SetLastError
lstrlenW
LocalAlloc
GetLastError
GetCurrentThread
GetNativeSystemInfo
LoadLibraryW
GetProcAddress
LocalFree
FreeLibrary
GetEnvironmentVariableA
EnumSystemLocalesW
GetSystemTimeAsFileTime
GetModuleFileNameA
GetCurrentProcess
CloseHandle
HeapAlloc
GetProcessHeap
FormatMessageA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetStdHandle
MultiByteToWideChar
MoveFileExA
WideCharToMultiByte
FlsFree
ReadFile
CreateDirectoryW
ReadConsoleW
GetFileAttributesExW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
CreateFileW
HeapSize
WriteConsoleW
SetEndOfFile
GetFileAttributesA
FlsSetValue
FlsGetValue
GetCurrentThreadId
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery
RtlUnwind
GetModuleHandleW
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
WriteFile
GetCommandLineA
GetCommandLineW
HeapFree
GetFileType
GetFileSizeEx
SetFilePointerEx
GetTimeZoneInformation
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
FlsAlloc

user32

MessageBoxW

advapi32

LookupPrivilegeValueW
CreateServiceA
AdjustTokenPrivileges
SetFileSecurityW
SetSecurityDescriptorOwner
CloseServiceHandle
AllocateAndInitializeSid
OpenSCManagerA
CopySid
DeleteService
OpenProcessToken
FreeSid
GetFileSecurityW
CheckTokenMembership
InitializeSecurityDescriptor
GetLengthSid
OpenServiceA
GetTokenInformation
RegCloseKey
RegSetValueExW
RegQueryValueExW

shell32

ord730

Sections

.text
Size: 406KB - Virtual size: 406KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nefconw.exe
.exe windows:6 windows x64 arch:x64

d08a75f41a2a78d420d594fc0d2927fb

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:68:12:e8:33:50:f1:ad:f4:e9:d5:67:f3:cf:82:5b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

26-04-2023 00:00

Not After

03-01-2025 23:59

Subject

SERIALNUMBER=6033210,CN=Parsec Cloud\, Inc.,O=Parsec Cloud\, Inc.,L=New York,ST=New York,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c2:4b:b9:d2:ca:f0:c5:9a:5b:68:20:95:7d:34:27:d0:58:73:c7:47:3f:14:db:76:52:53:ca:cc:3a:f4:90:1e
Signer

Actual PE Digest

c2:4b:b9:d2:ca:f0:c5:9a:5b:68:20:95:7d:34:27:d0:58:73:c7:47:3f:14:db:76:52:53:ca:cc:3a:f4:90:1e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

rpcrt4

UuidFromStringA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

setupapi

SetupDiCreateDeviceInfoW
SetupDiDestroyDeviceInfoList
SetupDiOpenClassRegKey
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiCreateDeviceInfoList
SetupFindFirstLineW
SetupOpenInfFileW
InstallHinfSectionW
SetupDiGetActualSectionToInstallW
SetupDiCallClassInstaller
SetupDiBuildDriverInfoList
SetupDiGetDriverInfoDetailW
SetupDiEnumDriverInfoW
SetupDiDestroyDriverInfoList
SetupDiSetDeviceRegistryPropertyW
SetupCloseInfFile

kernel32

EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
SetLastError
lstrlenW
LocalAlloc
GetLastError
GetCurrentThread
GetNativeSystemInfo
LoadLibraryW
GetProcAddress
LocalFree
FreeLibrary
GetEnvironmentVariableA
ReadFile
GetSystemTimeAsFileTime
GetModuleFileNameA
GetCurrentProcess
CloseHandle
HeapAlloc
GetProcessHeap
FormatMessageA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetCommandLineW
GetStdHandle
MultiByteToWideChar
MoveFileExA
WideCharToMultiByte
CompareStringW
CreateDirectoryW
ReadConsoleW
GetFileAttributesExW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
CreateFileW
HeapSize
WriteConsoleW
SetEndOfFile
GetFileAttributesA
VirtualQuery
FlsFree
FlsSetValue
FlsGetValue
GetCurrentThreadId
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
RtlUnwind
GetModuleHandleW
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
WriteFile
HeapFree
GetFileType
GetFileSizeEx
SetFilePointerEx
GetTimeZoneInformation
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
FlsAlloc

user32

MessageBoxW

advapi32

LookupPrivilegeValueW
CreateServiceA
AdjustTokenPrivileges
SetFileSecurityW
SetSecurityDescriptorOwner
CloseServiceHandle
AllocateAndInitializeSid
OpenSCManagerA
CopySid
DeleteService
OpenProcessToken
FreeSid
GetFileSecurityW
CheckTokenMembership
InitializeSecurityDescriptor
GetLengthSid
OpenServiceA
GetTokenInformation
RegCloseKey
RegSetValueExW
RegQueryValueExW

shell32

ord730
CommandLineToArgvW

Sections

.text
Size: 400KB - Virtual size: 399KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
parsecvirtualds/parsecvirtualds.cat
parsecvirtualds/parsecvirtualds.inf
parsecvirtualds/parsecvirtualds.sys
.sys windows:10 windows x64 arch:x64

f01e1990a206fe785af77a679de65148

Code Sign

33:00:00:00:69:9d:42:c9:76:75:b5:08:82:00:00:00:00:00:69
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-01-2024 20:09

Not After

10-01-2025 20:09

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:46:64:e6:11:d0:9a:d0:23:81:d0:c7:be:6d:30:63:4a:13:89:30:b5:80:8c:1e:8c:02:ef:fb:dd:64:ee:d3
Signer

Actual PE Digest

27:46:64:e6:11:d0:9a:d0:23:81:d0:c7:be:6d:30:63:4a:13:89:30:b5:80:8c:1e:8c:02:ef:fb:dd:64:ee:d3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\gitsrc\parsec-cloud\usb-ip\parsecvirtualds\src\x64\Release\parsecvirtualds.pdb

Imports

ntoskrnl.exe

RtlCopyUnicodeString
RtlInitUnicodeString
IoWMIRegistrationControl
MmGetSystemRoutineAddress
DbgPrintEx

wpprecorder.sys

imp_WppRecorderReplay
WppAutoLogStart
WppAutoLogTrace
WppAutoLogStop

wdfldr.sys

WdfVersionUnbindClass
WdfVersionBindClass
WdfVersionUnbind
WdfLdrQueryInterface
WdfVersionBind

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
parsecvusba/parsecvusba.cat
parsecvusba/parsecvusba.inf
parsecvusba/parsecvusba.sys
.sys windows:10 windows x64 arch:x64

e2cb31bf22facd54c25fa4bd37cc336d

Code Sign

33:00:00:00:69:9d:42:c9:76:75:b5:08:82:00:00:00:00:00:69
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-01-2024 20:09

Not After

10-01-2025 20:09

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:01:97:b4:b9:9d:d8:b8:7e:87:99:65:64:9a:52:33:52:b5:91:13:d4:02:67:93:14:e7:77:97:eb:cc:de:e9
Signer

Actual PE Digest

0b:01:97:b4:b9:9d:d8:b8:7e:87:99:65:64:9a:52:33:52:b5:91:13:d4:02:67:93:14:e7:77:97:eb:cc:de:e9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\gitsrc\parsec-cloud\usb-ip\pcvudhc\x64\Release\parsecvusba.pdb

Imports

ntoskrnl.exe

RtlRandomEx
KeInitializeSpinLock
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
strcmp
RtlAssert
SeTokenIsAdmin
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
ZwOpenEvent
ExEventObjectType
strncpy_s
_vsnprintf
ExAllocatePoolWithTag
sprintf_s
ZwOpenKey
ZwQueryValueKey
KeCapturePersistentThreadState
ZwWriteFile
NtBuildNumber
DbgPrintEx
RtlCaptureContext
KeDeregisterBugCheckReasonCallback
KeRegisterBugCheckReasonCallback
KeResetEvent
IoWMIRegistrationControl
MmGetSystemRoutineAddress
RtlAnsiCharToUnicodeChar
KeSetEvent
KeDelayExecutionThread
swprintf_s
KeWaitForSingleObject
KeInitializeEvent
RtlCompareUnicodeString
KeClearEvent
RtlCopyUnicodeString
RtlInitUnicodeString
IoGetDeviceInterfaces
ExFreePoolWithTag
RtlCompareMemory

ext-ms-win-ntos-werkernel-l1-1-1

WerLiveKernelCloseHandle
WerLiveKernelOpenDumpFile
WerLiveKernelCancelReport
WerLiveKernelCreateReport
WerLiveKernelSubmitReport

hal

KeQueryPerformanceCounter

wpprecorder.sys

imp_WppRecorderLogGetDefault
imp_WppRecorderLogDelete
imp_WppRecorderLogCreate
imp_WppRecorderReplay
WppAutoLogStop
WppAutoLogStart
WppAutoLogTrace
imp_WppRecorderIsDefaultLogAvailable

wdfldr.sys

WdfVersionBind
WdfLdrQueryInterface
WdfVersionUnbind
WdfVersionUnbindClass
WdfVersionBindClass

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGED
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vusbinstall.bat
vusbuninstall.bat
wscripts/firewall-add.vbs
.vbs
wscripts/firewall-remove.vbs
.vbs
wscripts/legacy-cleanup.vbs
.vbs
wscripts/service-install.vbs
.vbs
wscripts/service-kill-parsec.vbs
.vbs
wscripts/service-remove.vbs
.vbs

Sharing

General

Malware Config

Signatures

Files

56a78d55f3f7af51443e58e0ce2fb5f6

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

09:68:12:e8:33:50:f1:ad:f4:e9:d5:67:f3:cf:82:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

e6:b7:1f:72:45:79:98:f6:26:36:94:74:3f:7d:63:5b:6c:0a:0e:94:dc:44:f6:5b:6c:20:cc:6a:26:ed:68:8fSigner

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1KB - Virtual size: 172KB

.ndata Size: - Virtual size: 188KB

.rsrc Size: 114KB - Virtual size: 113KB

9b38d46d6882ee63437c721734be794c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

ole32

shlwapi

Exports

Exports

Sections

.text Size: 122KB - Virtual size: 121KB

.rdata Size: 58KB - Virtual size: 57KB

.data Size: 3KB - Virtual size: 6KB

.gfids Size: 1024B - Virtual size: 536B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 120B

.reloc Size: 1024B - Virtual size: 662B

6b5c4f7d679059f68f1269aad3a5cecd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

09:68:12:e8:33:50:f1:ad:f4:e9:d5:67:f3:cf:82:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

e6:b7:1f:72:45:79:98:f6:26:36:94:74:3f:7d:63:5b:6c:0a:0e:94:dc:44:f6:5b:6c:20:cc:6a:26:ed:68:8f
Signer

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1KB - Virtual size: 172KB

.ndata
Size: - Virtual size: 188KB

.rsrc
Size: 114KB - Virtual size: 113KB

.text
Size: 122KB - Virtual size: 121KB

.rdata
Size: 58KB - Virtual size: 57KB

.data
Size: 3KB - Virtual size: 6KB

.gfids
Size: 1024B - Virtual size: 536B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 662B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 638B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 420B

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

09:68:12:e8:33:50:f1:ad:f4:e9:d5:67:f3:cf:82:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

b8:f6:23:f1:9a:9f:e8:f4:0b:27:a0:a4:bb:06:37:be:a8:33:17:3a:d2:cf:7d:54:b0:04:f9:e0:b8:d1:5b:bb
Signer

.text
Size: 146KB - Virtual size: 146KB

.rdata
Size: 63KB - Virtual size: 63KB

.data
Size: 3KB - Virtual size: 12KB

.pdata
Size: 7KB - Virtual size: 7KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 220KB - Virtual size: 219KB

.reloc
Size: 2KB - Virtual size: 1KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate